IE using too much memory - 5 steps followed, logs pasted

Solved
By Higgins
Oct 28, 2011
Topic Status:
Not open for further replies.
  1. My computer is running very slow, all the usual suspects have been cleaned out but am still having trouble with very slow internet. I installed AVG and I get a pop up stating that my IE is using about 250 - 280 MB. This happens every time I am online. This isn't the worst problem, just very frustrating. Thank you for any help. I will paste the logs below.

    Malwarebytes:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8028

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/27/2011 5:30:21 AM
    mbam-log-2011-10-27 (05-30-21).txt

    Scan type: Quick scan
    Objects scanned: 211628
    Time elapsed: 8 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-28 05:36:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200827AS rev.3.AHH
    Running: 9edheext[1].exe; Driver: C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\uxldipow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF1F4F040]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF1F4B930]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF1F56A80]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF1F4F510]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF1F4F600]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF1F4BF20]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF1F576E0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF1F57440]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF1F578B0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF1F4BD70]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEF9CAF3C]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF1F58250]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF1F57CB0]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF1F4EC00]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF1F58080]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF1F4C120]
    SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF1F57140]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEF9CAFE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEF9CB080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEF9CB11C]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? srescan.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3180] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\program files\real\realplayer\update\realsched.exe[3344] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[3180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Cdfs \Cdfs EEF5D400

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:872] EE3761F0

    ---- EOF - GMER 1.0.15 ----


    DDS:

    ATTACH (file 1):


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/27/2006 9:57:59 PM
    System Uptime: 10/28/2011 1:03:29 AM (4 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | Opal
    Processor: AMD Turion(tm) 64 Mobile Technology ML-34 | Socket 754 | 1790/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 178 GiB total, 98.968 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 0.446 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\AC89C011D800
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\AC89C011D800
    Service: NIC1394
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A2F103C&REV_10\4&1C88B56&0&18A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A2F103C&REV_10\4&1C88B56&0&18A4
    Service: RTL8023xp
    .
    ==== System Restore Points ===================
    .
    RP349: 7/31/2011 2:15:00 AM - System Checkpoint
    RP350: 8/1/2011 2:21:59 AM - System Checkpoint
    RP351: 8/2/2011 2:30:23 AM - System Checkpoint
    RP352: 8/3/2011 2:52:18 AM - System Checkpoint
    RP353: 8/4/2011 4:16:02 PM - System Checkpoint
    RP354: 8/5/2011 7:23:12 PM - System Checkpoint
    RP355: 8/6/2011 7:37:41 PM - System Checkpoint
    RP356: 8/7/2011 8:14:17 PM - System Checkpoint
    RP357: 8/8/2011 9:16:10 PM - System Checkpoint
    RP358: 8/9/2011 11:04:25 PM - System Checkpoint
    RP359: 8/10/2011 11:58:11 PM - System Checkpoint
    RP360: 8/12/2011 12:58:29 AM - System Checkpoint
    RP361: 8/13/2011 1:52:55 AM - System Checkpoint
    RP362: 8/14/2011 3:37:40 AM - System Checkpoint
    RP363: 8/15/2011 6:07:21 PM - System Checkpoint
    RP364: 8/16/2011 6:32:32 PM - System Checkpoint
    RP365: 8/17/2011 8:02:33 PM - System Checkpoint
    RP366: 8/19/2011 1:31:18 AM - System Checkpoint
    RP367: 8/20/2011 2:18:16 AM - System Checkpoint
    RP368: 8/21/2011 3:41:51 PM - System Checkpoint
    RP369: 8/22/2011 5:45:51 PM - System Checkpoint
    RP370: 8/23/2011 6:08:59 PM - System Checkpoint
    RP371: 8/24/2011 11:24:15 PM - System Checkpoint
    RP372: 8/26/2011 10:27:47 AM - System Checkpoint
    RP373: 8/27/2011 4:15:05 PM - System Checkpoint
    RP374: 8/28/2011 7:12:57 PM - System Checkpoint
    RP375: 8/29/2011 9:40:14 PM - System Checkpoint
    RP376: 8/31/2011 12:28:35 AM - System Checkpoint
    RP377: 9/1/2011 1:18:56 AM - System Checkpoint
    RP378: 9/2/2011 1:26:05 AM - System Checkpoint
    RP379: 9/3/2011 3:47:30 AM - System Checkpoint
    RP380: 9/4/2011 1:22:50 AM - Installed ParetoLogic Data Recovery.
    RP381: 9/5/2011 2:36:55 AM - System Checkpoint
    RP382: 9/6/2011 5:16:39 AM - System Checkpoint
    RP383: 9/7/2011 10:44:06 PM - System Checkpoint
    RP384: 9/8/2011 11:12:40 PM - System Checkpoint
    RP385: 9/9/2011 2:02:18 AM - Removed ParetoLogic Data Recovery.
    RP386: 9/10/2011 5:04:55 PM - System Checkpoint
    RP387: 9/11/2011 5:44:21 PM - System Checkpoint
    RP388: 9/12/2011 6:26:30 PM - System Checkpoint
    RP389: 9/13/2011 7:22:20 PM - System Checkpoint
    RP390: 9/13/2011 7:56:15 PM - Installed iTunes
    RP391: 9/14/2011 9:53:35 PM - System Checkpoint
    RP392: 9/16/2011 5:03:22 AM - System Checkpoint
    RP393: 9/19/2011 3:28:57 AM - System Checkpoint
    RP394: 9/21/2011 11:47:06 PM - System Checkpoint
    RP395: 9/23/2011 11:48:04 AM - System Checkpoint
    RP396: 9/24/2011 5:57:36 PM - System Checkpoint
    RP397: 9/25/2011 6:44:27 PM - System Checkpoint
    RP398: 9/28/2011 4:35:10 PM - System Checkpoint
    RP399: 9/29/2011 5:18:57 PM - System Checkpoint
    RP400: 9/30/2011 6:12:50 PM - System Checkpoint
    RP401: 10/2/2011 4:16:52 PM - System Checkpoint
    RP402: 10/4/2011 4:54:14 PM - System Checkpoint
    RP403: 10/5/2011 9:24:15 PM - System Checkpoint
    RP404: 10/7/2011 5:10:34 PM - System Checkpoint
    RP405: 10/9/2011 1:26:41 AM - System Checkpoint
    RP406: 10/11/2011 6:31:52 AM - System Checkpoint
    RP407: 10/12/2011 11:54:35 PM - System Checkpoint
    RP408: 10/14/2011 12:08:24 AM - System Checkpoint
    RP409: 10/15/2011 12:46:17 AM - System Checkpoint
    RP410: 10/15/2011 7:11:16 PM - Removed Skype™ 5.5
    RP411: 10/18/2011 3:55:19 AM - System Checkpoint
    RP412: 10/19/2011 4:37:43 AM - Removed Ask Toolbar.
    RP413: 10/19/2011 4:38:14 AM - Removed Apple Software Update
    RP414: 10/19/2011 4:39:25 AM - Removed Apple Application Support
    RP415: 10/19/2011 4:41:44 AM - Removed Apple Mobile Device Support
    RP416: 10/19/2011 4:43:31 AM - Removed Bonjour
    RP417: 10/19/2011 4:44:13 AM - Removed Click to Call with Skype
    RP418: 10/19/2011 4:46:49 AM - Removed Creative MuVo V100
    RP419: 10/19/2011 4:49:51 AM - Removed iTunes
    RP420: 10/19/2011 5:03:48 AM - Installed Java(TM) 6 Update 29
    RP421: 10/19/2011 5:15:47 AM - Installed AVG 2012
    RP422: 10/19/2011 5:16:28 AM - Installed AVG 2012
    RP423: 10/20/2011 3:20:09 PM - System Checkpoint
    RP424: 10/21/2011 5:22:44 PM - System Checkpoint
    RP425: 10/22/2011 5:50:20 PM - System Checkpoint
    RP426: 10/23/2011 4:30:19 AM - Configured easy Internet sign-up
    RP427: 10/23/2011 4:30:30 AM - Configured easy Internet sign-up
    RP428: 10/23/2011 4:34:49 AM - Removed TourSetup
    RP429: 10/24/2011 3:46:15 PM - System Checkpoint
    RP430: 10/25/2011 8:00:13 PM - System Checkpoint
    RP431: 10/26/2011 8:54:50 PM - System Checkpoint
    RP432: 10/27/2011 9:52:45 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    123 Free Solitaire 2009 v7.2
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.5
    Agere Systems PCI-SV92PP Soft Modem
    AiO_Scan
    AiO_Scan_CDA
    AiOSoftware
    AiOSoftwareNPI
    ATI Control Panel
    ATI Display Driver
    AudibleManager
    AVG 2012
    AVS DVDMenu Editor 1.2.1.19
    AVS Video Tools 5.6
    BufferChm
    CameraDrivers
    CameraUserGuides
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative System Information
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Customer Experience Enhancement
    Destinations
    DeviceFunctionQFolder
    Digital Photo Navigator 1.5
    DocProc
    DocumentViewer
    Enhanced Multimedia Keyboard Solution
    Fax
    Fax_CDA
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Deskjet 3900 series
    HP Deskjet Printer Preload
    HP DigitalMedia Archive
    HP Document Viewer 6.1
    HP DVD Play 2.1
    HP Image Zone Express
    HP Imaging Device Functions 7.0
    HP Photosmart 330,380,420,470,7800,8000,8200 Series
    HP Photosmart Cameras 6.0
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP PSC & OfficeJet 5.3.B
    HP PSC & OfficeJet 6.1.A
    HP Rhapsody
    HP Software Update
    HP Solution Center and Imaging Support Tools 6.1
    HP Web Helper
    HPDeskjet3900Series
    hpiCamDrvQFolder
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    InstantShareDevices
    InterActual Player
    J2SE Runtime Environment 5.0 Update 5
    Java Auto Updater
    Java(TM) 6 Update 29
    LightScribe 1.4.84.1
    M8 Free Clipboard
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Away Mode
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox (3.6.18)
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    Netflix Movie Viewer
    NewCopy
    NewCopy_CDA
    OptionalContentQFolder
    PanoStandAlone
    PhotoGallery
    Player Recovery Drivers
    PowerCinema NE for Everio
    PowerDirector Express
    PowerProducer
    PSPrinters08
    PSTAPlugin
    Quicken 2006
    QuickTime
    RandMap
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Rhapsody
    Rhapsody Player Engine
    Scan
    ScannerCopy
    Search Toolbar
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    SlideShow
    SlideShowMusic
    SolutionCenter
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Status
    Switch Sound File Converter
    Toolbox
    TrayApp
    Unload
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VideoPad Video Editor
    WavePad Sound Editor
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB895316
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    XtR Call Mynah
    Yahoo! BrowserPlus 2.9.8
    ZoneAlarm
    ZoomTown Software
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/28/2011 4:02:03 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    10/24/2011 11:50:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    10/22/2011 3:25:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
    10/22/2011 3:25:18 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  2. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    Addition (2nd DDS file)

    DDS (file 2):

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by HP_Administrator at 5:40:09 on 2011-10-28
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.120 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Norton Internet Worm Protection *Disabled*
    FW: ZoneAlarm Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\FreeClip\FreeClip.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
    mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [MemoryTriUtils] c:\windows\diskperfm.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    StartupFolder: c:\docume~1\hp_adm~1.you\startm~1\programs\startup\freeclip.lnk - c:\program files\freeclip\FreeClip.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    dPolicies-system: RunStartupScriptSync = 1 (0x1)
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    Trusted Zone: cnet.com\download
    Trusted Zone: live.com\login
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
    TCP: Interfaces\{42E285A1-86B6-446A-8B82-D7EFFE1BF2E3} : DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: WRNotifier - WRLogonNTF.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\mozilla\firefox\profiles\dry9b2fu.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-20 127768]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-20 394952]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
    S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-9 14336]
    .
    =============== Created Last 30 ================
    .
    2011-10-27 22:00:00 -------- d-----w- c:\program files\common files\PARETOLOGIC
    2011-10-23 10:28:38 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-22 21:08:15 -------- d-----w- c:\program files\CCleaner
    2011-10-19 09:51:31 -------- d--h--w- C:\$AVG
    2011-10-19 09:18:28 -------- d-----w- c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\AVG2012
    2011-10-19 09:16:47 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-10-19 09:16:47 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-10-19 09:15:48 -------- d-----w- c:\program files\AVG
    2011-10-19 09:02:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-10-19 09:01:40 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    .
    ==================== Find3M ====================
    .
    2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-09-13 05:15:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 5:41:14.94 ===============
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I am so sorry! Looks like your thread got missed. If you still need help:

    You should sort this out:
    AV: AVG Anti-Virus Free Edition 2012
    FW: Norton Internet Worm Protection
    FW: ZoneAlarm Firewall
    You should have one antivirus, one firewall and two or more antimalware programs. This shows 2 firewalls> as far as I know, the Norton Worm Protection is a part of one of the Norton Suites. If you formerly used Norton and now prefer AVG and Zone Alarm, you should remove Norton:

    Norton Removal Tool
    =============================================
    I'd like you to run Combofix. It will not run with AVG on the system, so that will need to be removed temporarily:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ======================================
    Then run this online virus scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ============================================
    Please leave logs in yur next reply:
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please tell me how much RAM is installed,
  4. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    ComboFix 11-10-30.04 - HP_Administrator 11/01/2011 0:30.9.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.545 [GMT -4:00]
    Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Guest\WINDOWS
    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Windows Server
    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Windows Server\flags.ini
    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Windows Server\uses32.dat
    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~WRL0004.tmp
    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~WRL3780.tmp
    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\WINDOWS
    C:\feed.txt
    c:\program files\iexplore.exe
    c:\program files\iexplore.exe\changes.rtf
    c:\program files\iexplore.exe\Languages\arabic.lng
    c:\program files\iexplore.exe\Languages\belarusian.lng
    c:\program files\iexplore.exe\Languages\bosnian.lng
    c:\program files\iexplore.exe\Languages\bulgarian.lng
    c:\program files\iexplore.exe\Languages\catalan.lng
    c:\program files\iexplore.exe\Languages\chineseSI.lng
    c:\program files\iexplore.exe\Languages\chineseTR.lng
    c:\program files\iexplore.exe\Languages\croatian.lng
    c:\program files\iexplore.exe\Languages\czech.lng
    c:\program files\iexplore.exe\Languages\danish.lng
    c:\program files\iexplore.exe\Languages\dutch.lng
    c:\program files\iexplore.exe\Languages\english.lng
    c:\program files\iexplore.exe\Languages\estonian.lng
    c:\program files\iexplore.exe\Languages\finnish.lng
    c:\program files\iexplore.exe\Languages\french.lng
    c:\program files\iexplore.exe\Languages\german.lng
    c:\program files\iexplore.exe\Languages\greek.lng
    c:\program files\iexplore.exe\Languages\hebrew.lng
    c:\program files\iexplore.exe\Languages\hungarian.lng
    c:\program files\iexplore.exe\Languages\italian.lng
    c:\program files\iexplore.exe\Languages\korean.lng
    c:\program files\iexplore.exe\Languages\latvian.lng
    c:\program files\iexplore.exe\Languages\lithuanian.lng
    c:\program files\iexplore.exe\Languages\macedonian.lng
    c:\program files\iexplore.exe\Languages\norwegian.lng
    c:\program files\iexplore.exe\Languages\polish.lng
    c:\program files\iexplore.exe\Languages\portugueseBR.lng
    c:\program files\iexplore.exe\Languages\portuguesePT.lng
    c:\program files\iexplore.exe\Languages\romanian.lng
    c:\program files\iexplore.exe\Languages\russian.lng
    c:\program files\iexplore.exe\Languages\serbian.lng
    c:\program files\iexplore.exe\Languages\slovak.lng
    c:\program files\iexplore.exe\Languages\slovenian.lng
    c:\program files\iexplore.exe\Languages\spanish.lng
    c:\program files\iexplore.exe\Languages\swedish.lng
    c:\program files\iexplore.exe\Languages\thai.lng
    c:\program files\iexplore.exe\Languages\turkish.lng
    c:\program files\iexplore.exe\Languages\vietnamese.lng
    c:\program files\iexplore.exe\license.txt
    c:\program files\iexplore.exe\mbam.chm
    c:\program files\iexplore.exe\mbam.dll
    c:\program files\iexplore.exe\mbam.exe
    c:\program files\iexplore.exe\mbamcore.dll
    c:\program files\iexplore.exe\mbamext.dll
    c:\program files\iexplore.exe\mbamgui.exe
    c:\program files\iexplore.exe\mbamnet.dll
    c:\program files\iexplore.exe\mbamservice.exe
    c:\program files\iexplore.exe\ssubtmr6.dll
    c:\program files\iexplore.exe\unins000.dat
    c:\program files\iexplore.exe\unins000.exe
    c:\program files\iexplore.exe\unins000.msg
    c:\program files\iexplore.exe\vbalsgrid6.ocx
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\windows\help\tours\htmltour\unlock_playing.htm
    c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
    c:\windows\kb913800.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-27 22:00 . 2011-10-27 22:00 -------- d-----w- c:\program files\Common Files\PARETOLOGIC
    2011-10-23 10:28 . 2011-10-23 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-21 09:50 . 2011-10-21 09:50 -------- d-----w- c:\documents and settings\Guest\Application Data\TreeCardGames
    2011-10-21 09:41 . 2011-10-21 09:41 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
    2011-10-21 09:38 . 2011-10-21 09:38 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\PCM4Everio
    2011-10-19 09:18 . 2011-10-19 09:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AVG2012
    2011-10-19 09:15 . 2011-10-19 09:15 -------- d-----w- c:\program files\AVG
    2011-10-19 09:02 . 2011-10-19 09:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-30 08:22 . 2011-07-14 04:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 09:06 . 2010-04-22 04:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 06:37 . 2009-04-07 10:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-31 21:00 . 2011-06-26 08:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-02-09 49152]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2008-02-09 90112]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2008-02-09 237568]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "MemoryTriUtils"="c:\windows\diskperfm.exe" [2010-06-07 798208]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-12 273544]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctODExNDExMTEzLVNUMTJPSSsxLUREVCswLVNUMTJGT0krMS1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1834&mid=469840422c3347d1a575d15de343130f-218616fb37bc7bae132b03a125dbf2c144580abf" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-24 27136]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "RunStartupScriptSync"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2008-02-09 05:49 64512 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2008-02-09 05:49 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-08-11 18:22 136176 ----atw- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-02-09 05:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    2008-02-09 05:49 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-01-17 21:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Documents and Settings\\HP_Administrator.YOUR-4DACD0EA75\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/9/2004 5:00 PM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:41]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:41]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282268600-130989073-1562966170-1008Core.job
    - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-29 18:22]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282268600-130989073-1562966170-1008UA.job
    - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-29 18:22]
    .
    2011-11-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-11-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4282268600-130989073-1562966170-501.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-11-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-10-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4282268600-130989073-1562966170-501.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-10-14 c:\windows\Tasks\videopadShakeIcon.job
    - c:\program files\NCH Software\VideoPad\videopad.exe [2011-07-19 05:43]
    .
    2011-10-14 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-07-16 01:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    Trusted Zone: cnet.com\download
    Trusted Zone: live.com\login
    TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
    FF - ProfilePath - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\dry9b2fu.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-RunOnce-AvgRemover - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\Content.IE5\558QXIAC\avg_remover_stf_x86_2012_1796[1].exe
    AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\iexplore.exe\unins000.exe
    AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-01 00:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(672)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\COMRes.dll
    .
    Completion time: 2011-11-01 00:43:38
    ComboFix-quarantined-files.txt 2011-11-01 04:43
    ComboFix2.txt 2010-04-24 17:26
    .
    Pre-Run: 106,050,031,616 bytes free
    Post-Run: 106,607,808,512 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 61A2904E19384D83F40F4B59D68A7563




    There is 960 MB of RAM


    ESET log will be posted next.
  5. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    ESET will not comlete scan after several attempts. I get an "unexpected error 2002" I deleted Zonealarm but that did not help.

    Iexplore is still using over 180 MB

    I downloaded ESET NOD 32 antivirus and will scan using this. Would this be good enough? I am not sure why The ESETonline scan keeps stopping.
  6. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    ESET NOD32 complete scan found 2 infected files:

    C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir - Win32/Toolbar.Zugo

    C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP436\A0058625.dll - Win32/Toolbar.Zugo

    iexplore.exe is still using over 180 MB.... I don't know if this is normal.

    The only new download was the ESET antivirus and that was because the other ESET would not load.

    Thanks for your help.
  7. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    This is the log of the entire ESET scan:

    Edit: Excess Eset content deleted and duplicate entries found also in next post have been deleted by Bobbye
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The link I left for Eset takes you to this page: http://go.eset.com/us/online-scanner. If you click on the Free Online Scanner on the left and are using Internet Explorer, it should load without problem. If you are using a different browser, after you click the link, a screen will come up for you to load the Smart Installer. Once done, the scan should run.

    Holding down the Ctrl key while clicking on the link does the same thing.

    This online scan is free. The Eset Nod32 AV is not free- there may be a trial period, but following that, a license.purchase is required.
    --------------------------------------
    But there are no new, active entries in the log. Qoobox is where Combofix send quarantined files and System Volume is where Restore Points are kept. (we will remove old restore points and create new clean one when finished.)
    ======================================
    You have of tasks set in the Task Scheduler. You also have a large number of auto-updates running. Each of these will contact the internet regularly, sometime multiple times every day through the browser. So I would suggest you stop the tasks and the updates as follows:
    ========================================
    Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

    Scheduled Tasks
    Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do any of the following:
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
    3. To delete a task> right-click the task> click Delete.
    4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.

    There are also 4 tasks for Google updates. How often does a toolbar update? This one is tricky- it can be stopped, but unless all the auto-entries are removed, it will put itself back.
    ====================================================
    These processes are running: Some are auto-updates, others are processes that started on boot then continued to run in the background: None need to start on boot.
    ------------------------------------
    "MemoryTriUtils"="c:\windows\diskperfm.exe>> System optimizers such as this are executable files that start on boot, run in the background. If you do some research, you will find that most use more resources than they are worth.
    ------------------------------------
    Next time you get the popup that you are using too much memory:
    Right click on Taskbar> Task Manager Processes tab> Double click on top frame of the memory column:
    Give me the image names of the top 6 processes in the memory column.
    Look on the lower left and see how many processes are running.

    Let me know both.

    Please go on to next reply.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\program files\Common Files\PARETOLOGIC
    DDS:
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun: [MemoryTriUtils] c:\windows\diskperfm.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================================
    I recommend taking both of these domains out of the Trusted Zone. Nothing needs to be in that zone. The security is lower than in the Internet Zone and therefore a risk to the system:

    Click on the Control Panel> Internet Options> Security tab> Trusted sites> Sites> highlight and remove both of the following:
    Trusted Zone: cnet.com\download
    Trusted Zone: live.com\login

    The irony of putting any domains in the Trusted Zone is that it accomplishes nothing for the user- but it allows the zones to bypass the higher security of the internet and send promotional and even spam.
    =================================
    Note: When you uninstall a program, you should use Windows Explorer to access My Computer> Double click on Local Drive(C)> Programs> right click> Delete the program folder>>

    Do this for PARETOLOGIC which you uninstalled.
  10. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    I'm sorry this is taking me so long. I will be submitting the information you requested soon. thanks for your patience. I have health problems and have a lot of Dr. appointments.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    No problem. Post when ready.
     
  12. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    Here is the log fro CFScript that you requested:

    ComboFix 11-11-03.05 - HP_Administrator 11/03/2011 20:25:45.11.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.559 [GMT -4:00]
    Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-03 21:54 . 2011-11-03 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-11-03 21:15 . 2011-11-03 21:15 -------- d-----w- c:\program files\ESET
    2011-11-03 09:23 . 2011-11-03 09:23 -------- d-----w- c:\windows\system32\wbem\mof\bad
    2011-11-02 00:35 . 2011-11-02 00:35 -------- d-----w- c:\program files\AVAST Software
    2011-11-01 23:41 . 2011-11-01 23:41 -------- d-----w- c:\program files\Common Files\Adobe
    2011-11-01 10:43 . 2011-11-01 10:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
    2011-11-01 07:52 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2011-11-01 07:50 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2011-10-23 10:28 . 2011-11-03 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-21 09:50 . 2011-10-21 09:50 -------- d-----w- c:\documents and settings\Guest\Application Data\TreeCardGames
    2011-10-21 09:41 . 2011-10-21 09:41 -------- d-----w- c:\documents and settings\Guest\PrivacIE
    2011-10-19 09:18 . 2011-10-19 09:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AVG2012
    2011-10-19 09:02 . 2011-10-19 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-30 08:22 . 2011-07-14 04:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 09:06 . 2010-04-22 04:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 06:37 . 2009-04-07 10:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-09 21:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-09 21:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2004-08-09 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2004-08-09 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 21:00 . 2011-06-26 08:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-22 23:48 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2004-08-09 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2004-08-09 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2004-08-09 21:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49 . 2004-08-09 21:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-02-09 49152]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2008-02-09 237568]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-12 273544]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-24 27136]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "RunStartupScriptSync"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
    2008-02-09 05:49 90112 ----a-w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2008-02-09 05:49 64512 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2008-02-09 05:49 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-08-11 18:22 136176 ----atw- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-02-09 05:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    2008-02-09 05:49 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-01-17 21:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-07-12 04:59 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Documents and Settings\\HP_Administrator.YOUR-4DACD0EA75\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/9/2004 5:00 PM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-11-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
    FF - ProfilePath - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\dry9b2fu.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-03 20:31
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(644)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3872)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-11-03 20:32:49
    ComboFix-quarantined-files.txt 2011-11-04 00:32
    ComboFix2.txt 2011-11-04 00:06
    ComboFix3.txt 2011-11-01 04:43
    ComboFix4.txt 2010-04-24 17:26
    .
    Pre-Run: 104,967,720,960 bytes free
    Post-Run: 104,949,829,632 bytes free
    .
    - - End Of File - - 0E15B63485F2C5BDA4A5B58E82D54C58
  13. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    Also, I removed all websites from the trusted zone per your advice.

    I tried to download ESET using google chrome browser. IE 8 didn't seem to be working properly after several attempts, ESET would not run. It would make it to the "initialization" part of downloading virus signature database, but then would stop and an error would emerge stating "Unexpected error2002". Now the same thing happens with Google chrome so I assume it is not a browser issue.


    So I cannot run the ESET scan. I have tried over 20 times to run this and for whatever reason, it will not run. I have no idea what the problem is with ESET. I am sorry for this. I know it must be an important step to the troubleshooting problem.


    I deleted all of the tasks that you requested I delete.


    I removed the startup programs from the startup tray that you said were not needed.


    I deleted all of the google taskbar updates.


    I installed Avast and ran a virus scan which returned no threat results. I uninstalled avast. I will need to reinstall AVG before I will get a popup window stating that IE is using too much Memory. I will send that next.


    Now the problems I have now are:


    Slow connections (sometimes, not always)


    Hiccups, or stopping of information if I use facebook. (lockup of computer function)


    All of the problems are when I use the internet. I haven't experienced any trouble offline whatsoever.

    Paretologic is not in view in the programs folder. When I did a search for paretologic it does come up in the search. When I attempt to delete it, a new window pops up and states "cannot delete file: Cannot read from the source file or disk". This was done "before" I ran the last combofix scan and CFScript log.

    Videos stop loading at a point, downloads stop downloading at a point, Facebook stops allowing messages at a point. it is like any internet activity will lock up often and then I have to close the page and reopen it to get it to function correctly. The after a while, it will lock up again, if it loads in the beginning.

    Also after boot up, the internet is connected but it takes a long time for any internet pages to load. It just says unable to connect.

    I have internet and the connection is extremely strong.

    That is all I can think of right now.
  14. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    FYI: I did run ESET on my father's computer (which is on the same internet network; also xp) and it ran fine. So there is something wrong with my computer.
  15. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    I repeatedly attempted to load ESET and after about 10 tries, it is now scanning.

    Possible important information: I checked in task manager to see why the scan was occurring so slow. No other processes were taking any CPU and the scan was using approximately 98% of CPU usage according to the task manager window. Yet the scan was excruciatingly slow.

    There were many notes of programs using memory but no appreciable CPU usage. I thought this quite odd.

    Ok. The ESET scan just completed after 3 hours. No infected files were found. So I have no log to paste here.
  16. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    Listed are the top 10 processes running ( in task manager and in order ) when my computer locked up while watching a video online tonight. CPU usage was all zero for these processes when I checked.

    Process ............... Memory (K)

    1. hpqtra08.exe ............... 8448
    2. svchost.exe .................. 3508
    3. realsched.exe ................... 716
    4. ctfmon.exe .................. 3316
    5. explorer.exe .................. 22988
    6. ati2evxx.exe ................ 3268
    7. wscntfy.exe ................... 2408
    8. wuauclt.exe .................. 4328
    9. iexplore.exe ................... 120492
    10. hpqste08.exe .................... 14984
  17. Higgins

    Higgins Newcomer, in training Topic Starter Posts: 22

    Update: Possibly fixed

    I eventually was reading about an AVG product called AVG PC tuneup. This was a free one time scan. It found approx. 1500 issues and I selected to fix these issues.

    I have had no problems at all since then. downloads are working, videos are loading fine. Startup is quick and no websites or applications seem to be locking up.

    I put antivirus and firewall back on and still no issues.

    I am not 100% sure this problem is fixed or why but I wanted to give an update and possibly you could explain to me what the problem may have been. I know nothing about registry files and errors, but I suspect this could have been the problem?

    If I have any other issues I will post here as soon as I can. If this did fix the problem, I very much appreciate your help. I know that if the problem would have persisted that you would have eventually helped me to find and eliminate the problem.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Since you have run your own scan and removed processes, this will invalidate the results from previous logs. Since it appears that the problems have been resolved, you can remove the cleaning tools and I will close the thread:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.