Slow computer - high CPU usage, frustrating browsing

View previous topic View next topic Go down

Solved Slow computer - high CPU usage, frustrating browsing

Post by Chris Whitham on 1st April 2010, 8:46 pm

Hi!
I posted this question yesterday and Gabethebabe referred me to this forum:

"Hi. I'm fairly new to internet. I use GoogleChrome (also IE at times). I have wireless internet connection (3G).
Recently intenet connection has become very slow. When connected to internet, the CPU usage is usually 100%, never less than 50%. Even when not connected to the internet, opening and closing files has become painfully slow and CPU usage is high half the time.
I see a time coincidence with many "pavjob.exe" errors coming up.
I ran 2 virus/malware programs which found very little (admanager and doubleclick, which I think are "Yahoo.com" cookies). However, since running these, my system will not restore - as if a major file has been deleted.
I've also noticed at times, the CPU usage shows 20% with a peak up to 60% or so every 5 seconds for several minutes at a time. Nothing will open or save while this is happening.
I've checked out earlier similar topics on your site, but they're a little overwhelming with program titles and not-understood words. I don't want to try to follow them and do something destructive.
Can you help, please?
"

I've tried to do the downloads you recommend in your "read this first" article. Adobe is up-to-date, but I cannot get Java JRE. I've got to the point of downloading 6 times. The download starts and runs fine to a point (twice it got up to 5.4 out of 15.1, three times up to 6.3 and once up to 13.3) but then just stops and the "time remaining for download" starts going up from 2 minutes to 5 then 10 (one time I waited 15 minutes and the time remaining was estimated as 40 minutes).

The same thing is happening with Microsoft Office (smaller updates have gone through fine, and installed OK).
Is there any hope?? :sad:
Thanks, Chris

Chris Whitham
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-03-31
Gender Gender : Male
OS OS : windows XP
Points Points : 24562
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Belahzur on 1st April 2010, 11:24 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Chris Whitham on 2nd April 2010, 11:14 am

Thanks a lot - here we go:

OTL logfile created on: 02/04/2010 11:05:08 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\gg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 61.00 Mb Available Physical Memory | 24.00% Memory free
696.00 Mb Paging File | 114.00 Mb Available in Paging File | 16.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.83 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 25.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JJ-9EB41A800807
Current User Name: gg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/02 10:58:48 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gg\Desktop\OTL.exe
PRC - [2010/03/15 14:47:22 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/12/03 13:39:00 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/25 13:51:04 | 000,906,496 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
PRC - [2009/09/17 13:17:26 | 000,291,584 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSRV51.EXE
PRC - [2009/09/07 17:40:04 | 000,198,400 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
PRC - [2009/08/25 14:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\psksvc.exe
PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrlS.exe
PRC - [2009/08/10 14:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
PRC - [2009/04/23 13:31:16 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\WebProxy.exe
PRC - [2009/04/17 11:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
PRC - [2009/04/08 11:56:24 | 000,226,560 | ---- | M] (Panda Security International) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\FIREWALL\PSHost.exe
PRC - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/04/02 10:58:48 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gg\Desktop\OTL.exe
MOD - [2010/02/17 12:44:18 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/09/17 13:17:26 | 000,291,584 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe -- (PAVSRV)
SRV - [2009/08/25 14:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe -- (PskSvcRetail)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/08/10 14:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2009/04/17 11:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe -- (TPSrv)
SRV - [2009/04/08 11:56:24 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE -- (PSHost)
SRV - [2008/07/02 15:09:36 | 000,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll -- (Gwmsrv)
SRV - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - [2010/03/15 14:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/03/15 14:47:30 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/01/28 13:34:32 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/01/28 13:34:32 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/10/01 00:07:44 | 000,075,016 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2009/09/09 11:29:18 | 000,199,432 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\neti1639.sys -- (NETIMFLT01060039)
DRV - [2009/06/30 18:17:12 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 14:33:02 | 000,046,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/06/16 14:33:00 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/06/16 14:32:58 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2009/06/16 14:32:58 | 000,053,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/03/25 07:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/12/30 11:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/04/28 18:35:14 | 000,084,024 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2008/03/28 12:25:06 | 000,022,072 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2008/03/04 16:59:42 | 000,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/15 19:45:30 | 000,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/13 19:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 19:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 19:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/06 21:40:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/27 12:00:43 | 000,380,956 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13124 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vodafone.co.uk ([help] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [You must be registered and logged in to see this link.] (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
O24 - Desktop WallPaper: C:\Documents and Settings\gg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/18 18:05:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/12/08 17:24:46 | 000,027,750 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/10/29 20:25:38 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c2f82be4-d2c7-11de-a7c6-000c7649e747}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f82be4-d2c7-11de-a7c6-000c7649e747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f82be4-d2c7-11de-a7c6-000c7649e747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c2f82be6-d2c7-11de-a7c6-000c7649e747}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f82be6-d2c7-11de-a7c6-000c7649e747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f82be6-d2c7-11de-a7c6-000c7649e747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c2f82be9-d2c7-11de-a7c6-000c7649e747}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f82be9-d2c7-11de-a7c6-000c7649e747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2f82be9-d2c7-11de-a7c6-000c7649e747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d731da08-0cbd-11df-a85c-000c7649e747}\Shell - "" = AutoRun
O33 - MountPoints2\{d731da08-0cbd-11df-a85c-000c7649e747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d731da08-0cbd-11df-a85c-000c7649e747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e8c33294-0a5b-11df-a856-000c7649e747}\Shell - "" = AutoRun
O33 - MountPoints2\{e8c33294-0a5b-11df-a856-000c7649e747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8c33294-0a5b-11df-a856-000c7649e747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f5ef9a1c-26c5-11df-a888-000c7649e747}\Shell - "" = AutoRun
O33 - MountPoints2\{f5ef9a1c-26c5-11df-a888-000c7649e747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5ef9a1c-26c5-11df-a888-000c7649e747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f5ef9a21-26c5-11df-a888-000c7649e747}\Shell - "" = AutoRun
O33 - MountPoints2\{f5ef9a21-26c5-11df-a888-000c7649e747}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5ef9a21-26c5-11df-a888-000c7649e747}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/12 18:17:48 | 000,148,960 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/02 10:56:39 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gg\Desktop\OTL.exe
[2010/03/31 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gg\Application Data\Facebook
[2010/03/29 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gg\My Documents\Downloads
[2010/03/27 23:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gg\Application Data\Birdstep Technology
[2010/03/27 23:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Birdstep Technology
[2010/03/26 14:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/26 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/17 01:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2010/03/16 17:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive
[2010/03/16 16:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2010/03/16 13:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive
[2010/03/16 13:24:26 | 000,305,152 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010/03/12 20:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gg\My Documents\sense
[2010/03/12 14:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/03/12 14:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010/03/12 14:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2010/03/10 22:39:10 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/03 14:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology
[2010/03/03 14:07:37 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbdev.sys
[2010/03/01 15:01:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/01 15:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/05 00:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/29 12:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/29 12:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/19 12:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/12/03 22:09:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/03 22:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/25 03:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2009/11/25 03:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/11/25 03:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/11/25 03:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/02 11:10:26 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2010/04/02 11:10:26 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2010/04/02 10:58:48 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gg\Desktop\OTL.exe
[2010/04/02 10:31:32 | 000,265,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/04/02 10:31:32 | 000,265,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/04/02 10:31:16 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010/04/02 10:31:16 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010/04/02 10:31:16 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2010/04/02 10:31:16 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2010/04/02 10:31:16 | 000,000,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2010/04/02 10:31:16 | 000,000,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2010/04/02 10:31:16 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2010/04/02 10:31:16 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2010/04/02 10:31:16 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2010/04/02 10:31:16 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2010/04/02 10:31:16 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2010/04/02 10:31:16 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2010/04/02 10:31:09 | 000,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2010/04/02 10:31:09 | 000,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2010/04/02 10:28:28 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/02 10:27:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2010/04/02 10:27:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2010/04/02 10:27:13 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/02 10:24:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/02 10:24:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/02 10:23:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/02 10:22:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/02 10:22:47 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 00:06:09 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\gg\ntuser.dat
[2010/04/02 00:06:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\gg\ntuser.ini
[2010/04/01 20:04:07 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-725345543-1003UA.job
[2010/04/01 20:01:03 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-725345543-1008UA.job
[2010/04/01 20:01:03 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-725345543-1008Core.job
[2010/04/01 20:00:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Panda Antivirus Pro 2010.job
[2010/04/01 11:26:28 | 005,862,744 | -H-- | M] () -- C:\Documents and Settings\gg\Local Settings\Application Data\IconCache.db
[2010/04/01 00:21:04 | 000,021,117 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\A911P_SP717_29_FJ942a.jpg
[2010/04/01 00:19:39 | 000,020,853 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDe.jpg
[2010/04/01 00:18:08 | 000,018,498 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDeta.jpg
[2010/04/01 00:11:15 | 000,014,906 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDetailai.jpg
[2010/03/31 23:58:12 | 000,013,153 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDetailM.jpg
[2010/03/31 23:56:35 | 000,017,580 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDetailMai.jpg
[2010/03/31 23:53:24 | 000,017,407 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDetailMain.jpg
[2010/03/31 23:51:38 | 000,012,720 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDetailMainT.jpg
[2010/03/31 23:51:38 | 000,012,720 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\prodDet.jpg
[2010/03/31 23:49:42 | 000,013,751 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortra.jpg
[2010/03/31 23:49:41 | 000,010,658 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortrait.jpg
[2010/03/31 23:45:01 | 000,009,880 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\A001P_SP185_04_FA01A.jpg
[2010/03/31 23:41:39 | 000,010,141 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortrai.jpg
[2010/03/31 23:41:38 | 000,011,714 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortraitT.jpg
[2010/03/31 17:59:05 | 000,050,065 | ---- | M] () -- C:\Documents and Settings\gg\Desktop\kizzi.jpg
[2010/03/31 13:47:55 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-725345543-1003Core.job
[2010/03/28 09:42:35 | 000,335,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 09:42:35 | 000,047,890 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 09:42:34 | 000,389,346 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/27 23:51:17 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2010/03/27 12:00:43 | 000,380,956 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/27 02:02:11 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2010/03/24 22:05:26 | 000,064,618 | ---- | M] () -- C:\Documents and Settings\gg\Desktop\services.xlsx
[2010/03/20 19:40:10 | 000,317,852 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\100320_125328.jpg
[2010/03/18 19:01:31 | 000,012,849 | ---- | M] () -- C:\Documents and Settings\gg\My Documents\Jordan eml.docx
[2010/03/17 16:08:38 | 000,011,496 | ---- | M] () -- C:\Documents and Settings\gg\My Documents\Family address.docx
[2010/03/17 01:36:04 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tiger Woods PGA TOUR 2000.lnk
[2010/03/17 00:13:42 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Championship Manager 4.lnk
[2010/03/16 18:02:11 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\gg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/16 14:00:25 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WWTBAM 2nd Edition.lnk
[2010/03/16 12:49:17 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/16 12:46:03 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/13 02:18:18 | 000,114,965 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\haley whitham logo.jpg
[2010/03/12 22:12:44 | 000,029,110 | ---- | M] () -- C:\Documents and Settings\gg\My Documents\senses.slw
[2010/03/12 20:01:07 | 000,013,189 | ---- | M] () -- C:\Documents and Settings\gg\Desktop\untitled.JPG
[2010/03/12 14:34:43 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Virtual City (2).lnk
[2010/03/11 01:55:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 15:51:12 | 000,011,573 | ---- | M] () -- C:\Documents and Settings\gg\My Documents\stewart'sletter.docx
[2010/03/07 15:28:47 | 000,000,617 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/05 13:22:38 | 000,071,547 | R--- | M] () -- C:\Documents and Settings\gg\My Documents\services to Mar 2010.xlsx
[2010/03/03 14:07:19 | 000,071,259 | ---- | M] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/01 00:35:27 | 000,012,720 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDet.jpg
[2010/04/01 00:21:18 | 000,021,117 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\A911P_SP717_29_FJ942a.jpg
[2010/04/01 00:20:57 | 000,020,853 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDe.jpg
[2010/04/01 00:18:39 | 000,018,498 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDeta.jpg
[2010/04/01 00:12:29 | 000,014,906 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDetailai.jpg
[2010/03/31 23:59:03 | 000,013,153 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDetailM.jpg
[2010/03/31 23:57:11 | 000,017,580 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDetailMai.jpg
[2010/03/31 23:54:15 | 000,017,407 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDetailMain.jpg
[2010/03/31 23:52:30 | 000,012,720 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\prodDetailMainT.jpg
[2010/03/31 23:51:20 | 000,013,751 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortra.jpg
[2010/03/31 23:50:18 | 000,010,658 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortrait.jpg
[2010/03/31 23:48:32 | 000,010,141 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortrai.jpg
[2010/03/31 23:48:05 | 000,011,714 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gallery4ColPortraitT.jpg
[2010/03/31 23:47:03 | 000,009,880 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\A001P_SP185_04_FA01A.jpg
[2010/03/31 17:59:05 | 000,050,065 | ---- | C] () -- C:\Documents and Settings\gg\Desktop\kizzi.jpg
[2010/03/29 15:41:47 | 000,114,965 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\haley whitham logo.jpg
[2010/03/27 23:51:17 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2010/03/27 23:50:33 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2010/03/20 19:43:23 | 000,317,852 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\100320_125328.jpg
[2010/03/19 13:13:45 | 000,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010/03/18 17:47:27 | 000,012,849 | ---- | C] () -- C:\Documents and Settings\gg\My Documents\Jordan eml.docx
[2010/03/17 01:36:04 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tiger Woods PGA TOUR 2000.lnk
[2010/03/17 00:13:42 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Championship Manager 4.lnk
[2010/03/16 14:00:25 | 000,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WWTBAM 2nd Edition.lnk
[2010/03/12 22:12:44 | 000,029,110 | ---- | C] () -- C:\Documents and Settings\gg\My Documents\senses.slw
[2010/03/12 14:34:43 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Virtual City (2).lnk
[2010/03/10 15:41:50 | 000,011,573 | ---- | C] () -- C:\Documents and Settings\gg\My Documents\stewart'sletter.docx
[2010/03/09 23:48:02 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-725345543-1008UA.job
[2010/03/09 23:48:00 | 000,000,932 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-725345543-1008Core.job
[2010/03/09 11:29:51 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\gg\Desktop\Calculator.lnk
[2010/03/05 13:20:01 | 000,071,547 | R--- | C] () -- C:\Documents and Settings\gg\My Documents\services to Mar 2010.xlsx
[2009/11/01 12:58:50 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\gg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 15:26:31 | 000,008,047 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/29 23:42:20 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2009/03/11 20:01:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2009/03/03 13:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93CBF2B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 02/04/2010 11:05:09 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\gg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.00 Mb Total Physical Memory | 61.00 Mb Available Physical Memory | 24.00% Memory free
696.00 Mb Paging File | 114.00 Mb Available in Paging File | 16.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.83 Gb Free Space | 77.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 25.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JJ-9EB41A800807
Current User Name: gg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F20D6B-F211-486F-93DA-DA68AF7FE55F}" = WWTBAM 2nd Edition
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{590B11BB-7FF9-4D4F-A9E8-E8165BF88381}" = Panda Antivirus Pro 2010
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{471159EB-BECC-453C-B6F2-FE4FAB29B3F3}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9092875A-D6E1-4B76-84F5-F9C0C6E14D10}" = ArcSoft PhotoImpression 6
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2010
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Huawei Modems" = Huawei modem
"ie8" = Windows Internet Explorer 8
"InstallShield_{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Tiger Woods PGA TOUR 2000" = Tiger Woods PGA TOUR 2000
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/03/2010 12:06:53 | Computer Name = JJ-9EB41A800807 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/03/2010 12:06:54 | Computer Name = JJ-9EB41A800807 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/03/2010 08:34:15 | Computer Name = JJ-9EB41A800807 | Source = Google Update | ID = 20
Description =

Error - 30/03/2010 08:53:51 | Computer Name = JJ-9EB41A800807 | Source = Google Update | ID = 20
Description =

Error - 30/03/2010 14:01:38 | Computer Name = JJ-9EB41A800807 | Source = Google Update | ID = 20
Description =

Error - 31/03/2010 07:07:26 | Computer Name = JJ-9EB41A800807 | Source = Application Error | ID = 1000
Description = Faulting application pavjobs.exe, version 10.9.4.1, faulting module
unknown, version 0.0.0.0, fault address 0x03d72252.

Error - 31/03/2010 12:21:42 | Computer Name = JJ-9EB41A800807 | Source = Application Error | ID = 1000
Description = Faulting application pavjobs.exe, version 10.9.4.1, faulting module
unknown, version 0.0.0.0, fault address 0x03d72252.

Error - 31/03/2010 18:13:34 | Computer Name = JJ-9EB41A800807 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 31/03/2010 19:45:51 | Computer Name = JJ-9EB41A800807 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 01/04/2010 05:31:03 | Computer Name = JJ-9EB41A800807 | Source = Application Error | ID = 1000
Description = Faulting application pavjobs.exe, version 10.9.4.1, faulting module
unknown, version 0.0.0.0, fault address 0x03b62252.

[ System Events ]
Error - 31/03/2010 19:35:43 | Computer Name = JJ-9EB41A800807 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}.
The
error: "%121" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Smart
Web Printing\hpswp_clipbook.exe" -Embedding

Error - 31/03/2010 19:39:18 | Computer Name = JJ-9EB41A800807 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}.
The
error: "%121" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Smart
Web Printing\hpswp_clipbook.exe" -Embedding

Error - 01/04/2010 05:02:58 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 01/04/2010 05:02:58 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 01/04/2010 12:44:43 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 02/04/2010 05:24:13 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 02/04/2010 05:24:13 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 02/04/2010 05:26:00 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7022
Description = The Panda On-Access Anti-Malware Service service hung on starting.

Error - 02/04/2010 05:26:45 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 02/04/2010 05:26:46 | Computer Name = JJ-9EB41A800807 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053

< End of report >

Hope that's useful to you!
Best, Chris

Chris Whitham
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-03-31
Gender Gender : Male
OS OS : windows XP
Points Points : 24562
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Belahzur on 2nd April 2010, 1:48 pm

Hello.
What file is it that is hogging the CPU? log looks okay malware wise as far as I can see.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Chris Whitham on 2nd April 2010, 5:11 pm

I'm not sure how to tell.
On the Task Manager, the only applications running are "3connect"(my internet modem/connection) and Google Chrome (browser).
In "processes", Chrome is using 40 MB, Wilog is 24MB, Rapport (Security program) is 16MB - there are lots of others using less than 10MB each. SVCHost shows many times, using 20MB or so total.
I don't know how much they should use.
Thanks for the data on malware - good to hear

Chris Whitham
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-03-31
Gender Gender : Male
OS OS : windows XP
Points Points : 24562
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Belahzur on 2nd April 2010, 6:32 pm

Ah, a collection of files. We can try a few things to make it less troublesome.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Chris Whitham on 2nd April 2010, 8:13 pm

Thanks.
I ran Hijack this with everything else closed - hope that was right.
Here's the log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:56:45, on 02/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe

--
End of file - 10485 bytes

Chris Whitham
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-03-31
Gender Gender : Male
OS OS : windows XP
Points Points : 24562
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Belahzur on 3rd April 2010, 12:20 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Chris Whitham on 3rd April 2010, 8:05 pm

Thank You!
Off line work is just as I need.
Thank You!
Internet use is still a bit slow, but indicators are that this is just my connection, plus high internet traffic this afternoon. I'll wait till I get my cable connection next week.
A couple of final questions if I may:
1. Is it safe enough to run TFC weekly or so?
2. I'll save "Hijack this" too, but is there any use in keeping the "OTL" program and the Log files?.
Where's the best place to post a Commendation? Cheesy Grin (sparkly
Again, Thanks a lot. Donation will follow when my debit card gets above 0 again.

Chris Whitham
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-03-31
Gender Gender : Male
OS OS : windows XP
Points Points : 24562
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Slow computer - high CPU usage, frustrating browsing

Post by Belahzur on 3rd April 2010, 9:43 pm

You can delete OTL and Hijack This, TFC is a good tool to keep around though to clean out temporarily files.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum