unknown items slowing down computer

View previous topic View next topic Go down

unknown items slowing down computer

Post by zhengs on Tue 20 Mar 2012, 9:06 am

I use my computer and I get this lagging where it happens every 2 - 3 minutes or so... Can you check for me please?

OTL logfile created on: 3/19/2012 5:20:59 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\James\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 74.19% Memory free
5.50 Gb Paging File | 4.79 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 165.58 Gb Free Space | 71.10% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/19 17:17:46 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
PRC - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 16:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/14 19:33:30 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/12/16 22:54:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/07 17:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/03/19 00:32:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/29 19:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/01/17 08:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\..\SearchScopes,DefaultScope = {8D5FF465-5B54-4F0D-8509-8F705358B4EE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{8D5FF465-5B54-4F0D-8509-8F705358B4EE}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 00:01:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/04 16:16:45 | 000,000,000 | ---D | M]

[2011/12/14 23:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2012/03/07 19:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\fpbf0boi.default\extensions
[2012/03/07 19:26:00 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\fpbf0boi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/03/13 20:40:11 | 000,002,112 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\fpbf0boi.default\searchplugins\wot-safe-search.xml
[2012/03/04 16:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/04 16:16:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/18 00:01:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/04 16:16:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 17:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/02/12 12:54:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 12:54:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/04 16:13:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47271F21-5C87-42CD-8F13-ED0BF561FAB1}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 17:18:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\James\Desktop\aswMBR.exe
[2012/03/19 17:17:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2012/03/19 00:36:18 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.Z...ZZ..Z
[2012/03/19 00:32:39 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/19 00:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/17 16:59:41 | 000,000,000 | ---D | C] -- C:\Users\James\jagexcache
[2012/03/17 16:06:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2012/03/17 16:06:17 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/03/14 16:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/03/14 15:10:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/14 15:10:38 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/03/14 15:10:38 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/03/14 15:10:38 | 010,819,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/03/14 15:10:38 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/03/14 15:10:38 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/03/14 15:10:38 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/03/14 03:01:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/14 03:01:06 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/14 01:49:08 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 01:49:05 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 16:15:30 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/03/13 16:15:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/13 16:15:27 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/13 16:15:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/13 16:15:26 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/07 20:33:50 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Geckofx
[2012/03/07 20:33:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Firefly Studios
[2012/03/07 20:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/03/06 20:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/03/06 20:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2012/03/06 17:25:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/04 22:47:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/04 22:33:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/04 16:27:33 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/04 16:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/04 16:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/04 16:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/04 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/04 16:16:45 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/04 16:16:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/04 16:16:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/02 22:56:26 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/03/02 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/03/02 20:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012/03/02 20:00:06 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\IObit
[2012/03/02 19:54:29 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Easy Duplicate Finder
[2012/02/25 03:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/02/25 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\PunkBuster
[2012/02/23 18:14:07 | 000,876,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2012/02/23 18:14:07 | 000,148,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2012/02/23 18:14:07 | 000,067,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2012/02/23 18:14:07 | 000,027,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll

========== Files - Modified Within 30 Days ==========

[2012/03/19 17:21:35 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 17:21:35 | 000,014,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 17:19:16 | 000,686,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/19 17:19:16 | 000,127,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 17:19:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\James\Desktop\aswMBR.exe
[2012/03/19 17:18:51 | 000,879,700 | ---- | M] () -- C:\Users\James\Desktop\SecurityCheck.exe
[2012/03/19 17:17:46 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2012/03/19 17:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 17:14:10 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 14:35:25 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/19 00:32:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/18 19:55:39 | 000,007,606 | ---- | M] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
[2012/03/18 10:09:04 | 000,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/03/17 20:21:36 | 000,217,465 | ---- | M] () -- C:\Users\James\Desktop\ava_opt_091b.rar
[2012/03/17 16:59:41 | 000,000,044 | ---- | M] () -- C:\Users\James\jagex_cl_runescape_LIVE.dat
[2012/03/06 23:51:43 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/03/06 17:41:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/04 16:27:09 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/04 16:16:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/04 16:16:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/04 16:16:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/04 16:16:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/04 16:13:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/03/02 23:06:33 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/03/02 20:23:12 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/02/29 19:59:00 | 019,444,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/29 19:59:00 | 017,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/29 19:59:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/02/29 19:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/29 19:59:00 | 007,713,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/02/29 19:59:00 | 005,892,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/29 19:59:00 | 002,517,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/29 19:59:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/29 19:59:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/02/29 19:59:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/02/29 19:59:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/02/29 19:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/29 19:59:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/29 16:56:41 | 003,881,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/02/29 16:55:16 | 002,719,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/02/29 16:53:47 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/02/29 16:53:46 | 000,062,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/02/29 16:53:45 | 002,561,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012/02/25 00:31:02 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/02/25 00:10:49 | 000,138,056 | ---- | M] () -- C:\Users\James\AppData\Roaming\PnkBstrK.sys
[2012/02/25 00:10:24 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/02/23 18:20:17 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2012/03/19 17:18:47 | 000,879,700 | ---- | C] () -- C:\Users\James\Desktop\SecurityCheck.exe
[2012/03/19 14:35:05 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/18 19:55:39 | 000,007,606 | ---- | C] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
[2012/03/17 20:21:32 | 000,217,465 | ---- | C] () -- C:\Users\James\Desktop\ava_opt_091b.rar
[2012/03/17 16:59:41 | 000,000,044 | ---- | C] () -- C:\Users\James\jagex_cl_runescape_LIVE.dat
[2012/03/06 20:13:26 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/03/04 16:27:09 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/02 23:06:33 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/03/02 20:23:12 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/02/25 00:31:02 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/02/25 00:10:49 | 000,138,056 | ---- | C] () -- C:\Users\James\AppData\Roaming\PnkBstrK.sys
[2012/02/25 00:10:20 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/12/17 11:41:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/17 11:40:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/03/19 17:19:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\James\Desktop\aswMBR.exe
[2012/03/19 17:18:51 | 000,879,700 | ---- | M] () -- C:\Users\James\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/02/18 00:01:07 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/02/18 00:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/02/18 00:01:06 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/02/18 00:01:06 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/02/23 18:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/03/04 22:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/12/17 12:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/03/19 00:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/12/17 12:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/03/02 20:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2011/12/14 23:55:17 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/02/14 00:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 01:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/03/18 15:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/03/14 15:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2011/12/15 14:31:39 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2012/02/23 16:51:27 | 000,000,000 | ---D | M] -- C:\Program Files\REACTOR
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/12/15 00:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/19 00:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2012/03/11 04:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2011/12/17 12:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/12/17 12:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/12/17 12:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/12/17 12:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/12/17 12:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/12/17 12:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/12/17 12:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/12/16 15:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2012/03/08 19:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft

< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-16 18:41:37

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 00:01:06 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 00:01:06 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 00:01:06 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/18 00:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 00:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 00:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 00:01:06 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 00:01:06 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 00:01:06 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/18 00:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 00:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 00:01:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe"

========== Alternate Data Streams ==========

@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.Z...ZZ..Z:1

< End of report >


OTL Extras logfile created on: 3/19/2012 5:20:59 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\James\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 74.19% Memory free
5.50 Gb Paging File | 4.79 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 165.58 Gb Free Space | 71.10% Space Free | Partition Type: NTFS

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Game Booster_is1" = Game Booster 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 1250" = Killing Floor
"Steam App 440" = Team Fortress 2
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2012 2:35:47 PM | Computer Name = James-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 3/19/2012 2:35:47 PM | Computer Name = James-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 3/19/2012 2:36:26 PM | Computer Name = James-PC | Source = Windows Search Service | ID = 1019
Description =

Error - 3/19/2012 2:36:45 PM | Computer Name = James-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 3/19/2012 2:36:45 PM | Computer Name = James-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 3/19/2012 4:03:47 PM | Computer Name = James-PC | Source = Application Hang | ID = 1002
Description = The program rads_user_kernel.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: adc Start
Time: 01cd060b5dd85530 Termination Time: 47 Application Path: C:\Riot Games\League
of Legends\RADS\system\rads_user_kernel.exe Report Id: a0ee4051-71fe-11e1-b6c2-001d727acf28


Error - 3/19/2012 4:50:18 PM | Computer Name = James-PC | Source = Application Hang | ID = 1002
Description = The program GameBooster.exe version 3.3.1.1454 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: afc Start
Time: 01cd06119570ac94 Termination Time: 52 Application Path: C:\Program Files\IObit\Game
Booster 3\GameBooster.exe Report Id:

Error - 3/19/2012 5:14:50 PM | Computer Name = James-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 3/19/2012 5:14:50 PM | Computer Name = James-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 3/19/2012 5:24:11 PM | Computer Name = James-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 3/19/2012 12:32:52 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/19/2012 12:33:23 AM | Computer Name = James-PC | Source = DCOM | ID = 10005
Description =

Error - 3/19/2012 12:39:32 AM | Computer Name = James-PC | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = The system was hibernated due to a critical thermal event. Hibernate
Time = 2012-03-19T04:39:32.966600000Z ACPI Thermal Zone = ACPI\ThermalZone\TZS0

_HOT = 376K

Error - 3/19/2012 2:35:16 PM | Computer Name = James-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:51:12 AM on ?3/?19/?2012 was unexpected.

Error - 3/19/2012 2:35:47 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 3/19/2012 2:35:47 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 3/19/2012 3:10:45 PM | Computer Name = James-PC | Source = bowser | ID = 8003
Description =

Error - 3/19/2012 3:31:09 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The NPPTNT2 service failed to start due to the following error: %%193

Error - 3/19/2012 3:33:56 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The NPPTNT2 service failed to start due to the following error: %%193

Error - 3/19/2012 3:55:44 PM | Computer Name = James-PC | Source = BROWSER | ID = 8009
Description =


< End of report >


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 17:48:51
-----------------------------
17:48:51.625 OS Version: Windows 6.1.7601 Service Pack 1
17:48:51.625 Number of processors: 2 586 0x301
17:48:51.625 ComputerName: JAMES-PC UserName: James
17:48:53.575 Initialize success
17:51:38.572 AVAST engine defs: 12031700
17:52:24.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
17:52:24.873 Disk 0 Vendor: TOSHIBA_MK2552GSX LV011C Size: 238475MB BusType: 3
17:52:24.920 Disk 0 MBR read successfully
17:52:24.920 Disk 0 MBR scan
17:52:24.935 Disk 0 Windows 7 default MBR code
17:52:24.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
17:52:24.966 Disk 0 scanning sectors +488392065
17:52:25.076 Disk 0 scanning C:\Windows\system32\drivers
17:52:41.078 Service scanning
17:53:24.196 Modules scanning
17:53:40.810 Disk 0 trace - called modules:
17:53:40.950 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:53:40.950 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b987a0]
17:53:40.950 3 CLASSPNP.SYS[8a99059e] -> nt!IofCallDriver -> [0x84dfb608]
17:53:40.950 5 ACPI.sys[8a39a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x84df7908]
17:53:43.571 AVAST engine scan C:\Windows
17:53:46.566 AVAST engine scan C:\Windows\system32
17:59:58.680 AVAST engine scan C:\Windows\system32\drivers
18:00:23.495 AVAST engine scan C:\Users\James
18:01:24.070 AVAST engine scan C:\ProgramData
18:01:37.310 Scan finished successfully
18:06:05.550 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
18:06:05.565 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.63
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````





zhengs

Senior Surfer
Senior Surfer

Posts : 228
Joined : 2009-01-03
Operating System : Windows Vista

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by Superdave on Wed 21 Mar 2012, 5:10 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by zhengs on Thu 22 Mar 2012, 5:37 am

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 03/21/2012 at 00:42 AM

Application Version : 5.0.1146

Core Rules Database Version : 8359
Trace Rules Database Version: 6171

Scan type : Complete Scan
Total Scan Time : 01:15:53

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 33953
Registry threats detected : 0
File items scanned : 80226
File threats detected : 207

Adware.Tracking Cookie
ia.media-imdb.com [ C:\USERS\JAMES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FSLJW38 ]
.insightexpressai.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.game-advertising-online.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.cxtrack.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.www.cxtrack.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
cdmedia.rotator.hadj7.adjuggler.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
cdmedia.rotator.hadj7.adjuggler.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.elitewow.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.elitewow.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.elitewow.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.warnerbros.112.2o7.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.cxtrack.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.www.cxtrack.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.cxtrack.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.www.cxtrack.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
gottracked.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.redorbit.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ads.redorbit.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
cdmedia.rotator.hadj7.adjuggler.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.velmedia.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.rotator.wigetmedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FPBF0BOI.DEFAULT\COOKIES.SQLITE ]


Malwarebytes Anti-Malware 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.21.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
James :: JAMES-PC [administrator]

3/20/2012 11:26:59 PM
mbam-log-2012-03-20 (23-26-59).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277013
Time elapsed: 1 hour(s), 16 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

zhengs

Senior Surfer
Senior Surfer

Posts : 228
Joined : 2009-01-03
Operating System : Windows Vista

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by Superdave on Thu 22 Mar 2012, 6:35 am

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="here[You must be registered and logged in to see this link.]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by zhengs on Thu 22 Mar 2012, 5:20 pm

2:18 AM 3/22/2012ComboFix 12-03-21.02 - James 03/21/2012 23:35:21.2.2 - x86
Microsoft 2:18 AM 3/22/2012Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.1927 [GMT -4:00]
Running from: c:\users\James\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 03:44 . 2012-03-22 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-21 19:34 . 2012-03-22 02:43 -------- d-----w- c:\users\James\riotsGamesLogs
2012-03-21 18:35 . 2012-03-21 18:35 -------- d-----w- c:\users\TEMP
2012-03-21 02:30 . 2012-03-21 02:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-21 02:30 . 2012-03-21 02:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-21 02:29 . 2012-03-21 02:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-21 02:29 . 2012-03-21 02:29 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-20 19:25 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{342FB7A6-53CA-4584-8F88-D431F6D08132}\mpengine.dll
2012-03-19 04:32 . 2012-03-19 04:32 -------- d-----w- c:\program files\ESET
2012-03-17 20:09 . 2012-03-17 20:09 -------- d-----w- c:\users\DefaultAppPool
2012-03-17 20:06 . 2012-03-18 18:48 327680 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-03-17 20:06 . 2012-03-17 20:06 -------- d-----w- c:\windows\system32\BestPractices
2012-03-17 20:06 . 2012-03-17 20:06 -------- d-----w- C:\inetpub
2012-03-14 20:19 . 2012-03-22 03:15 -------- d-----w- c:\programdata\PMB Files
2012-03-14 19:10 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-14 19:10 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-14 19:10 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-14 19:10 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-14 19:10 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-14 19:10 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-14 19:10 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-14 07:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 05:49 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:49 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:15 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-13 20:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 20:15 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:15 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 20:15 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 20:15 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:15 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-08 00:33 . 2012-03-08 00:33 -------- d-----w- c:\users\James\AppData\Local\Geckofx
2012-03-08 00:33 . 2012-03-08 00:33 -------- d-----w- c:\users\James\AppData\Roaming\Firefly Studios
2012-03-07 00:13 . 2012-03-08 23:45 -------- d-----w- c:\program files\World of Warcraft
2012-03-06 21:25 . 2012-03-06 21:25 -------- d-----w- c:\windows\Sun
2012-03-04 20:27 . 2012-03-04 20:27 -------- d-----w- c:\users\James\AppData\Roaming\SUPERAntiSpyware.com
2012-03-04 20:27 . 2012-03-11 08:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-04 20:27 . 2012-03-04 20:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-04 20:17 . 2012-03-04 20:17 -------- d-----w- c:\program files\Common Files\Java
2012-03-04 20:16 . 2012-03-04 20:16 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-03 02:56 . 2012-03-03 02:56 -------- d-----w- C:\Riot Games
2012-03-03 00:00 . 2012-03-03 00:00 -------- d-----w- c:\users\James\AppData\Roaming\IObit
2012-03-02 23:54 . 2012-03-02 23:57 -------- d-----w- c:\users\James\AppData\Roaming\Easy Duplicate Finder
2012-02-25 07:20 . 2012-02-25 07:23 -------- d-----w- c:\program files\Common Files\Spigot
2012-02-25 04:31 . 2012-02-25 04:31 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-25 04:29 . 2012-02-25 04:29 -------- d-----w- c:\users\James\AppData\Local\PunkBuster
2012-02-25 04:10 . 2012-02-25 04:10 138056 ----a-w- c:\users\James\AppData\Roaming\PnkBstrK.sys
2012-02-25 04:10 . 2012-02-25 04:10 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-23 22:14 . 2012-01-17 12:46 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-02-23 22:14 . 2012-01-17 12:45 67392 ----a-w- c:\windows\system32\nvapo32v.dll
2012-02-23 22:14 . 2012-01-17 12:45 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-02-23 22:14 . 2012-01-17 12:45 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 21:41 . 2011-12-15 03:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-04 20:16 . 2011-12-15 03:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 23:59 . 2011-12-15 17:13 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2011-12-15 17:13 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2011-12-15 17:13 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2009-07-24 02:01 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2009-07-24 02:01 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2009-07-23 20:39 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2009-07-23 20:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2009-07-23 20:39 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2009-07-23 20:39 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2009-07-23 20:39 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:53 . 2011-12-15 17:14 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-23 14:18 . 2011-12-15 03:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-02 22:50 . 2011-12-29 22:07 5265 ----a-w- c:\windows\system32\nppt9x.vxd
2012-02-02 22:50 . 2011-12-29 22:07 4774 ----a-w- c:\windows\system32\npptNT2.sys
2012-01-04 08:58 . 2012-02-16 01:31 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-16 01:32 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-18 04:01 . 2011-12-15 03:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-15 04:04 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-08-07 3804120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-17 1343400]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - dump_wmimmc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\fpbf0boi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{901DC58A-5C1B-4315-BA40-5AD3D3A463B9} - c:\program files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe
AddRemove-{92606477-9366-4D3B-8AE3-6BE4B29727AB} - c:\program files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-21 23:46:50
ComboFix-quarantined-files.txt 2012-03-22 03:46
.
Pre-Run: 177,712,254,976 bytes free
Post-Run: 177,479,426,048 bytes free
.
- - End Of File - - 271EE10832B1DFF3EF63EEDE1F566378

zhengs

Senior Surfer
Senior Surfer

Posts : 228
Joined : 2009-01-03
Operating System : Windows Vista

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by Superdave on Fri 23 Mar 2012, 5:12 am

Which Anti-Virus program did you install? I still don't see one. It's important that you install one now!

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by zhengs on Fri 23 Mar 2012, 9:17 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 81F2A000
Module End: 81F35000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 81F35000
Module End: 81F3E000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 81F3E000
Module End: 81F4F000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: JAMES-PC:55587
Remote Address: A184-51-206-154.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55586
Remote Address: 192.168.1.1:5555
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55584
Remote Address: 192.168.1.1:5555
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55582
Remote Address: 72.21.207.146:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55581
Remote Address: 72.21.202.184:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55580
Remote Address: 72.21.211.10:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55579
Remote Address: 205.251.253.171:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55574
Remote Address: A96-17-77-35.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55572
Remote Address: A96-17-77-35.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55571
Remote Address: 208.71.125.1:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55568
Remote Address: A96-17-77-184.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55567
Remote Address: YW-IN-F148.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55566
Remote Address: 70.33.182.202:HTTPS
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55564
Remote Address: ORD08S07-IN-F15.1E100.NET:HTTPS
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55563
Remote Address: OCSP.NYC3.VERISIGN.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55562
Remote Address: A184-85-84-46.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55561
Remote Address: OCSP.TKO2.VERISIGN.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55560
Remote Address: ORD08S09-IN-F1.1E100.NET:HTTPS
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55559
Remote Address: 70.33.182.200:HTTPS
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55558
Remote Address: 173.244.79.100.REVERSE.GOGRID.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55557
Remote Address: ORD08S07-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55556
Remote Address: ORD08S07-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55555
Remote Address: ORD08S07-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55553
Remote Address: 70.33.182.202:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55550
Remote Address: 64.191.216.116:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55548
Remote Address: 208.71.123.69:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55547
Remote Address: 208.71.123.69:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55546
Remote Address: 208.71.123.69:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55538
Remote Address: A184-85-84-46.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55537
Remote Address: 216.38.170.159:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55534
Remote Address: A184-28-61-231.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55533
Remote Address: A184-28-61-231.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55531
Remote Address: ORD08S07-IN-F13.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55530
Remote Address: ORD08S07-IN-F13.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55529
Remote Address: ORD08S07-IN-F13.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55528
Remote Address: ORD08S07-IN-F13.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55527
Remote Address: ORD08S07-IN-F13.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55526
Remote Address: ORD08S07-IN-F13.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55524
Remote Address: ORD08S09-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55523
Remote Address: ORD08S09-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55522
Remote Address: ORD08S09-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55521
Remote Address: ORD08S09-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55520
Remote Address: ORD08S09-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55519
Remote Address: ORD08S09-IN-F25.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55514
Remote Address: MPR2.NGD.VIP.NE1.YAHOO.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55511
Remote Address: MPR2.NGD.VIP.NE1.YAHOO.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55504
Remote Address: 64.208.138.134:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55503
Remote Address: A184-86-61-177.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTPS
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55502
Remote Address: A184-28-74-66.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55500
Remote Address: 74.119.118.71:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55498
Remote Address: A184-85-95-139.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55488
Remote Address: 192.168.1.1:5555
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55486
Remote Address: LB250.ATLA.COTENDO.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55483
Remote Address: EC2-23-21-215-52.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55482
Remote Address: EC2-23-21-215-52.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55481
Remote Address: EC2-23-21-215-52.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55480
Remote Address: A184-28-61-231.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55477
Remote Address: 74.121.137.24:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55476
Remote Address: A184-51-206-26.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55470
Remote Address: A184-51-206-154.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55465
Remote Address: A23-45-65-152.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55464
Remote Address: A23-45-65-152.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55463
Remote Address: A23-45-65-152.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55462
Remote Address: A23-45-65-152.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55461
Remote Address: A23-45-65-152.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55460
Remote Address: A23-45-65-152.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55459
Remote Address: 208.71.125.119:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55458
Remote Address: EC2-50-19-113-85.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55457
Remote Address: 66.70.125.98:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55449
Remote Address: 208.71.125.18:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55448
Remote Address: EC2-184-73-239-98.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55447
Remote Address: EC2-50-19-113-85.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55446
Remote Address: 208.71.125.119:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55443
Remote Address: A184-28-61-231.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55442
Remote Address: 66.70.125.98:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55441
Remote Address: ORD08S09-IN-F26.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55436
Remote Address: 208.71.125.1:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55435
Remote Address: 208.71.125.18:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55434
Remote Address: YW-IN-F148.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55433
Remote Address: YW-IN-F148.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55432
Remote Address: 67.214.159.90:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55431
Remote Address: YW-IN-F148.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55430
Remote Address: A96-17-77-35.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55429
Remote Address: A184-28-61-231.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55427
Remote Address: 208.71.125.52:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55426
Remote Address: 208.71.125.133:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55424
Remote Address: 69.80.196.159:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55423
Remote Address: 208.71.125.131:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55421
Remote Address: 208.71.125.51:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55420
Remote Address: 208.71.125.52:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55419
Remote Address: A184-87-128-74.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55418
Remote Address: A96-17-75-27.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55415
Remote Address: YW-IN-F138.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55414
Remote Address: PR6.DNSPRO.ORG:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55408
Remote Address: F19.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55407
Remote Address: F66.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55406
Remote Address: F66.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55405
Remote Address: F66.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55404
Remote Address: F66.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55403
Remote Address: F66.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55402
Remote Address: F66.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55401
Remote Address: ORD08S07-IN-F13.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55400
Remote Address: PR6.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55399
Remote Address: CBF02M01-IN-F95.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55398
Remote Address: F56.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55397
Remote Address: F56.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55396
Remote Address: F56.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55395
Remote Address: C37.SERVIMG.COM:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55394
Remote Address: PR6.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55393
Remote Address: PR6.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55392
Remote Address: PR6.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55391
Remote Address: F56.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55390
Remote Address: F56.DNSPRO.ORG:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55386
Remote Address: YX-IN-F103.1E100.NET:HTTP
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55382
Remote Address: 192.168.1.1:5555
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55374
Remote Address: ORD08S06-IN-F4.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55373
Remote Address: ORD08S06-IN-F4.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55372
Remote Address: YW-IN-F102.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55369
Remote Address: ORD08S06-IN-F4.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:55363
Remote Address: 208.117.225.77:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:49538
Remote Address: ORD08S06-IN-F0.1E100.NET:HTTP
Type: TCP
Process: 0 (PID)
State: TIME_WAIT

Local Address: JAMES-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: JAMES-PC:55385
Remote Address: LOCALHOST:55384
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:55384
Remote Address: LOCALHOST:55385
Type: TCP
Process: 2956 (PID)
State: ESTABLISHED

Local Address: JAMES-PC:2559
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2404 (PID)
State: LISTENING

Local Address: JAMES-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: 460 (PID)
State: LISTENING

Local Address: JAMES-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: 476 (PID)
State: LISTENING

Local Address: JAMES-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: 924 (PID)
State: LISTENING

Local Address: JAMES-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: 812 (PID)
State: LISTENING

Local Address: JAMES-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: 404 (PID)
State: LISTENING

Local Address: JAMES-PC:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: JAMES-PC:WSD
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: JAMES-PC:ICSLAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: JAMES-PC:RTSP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 2992 (PID)
State: LISTENING

Local Address: JAMES-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: JAMES-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 740 (PID)
State: LISTENING

Local Address: JAMES-PC:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: JAMES-PC:60541
Remote Address: NA
Type: UDP
Process: 924 (PID)
State: NA

Local Address: JAMES-PC:49890
Remote Address: NA
Type: UDP
Process: 1736 (PID)
State: NA

Local Address: JAMES-PC:SSDP
Remote Address: NA
Type: UDP
Process: 1736 (PID)
State: NA

Local Address: JAMES-PC:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: JAMES-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: JAMES-PC:49891
Remote Address: NA
Type: UDP
Process: 1736 (PID)
State: NA

Local Address: JAMES-PC:48000
Remote Address: NA
Type: UDP
Process: 2404 (PID)
State: NA

Local Address: JAMES-PC:SSDP
Remote Address: NA
Type: UDP
Process: 1736 (PID)
State: NA

Local Address: JAMES-PC:58975
Remote Address: NA
Type: UDP
Process: 1092 (PID)
State: NA

Local Address: JAMES-PC:58973
Remote Address: NA
Type: UDP
Process: 1092 (PID)
State: NA

Local Address: JAMES-PC:49152
Remote Address: NA
Type: UDP
Process: 1736 (PID)
State: NA

Local Address: JAMES-PC:LLMNR
Remote Address: NA
Type: UDP
Process: 1184 (PID)
State: NA

Local Address: JAMES-PC:5005
Remote Address: NA
Type: UDP
Process: 2992 (PID)
State: NA

Local Address: JAMES-PC:5004
Remote Address: NA
Type: UDP
Process: 2992 (PID)
State: NA

Local Address: JAMES-PC:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1092 (PID)
State: NA

Local Address: JAMES-PC:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1736 (PID)
State: NA

Local Address: JAMES-PC:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1092 (PID)
State: NA

Local Address: JAMES-PC:WS-DISCOVERY
Remote Address: NA
Type: UDP
Process: 1736 (PID)
State: NA

Local Address: JAMES-PC:TEREDO
Remote Address: NA
Type: UDP
Process: 924 (PID)
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied


zhengs

Senior Surfer
Senior Surfer

Posts : 228
Joined : 2009-01-03
Operating System : Windows Vista

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by Superdave on Sat 24 Mar 2012, 6:18 am

Please run Security Check again and post the log.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by zhengs on Sat 24 Mar 2012, 7:43 am

Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.63
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


From the antivirus list you gave me, I don't know which one to choose. Which one stands out overall?

zhengs

Senior Surfer
Senior Surfer

Posts : 228
Joined : 2009-01-03
Operating System : Windows Vista

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by Superdave on Sat 24 Mar 2012, 10:39 am

From the antivirus list you gave me, I don't know which one to choose. Which one stands out overall?
My preference is MicroSoft Security Essentials. Just make sure you choose the Windows 7 one and not the 64 bit one. Please let me know when you have one installed.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by zhengs on Sat 24 Mar 2012, 1:21 pm

Okay I finish installing the antivirus. What to do next?

zhengs

Senior Surfer
Senior Surfer

Posts : 228
Joined : 2009-01-03
Operating System : Windows Vista

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by Superdave on Sun 25 Mar 2012, 10:23 am

Okay I finish installing the antivirus. What to do next?
Please run Security Check again and post the log.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: unknown items slowing down computer

Post by Sponsored content Today at 4:31 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum