Solved IE using too much memory - 5 steps followed, logs pasted

Status
Not open for further replies.
H

Higgins

Posts: 22   +0
My computer is running very slow, all the usual suspects have been cleaned out but am still having trouble with very slow internet. I installed AVG and I get a pop up stating that my IE is using about 250 - 280 MB. This happens every time I am online. This isn't the worst problem, just very frustrating. Thank you for any help. I will paste the logs below.

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8028

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/27/2011 5:30:21 AM
mbam-log-2011-10-27 (05-30-21).txt

Scan type: Quick scan
Objects scanned: 211628
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-28 05:36:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200827AS rev.3.AHH
Running: 9edheext[1].exe; Driver: C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\uxldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF1F4F040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF1F4B930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF1F56A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF1F4F510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF1F4F600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF1F4BF20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF1F576E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF1F57440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF1F578B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF1F4BD70]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEF9CAF3C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF1F58250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF1F57CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF1F4EC00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF1F58080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF1F4C120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF1F57140]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xEF9CAFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEF9CB080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEF9CB11C]

---- Kernel code sections - GMER 1.0.15 ----

? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3180] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\program files\real\realplayer\update\realsched.exe[3344] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F1F53CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F1F53E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F1F54320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F1F541C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs EEF5D400

---- Threads - GMER 1.0.15 ----

Thread System [4:872] EE3761F0

---- EOF - GMER 1.0.15 ----


DDS:

ATTACH (file 1):


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2006 9:57:59 PM
System Uptime: 10/28/2011 1:03:29 AM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Opal
Processor: AMD Turion(tm) 64 Mobile Technology ML-34 | Socket 754 | 1790/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 98.968 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.446 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\AC89C011D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\AC89C011D800
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A2F103C&REV_10\4&1C88B56&0&18A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A2F103C&REV_10\4&1C88B56&0&18A4
Service: RTL8023xp
.
==== System Restore Points ===================
.
RP349: 7/31/2011 2:15:00 AM - System Checkpoint
RP350: 8/1/2011 2:21:59 AM - System Checkpoint
RP351: 8/2/2011 2:30:23 AM - System Checkpoint
RP352: 8/3/2011 2:52:18 AM - System Checkpoint
RP353: 8/4/2011 4:16:02 PM - System Checkpoint
RP354: 8/5/2011 7:23:12 PM - System Checkpoint
RP355: 8/6/2011 7:37:41 PM - System Checkpoint
RP356: 8/7/2011 8:14:17 PM - System Checkpoint
RP357: 8/8/2011 9:16:10 PM - System Checkpoint
RP358: 8/9/2011 11:04:25 PM - System Checkpoint
RP359: 8/10/2011 11:58:11 PM - System Checkpoint
RP360: 8/12/2011 12:58:29 AM - System Checkpoint
RP361: 8/13/2011 1:52:55 AM - System Checkpoint
RP362: 8/14/2011 3:37:40 AM - System Checkpoint
RP363: 8/15/2011 6:07:21 PM - System Checkpoint
RP364: 8/16/2011 6:32:32 PM - System Checkpoint
RP365: 8/17/2011 8:02:33 PM - System Checkpoint
RP366: 8/19/2011 1:31:18 AM - System Checkpoint
RP367: 8/20/2011 2:18:16 AM - System Checkpoint
RP368: 8/21/2011 3:41:51 PM - System Checkpoint
RP369: 8/22/2011 5:45:51 PM - System Checkpoint
RP370: 8/23/2011 6:08:59 PM - System Checkpoint
RP371: 8/24/2011 11:24:15 PM - System Checkpoint
RP372: 8/26/2011 10:27:47 AM - System Checkpoint
RP373: 8/27/2011 4:15:05 PM - System Checkpoint
RP374: 8/28/2011 7:12:57 PM - System Checkpoint
RP375: 8/29/2011 9:40:14 PM - System Checkpoint
RP376: 8/31/2011 12:28:35 AM - System Checkpoint
RP377: 9/1/2011 1:18:56 AM - System Checkpoint
RP378: 9/2/2011 1:26:05 AM - System Checkpoint
RP379: 9/3/2011 3:47:30 AM - System Checkpoint
RP380: 9/4/2011 1:22:50 AM - Installed ParetoLogic Data Recovery.
RP381: 9/5/2011 2:36:55 AM - System Checkpoint
RP382: 9/6/2011 5:16:39 AM - System Checkpoint
RP383: 9/7/2011 10:44:06 PM - System Checkpoint
RP384: 9/8/2011 11:12:40 PM - System Checkpoint
RP385: 9/9/2011 2:02:18 AM - Removed ParetoLogic Data Recovery.
RP386: 9/10/2011 5:04:55 PM - System Checkpoint
RP387: 9/11/2011 5:44:21 PM - System Checkpoint
RP388: 9/12/2011 6:26:30 PM - System Checkpoint
RP389: 9/13/2011 7:22:20 PM - System Checkpoint
RP390: 9/13/2011 7:56:15 PM - Installed iTunes
RP391: 9/14/2011 9:53:35 PM - System Checkpoint
RP392: 9/16/2011 5:03:22 AM - System Checkpoint
RP393: 9/19/2011 3:28:57 AM - System Checkpoint
RP394: 9/21/2011 11:47:06 PM - System Checkpoint
RP395: 9/23/2011 11:48:04 AM - System Checkpoint
RP396: 9/24/2011 5:57:36 PM - System Checkpoint
RP397: 9/25/2011 6:44:27 PM - System Checkpoint
RP398: 9/28/2011 4:35:10 PM - System Checkpoint
RP399: 9/29/2011 5:18:57 PM - System Checkpoint
RP400: 9/30/2011 6:12:50 PM - System Checkpoint
RP401: 10/2/2011 4:16:52 PM - System Checkpoint
RP402: 10/4/2011 4:54:14 PM - System Checkpoint
RP403: 10/5/2011 9:24:15 PM - System Checkpoint
RP404: 10/7/2011 5:10:34 PM - System Checkpoint
RP405: 10/9/2011 1:26:41 AM - System Checkpoint
RP406: 10/11/2011 6:31:52 AM - System Checkpoint
RP407: 10/12/2011 11:54:35 PM - System Checkpoint
RP408: 10/14/2011 12:08:24 AM - System Checkpoint
RP409: 10/15/2011 12:46:17 AM - System Checkpoint
RP410: 10/15/2011 7:11:16 PM - Removed Skype™ 5.5
RP411: 10/18/2011 3:55:19 AM - System Checkpoint
RP412: 10/19/2011 4:37:43 AM - Removed Ask Toolbar.
RP413: 10/19/2011 4:38:14 AM - Removed Apple Software Update
RP414: 10/19/2011 4:39:25 AM - Removed Apple Application Support
RP415: 10/19/2011 4:41:44 AM - Removed Apple Mobile Device Support
RP416: 10/19/2011 4:43:31 AM - Removed Bonjour
RP417: 10/19/2011 4:44:13 AM - Removed Click to Call with Skype
RP418: 10/19/2011 4:46:49 AM - Removed Creative MuVo V100
RP419: 10/19/2011 4:49:51 AM - Removed iTunes
RP420: 10/19/2011 5:03:48 AM - Installed Java(TM) 6 Update 29
RP421: 10/19/2011 5:15:47 AM - Installed AVG 2012
RP422: 10/19/2011 5:16:28 AM - Installed AVG 2012
RP423: 10/20/2011 3:20:09 PM - System Checkpoint
RP424: 10/21/2011 5:22:44 PM - System Checkpoint
RP425: 10/22/2011 5:50:20 PM - System Checkpoint
RP426: 10/23/2011 4:30:19 AM - Configured easy Internet sign-up
RP427: 10/23/2011 4:30:30 AM - Configured easy Internet sign-up
RP428: 10/23/2011 4:34:49 AM - Removed TourSetup
RP429: 10/24/2011 3:46:15 PM - System Checkpoint
RP430: 10/25/2011 8:00:13 PM - System Checkpoint
RP431: 10/26/2011 8:54:50 PM - System Checkpoint
RP432: 10/27/2011 9:52:45 PM - System Checkpoint
.
==== Installed Programs ======================
.
123 Free Solitaire 2009 v7.2
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
ATI Control Panel
ATI Display Driver
AudibleManager
AVG 2012
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
BufferChm
CameraDrivers
CameraUserGuides
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Destinations
DeviceFunctionQFolder
Digital Photo Navigator 1.5
DocProc
DocumentViewer
Enhanced Multimedia Keyboard Solution
Fax
Fax_CDA
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 3900 series
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Image Zone Express
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
HPDeskjet3900Series
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InterActual Player
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 29
LightScribe 1.4.84.1
M8 Free Clipboard
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.18)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Netflix Movie Viewer
NewCopy
NewCopy_CDA
OptionalContentQFolder
PanoStandAlone
PhotoGallery
Player Recovery Drivers
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
PSPrinters08
PSTAPlugin
Quicken 2006
QuickTime
RandMap
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody
Rhapsody Player Engine
Scan
ScannerCopy
Search Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Switch Sound File Converter
Toolbox
TrayApp
Unload
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoPad Video Editor
WavePad Sound Editor
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
XtR Call Mynah
Yahoo! BrowserPlus 2.9.8
ZoneAlarm
ZoomTown Software
.
==== Event Viewer Messages From Past Week ========
.
10/28/2011 4:02:03 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/24/2011 11:50:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/22/2011 3:25:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
10/22/2011 3:25:18 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Addition (2nd DDS file)

DDS (file 2):

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by HP_Administrator at 5:40:09 on 2011-10-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.120 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled*
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MemoryTriUtils] c:\windows\diskperfm.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
StartupFolder: c:\docume~1\hp_adm~1.you\startm~1\programs\startup\freeclip.lnk - c:\program files\freeclip\FreeClip.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
dPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: cnet.com\download
Trusted Zone: live.com\login
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{42E285A1-86B6-446A-8B82-D7EFFE1BF2E3} : DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\mozilla\firefox\profiles\dry9b2fu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-20 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-20 394952]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-9 14336]
.
=============== Created Last 30 ================
.
2011-10-27 22:00:00 -------- d-----w- c:\program files\common files\PARETOLOGIC
2011-10-23 10:28:38 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-22 21:08:15 -------- d-----w- c:\program files\CCleaner
2011-10-19 09:51:31 -------- d--h--w- C:\$AVG
2011-10-19 09:18:28 -------- d-----w- c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\AVG2012
2011-10-19 09:16:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-19 09:16:47 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-10-19 09:15:48 -------- d-----w- c:\program files\AVG
2011-10-19 09:02:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-10-19 09:01:40 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-13 05:15:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 5:41:14.94 ===============
 
I am so sorry! Looks like your thread got missed. If you still need help:

You should sort this out:
AV: AVG Anti-Virus Free Edition 2012
FW: Norton Internet Worm Protection
FW: ZoneAlarm Firewall
You should have one antivirus, one firewall and two or more antimalware programs. This shows 2 firewalls> as far as I know, the Norton Worm Protection is a part of one of the Norton Suites. If you formerly used Norton and now prefer AVG and Zone Alarm, you should remove Norton:

Norton Removal Tool
=============================================
I'd like you to run Combofix. It will not run with AVG on the system, so that will need to be removed temporarily:
Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================
Then run this online virus scan:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================================
Please leave logs in yur next reply:
============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please tell me how much RAM is installed,
 
ComboFix 11-10-30.04 - HP_Administrator 11/01/2011 0:30.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.545 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Windows Server
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~WRL0004.tmp
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~WRL3780.tmp
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\WINDOWS
C:\feed.txt
c:\program files\iexplore.exe
c:\program files\iexplore.exe\changes.rtf
c:\program files\iexplore.exe\Languages\arabic.lng
c:\program files\iexplore.exe\Languages\belarusian.lng
c:\program files\iexplore.exe\Languages\bosnian.lng
c:\program files\iexplore.exe\Languages\bulgarian.lng
c:\program files\iexplore.exe\Languages\catalan.lng
c:\program files\iexplore.exe\Languages\chineseSI.lng
c:\program files\iexplore.exe\Languages\chineseTR.lng
c:\program files\iexplore.exe\Languages\croatian.lng
c:\program files\iexplore.exe\Languages\czech.lng
c:\program files\iexplore.exe\Languages\danish.lng
c:\program files\iexplore.exe\Languages\dutch.lng
c:\program files\iexplore.exe\Languages\english.lng
c:\program files\iexplore.exe\Languages\estonian.lng
c:\program files\iexplore.exe\Languages\finnish.lng
c:\program files\iexplore.exe\Languages\french.lng
c:\program files\iexplore.exe\Languages\german.lng
c:\program files\iexplore.exe\Languages\greek.lng
c:\program files\iexplore.exe\Languages\hebrew.lng
c:\program files\iexplore.exe\Languages\hungarian.lng
c:\program files\iexplore.exe\Languages\italian.lng
c:\program files\iexplore.exe\Languages\korean.lng
c:\program files\iexplore.exe\Languages\latvian.lng
c:\program files\iexplore.exe\Languages\lithuanian.lng
c:\program files\iexplore.exe\Languages\macedonian.lng
c:\program files\iexplore.exe\Languages\norwegian.lng
c:\program files\iexplore.exe\Languages\polish.lng
c:\program files\iexplore.exe\Languages\portugueseBR.lng
c:\program files\iexplore.exe\Languages\portuguesePT.lng
c:\program files\iexplore.exe\Languages\romanian.lng
c:\program files\iexplore.exe\Languages\russian.lng
c:\program files\iexplore.exe\Languages\serbian.lng
c:\program files\iexplore.exe\Languages\slovak.lng
c:\program files\iexplore.exe\Languages\slovenian.lng
c:\program files\iexplore.exe\Languages\spanish.lng
c:\program files\iexplore.exe\Languages\swedish.lng
c:\program files\iexplore.exe\Languages\thai.lng
c:\program files\iexplore.exe\Languages\turkish.lng
c:\program files\iexplore.exe\Languages\vietnamese.lng
c:\program files\iexplore.exe\license.txt
c:\program files\iexplore.exe\mbam.chm
c:\program files\iexplore.exe\mbam.dll
c:\program files\iexplore.exe\mbam.exe
c:\program files\iexplore.exe\mbamcore.dll
c:\program files\iexplore.exe\mbamext.dll
c:\program files\iexplore.exe\mbamgui.exe
c:\program files\iexplore.exe\mbamnet.dll
c:\program files\iexplore.exe\mbamservice.exe
c:\program files\iexplore.exe\ssubtmr6.dll
c:\program files\iexplore.exe\unins000.dat
c:\program files\iexplore.exe\unins000.exe
c:\program files\iexplore.exe\unins000.msg
c:\program files\iexplore.exe\vbalsgrid6.ocx
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-10-27 22:00 . 2011-10-27 22:00 -------- d-----w- c:\program files\Common Files\PARETOLOGIC
2011-10-23 10:28 . 2011-10-23 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-21 09:50 . 2011-10-21 09:50 -------- d-----w- c:\documents and settings\Guest\Application Data\TreeCardGames
2011-10-21 09:41 . 2011-10-21 09:41 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2011-10-21 09:38 . 2011-10-21 09:38 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\PCM4Everio
2011-10-19 09:18 . 2011-10-19 09:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AVG2012
2011-10-19 09:15 . 2011-10-19 09:15 -------- d-----w- c:\program files\AVG
2011-10-19 09:02 . 2011-10-19 09:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 08:22 . 2011-07-14 04:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2010-04-22 04:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2009-04-07 10:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-31 21:00 . 2011-06-26 08:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-02-09 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2008-02-09 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2008-02-09 237568]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"MemoryTriUtils"="c:\windows\diskperfm.exe" [2010-06-07 798208]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-12 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctODExNDExMTEzLVNUMTJPSSsxLUREVCswLVNUMTJGT0krMS1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1834&mid=469840422c3347d1a575d15de343130f-218616fb37bc7bae132b03a125dbf2c144580abf" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-24 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2008-02-09 05:49 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-02-09 05:49 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-11 18:22 136176 ----atw- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-02-09 05:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2008-02-09 05:49 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-17 21:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\HP_Administrator.YOUR-4DACD0EA75\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/9/2004 5:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:41]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:41]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282268600-130989073-1562966170-1008Core.job
- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-29 18:22]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282268600-130989073-1562966170-1008UA.job
- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-29 18:22]
.
2011-11-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4282268600-130989073-1562966170-501.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-10-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4282268600-130989073-1562966170-501.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-10-14 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-07-19 05:43]
.
2011-10-14 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-07-16 01:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: cnet.com\download
Trusted Zone: live.com\login
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\dry9b2fu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-RunOnce-AvgRemover - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\Content.IE5\558QXIAC\avg_remover_stf_x86_2012_1796[1].exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\iexplore.exe\unins000.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-01 00:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
.
Completion time: 2011-11-01 00:43:38
ComboFix-quarantined-files.txt 2011-11-01 04:43
ComboFix2.txt 2010-04-24 17:26
.
Pre-Run: 106,050,031,616 bytes free
Post-Run: 106,607,808,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 61A2904E19384D83F40F4B59D68A7563




There is 960 MB of RAM


ESET log will be posted next.
 
ESET will not comlete scan after several attempts. I get an "unexpected error 2002" I deleted Zonealarm but that did not help.

Iexplore is still using over 180 MB

I downloaded ESET NOD 32 antivirus and will scan using this. Would this be good enough? I am not sure why The ESETonline scan keeps stopping.
 
ESET NOD32 complete scan found 2 infected files:

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir - Win32/Toolbar.Zugo

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP436\A0058625.dll - Win32/Toolbar.Zugo

iexplore.exe is still using over 180 MB.... I don't know if this is normal.

The only new download was the ESET antivirus and that was because the other ESET would not load.

Thanks for your help.
 
This is the log of the entire ESET scan:

Edit: Excess Eset content deleted and duplicate entries found also in next post have been deleted by Bobbye
 
The link I left for Eset takes you to this page: http://go.eset.com/us/online-scanner. If you click on the Free Online Scanner on the left and are using Internet Explorer, it should load without problem. If you are using a different browser, after you click the link, a screen will come up for you to load the Smart Installer. Once done, the scan should run.

Holding down the Ctrl key while clicking on the link does the same thing.

This online scan is free. The Eset Nod32 AV is not free- there may be a trial period, but following that, a license.purchase is required.
--------------------------------------
But there are no new, active entries in the log. Qoobox is where Combofix send quarantined files and System Volume is where Restore Points are kept. (we will remove old restore points and create new clean one when finished.)
======================================
You have of tasks set in the Task Scheduler. You also have a large number of auto-updates running. Each of these will contact the internet regularly, sometime multiple times every day through the browser. So I would suggest you stop the tasks and the updates as follows:
========================================
Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

Scheduled Tasks
Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To change the settings for a task: right-click the Task> click Properties> do any of the following:
  1. To change the schedule for the task, click the Schedule tab.
  2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
  3. To delete a task> right-click the task> click Delete.
    Remove these Scheduled Tasks:
    2011-11-01 c:\windows\Tasks\RealUpgradeLogonTaskS
    2011-11-01 c:\windows\Tasks\RealUpgradeLogonTaskS
    2011-11-01 c:\windows\Tasks\RealUpgradeScheduledTaskS
    2011-10-30 c:\windows\Tasks\RealUpgradeScheduledTaskS
    2011-10-14 c:\windows\Tasks\videopadShakeIcon>> NCH Software\VideoPad
    2011-10-14 c:\windows\Tasks\wavepadShakeIcon>> NCH Swift Sound\WavePad.
    Click to expand...
  4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.

There are also 4 tasks for Google updates. How often does a toolbar update? This one is tricky- it can be stopped, but unless all the auto-entries are removed, it will put itself back.
====================================================
These processes are running: Some are auto-updates, others are processes that started on boot then continued to run in the background: None need to start on boot.
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Click to expand...
------------------------------------
"MemoryTriUtils"="c:\windows\diskperfm.exe>> System optimizers such as this are executable files that start on boot, run in the background. If you do some research, you will find that most use more resources than they are worth.
------------------------------------
Next time you get the popup that you are using too much memory:
Right click on Taskbar> Task Manager Processes tab> Double click on top frame of the memory column:
Give me the image names of the top 6 processes in the memory column.
Look on the lower left and see how many processes are running.

Let me know both.

Please go on to next reply.
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
Folder::
c:\program files\Common Files\PARETOLOGIC
DDS:
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [MemoryTriUtils] c:\windows\diskperfm.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================================
I recommend taking both of these domains out of the Trusted Zone. Nothing needs to be in that zone. The security is lower than in the Internet Zone and therefore a risk to the system:

Click on the Control Panel> Internet Options> Security tab> Trusted sites> Sites> highlight and remove both of the following:
Trusted Zone: cnet.com\download
Trusted Zone: live.com\login

The irony of putting any domains in the Trusted Zone is that it accomplishes nothing for the user- but it allows the zones to bypass the higher security of the internet and send promotional and even spam.
=================================
Note: When you uninstall a program, you should use Windows Explorer to access My Computer> Double click on Local Drive(C)> Programs> right click> Delete the program folder>>

Do this for PARETOLOGIC which you uninstalled.
 
I'm sorry this is taking me so long. I will be submitting the information you requested soon. thanks for your patience. I have health problems and have a lot of Dr. appointments.
 
Here is the log fro CFScript that you requested:

ComboFix 11-11-03.05 - HP_Administrator 11/03/2011 20:25:45.11.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.559 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-03 21:54 . 2011-11-03 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-03 21:15 . 2011-11-03 21:15 -------- d-----w- c:\program files\ESET
2011-11-03 09:23 . 2011-11-03 09:23 -------- d-----w- c:\windows\system32\wbem\mof\bad
2011-11-02 00:35 . 2011-11-02 00:35 -------- d-----w- c:\program files\AVAST Software
2011-11-01 23:41 . 2011-11-01 23:41 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-01 10:43 . 2011-11-01 10:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-11-01 07:52 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-11-01 07:50 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-23 10:28 . 2011-11-03 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-21 09:50 . 2011-10-21 09:50 -------- d-----w- c:\documents and settings\Guest\Application Data\TreeCardGames
2011-10-21 09:41 . 2011-10-21 09:41 -------- d-----w- c:\documents and settings\Guest\PrivacIE
2011-10-19 09:18 . 2011-10-19 09:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AVG2012
2011-10-19 09:02 . 2011-10-19 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 08:22 . 2011-07-14 04:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 09:06 . 2010-04-22 04:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2009-04-07 10:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-09 21:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-09 21:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-09 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-09 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2011-06-26 08:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-09 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-09 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-09 21:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-09 21:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-02-09 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2008-02-09 237568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-12 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-24 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2008-02-09 05:49 90112 ----a-w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2008-02-09 05:49 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-02-09 05:49 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-11 18:22 136176 ----atw- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-02-09 05:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2008-02-09 05:49 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-17 21:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-12 04:59 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\HP_Administrator.YOUR-4DACD0EA75\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 1:41 AM 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/9/2004 5:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4282268600-130989073-1562966170-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\dry9b2fu.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 20:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-03 20:32:49
ComboFix-quarantined-files.txt 2011-11-04 00:32
ComboFix2.txt 2011-11-04 00:06
ComboFix3.txt 2011-11-01 04:43
ComboFix4.txt 2010-04-24 17:26
.
Pre-Run: 104,967,720,960 bytes free
Post-Run: 104,949,829,632 bytes free
.
- - End Of File - - 0E15B63485F2C5BDA4A5B58E82D54C58
 
Also, I removed all websites from the trusted zone per your advice.

I tried to download ESET using google chrome browser. IE 8 didn't seem to be working properly after several attempts, ESET would not run. It would make it to the "initialization" part of downloading virus signature database, but then would stop and an error would emerge stating "Unexpected error2002". Now the same thing happens with Google chrome so I assume it is not a browser issue.


So I cannot run the ESET scan. I have tried over 20 times to run this and for whatever reason, it will not run. I have no idea what the problem is with ESET. I am sorry for this. I know it must be an important step to the troubleshooting problem.


I deleted all of the tasks that you requested I delete.


I removed the startup programs from the startup tray that you said were not needed.


I deleted all of the google taskbar updates.


I installed Avast and ran a virus scan which returned no threat results. I uninstalled avast. I will need to reinstall AVG before I will get a popup window stating that IE is using too much Memory. I will send that next.


Now the problems I have now are:


Slow connections (sometimes, not always)


Hiccups, or stopping of information if I use facebook. (lockup of computer function)


All of the problems are when I use the internet. I haven't experienced any trouble offline whatsoever.

Paretologic is not in view in the programs folder. When I did a search for paretologic it does come up in the search. When I attempt to delete it, a new window pops up and states "cannot delete file: Cannot read from the source file or disk". This was done "before" I ran the last combofix scan and CFScript log.

Videos stop loading at a point, downloads stop downloading at a point, Facebook stops allowing messages at a point. it is like any internet activity will lock up often and then I have to close the page and reopen it to get it to function correctly. The after a while, it will lock up again, if it loads in the beginning.

Also after boot up, the internet is connected but it takes a long time for any internet pages to load. It just says unable to connect.

I have internet and the connection is extremely strong.

That is all I can think of right now.
 
FYI: I did run ESET on my father's computer (which is on the same internet network; also xp) and it ran fine. So there is something wrong with my computer.
 
I repeatedly attempted to load ESET and after about 10 tries, it is now scanning.

Possible important information: I checked in task manager to see why the scan was occurring so slow. No other processes were taking any CPU and the scan was using approximately 98% of CPU usage according to the task manager window. Yet the scan was excruciatingly slow.

There were many notes of programs using memory but no appreciable CPU usage. I thought this quite odd.

Ok. The ESET scan just completed after 3 hours. No infected files were found. So I have no log to paste here.
 
Listed are the top 10 processes running ( in task manager and in order ) when my computer locked up while watching a video online tonight. CPU usage was all zero for these processes when I checked.

Process ............... Memory (K)

1. hpqtra08.exe ............... 8448
2. svchost.exe .................. 3508
3. realsched.exe ................... 716
4. ctfmon.exe .................. 3316
5. explorer.exe .................. 22988
6. ati2evxx.exe ................ 3268
7. wscntfy.exe ................... 2408
8. wuauclt.exe .................. 4328
9. iexplore.exe ................... 120492
10. hpqste08.exe .................... 14984
 
Update: Possibly fixed

I eventually was reading about an AVG product called AVG PC tuneup. This was a free one time scan. It found approx. 1500 issues and I selected to fix these issues.

I have had no problems at all since then. downloads are working, videos are loading fine. Startup is quick and no websites or applications seem to be locking up.

I put antivirus and firewall back on and still no issues.

I am not 100% sure this problem is fixed or why but I wanted to give an update and possibly you could explain to me what the problem may have been. I know nothing about registry files and errors, but I suspect this could have been the problem?

If I have any other issues I will post here as soon as I can. If this did fix the problem, I very much appreciate your help. I know that if the problem would have persisted that you would have eventually helped me to find and eliminate the problem.
 
Since you have run your own scan and removed processes, this will invalidate the results from previous logs. Since it appears that the problems have been resolved, you can remove the cleaning tools and I will close the thread:

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Status
Not open for further replies.

Similar threads

A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
399
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back