Sign in to follow this  
Followers 0
DRC

Iexplorer is hijacked?

17 posts in this topic

I have Iexplorer 8.0 and it's terribly slow. Bringing up a video takes forever. I have scanned with AVG Internet Security 2012 and ran the Malwarebytes Anti-malware but still have the problem.

Used OTL and Mbam log.

Need help...................

-------------------------------------------

OTL Log:

OTL logfile created on: 3/22/2012 3:20:20 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dave\My Documents\SPAM STUFF\OTL

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.60% Memory free

3.85 Gb Paging File | 3.39 Gb Available in Paging File | 87.97% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 672.17 Gb Free Space | 72.16% Space Free | Partition Type: NTFS

Drive J: | 232.88 Gb Total Space | 59.67 Gb Free Space | 25.62% Space Free | Partition Type: NTFS

Drive K: | 475.74 Mb Total Space | 129.32 Mb Free Space | 27.18% Space Free | Partition Type: FAT

Computer Name: HOME-D6C0DF61A2 | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG Secure Search\vprot.exe ()

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()

PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)

PRC - C:\Documents and Settings\Dave\My Documents\SPAM STUFF\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)

PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)

PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)

PRC - C:\WINDOWS\system32\Ofps.exe ()

PRC - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()

MOD - C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ()

MOD - C:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()

MOD - C:\WINDOWS\CTXFIRES.DLL ()

MOD - C:\WINDOWS\system32\Ofps.exe ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()

SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)

SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)

SRV - (syncagentsrv) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (OmniForm Printer) -- C:\WINDOWS\system32\Ofps.exe ()

========== Driver Services (SafeList) ==========

DRV - (fltsrv) -- C:\WINDOWS\system32\DRIVERS\fltsrv.sys (Acronis)

DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)

DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)

DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)

DRV - (vididr) -- C:\WINDOWS\system32\DRIVERS\vididr.sys (Acronis)

DRV - (vidsflt61) Acronis Disk Storage Filter (61) -- C:\WINDOWS\system32\DRIVERS\vsflt61.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)

DRV - (mv614x) -- C:\WINDOWS\system32\DRIVERS\mv614x.sys ()

DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/04/10 18:56:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/20 16:28:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/16 13:54:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/10/17 09:55:14 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://acronis.webex.com/client/T27LD/support/ieatgpc.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD82113C-E5EA-4D44-A05A-7062F6C9E6EE}: DhcpNameServer = 172.16.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/03/21 18:13:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/04/24 10:44:04 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 16:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012

[2012/03/20 16:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\AVG2012

[2012/03/20 16:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2012/03/12 13:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\#1

[2012/02/25 18:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Malwarebytes

[2012/02/25 18:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/02/21 17:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Eltima Software

[2012/02/21 17:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Eltima Software

[2012/02/21 17:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Eltima Software

[2005/08/07 15:13:46 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2005/08/07 14:52:08 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

[1998/12/08 19:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL

[1998/12/08 19:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL

[1998/12/08 19:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL

[1998/12/08 19:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL

[1998/12/08 19:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL

[1998/12/08 19:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/22 09:13:25 | 092,425,518 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/03/22 09:12:53 | 000,287,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/03/21 21:05:50 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx

[2012/03/21 21:05:50 | 000,055,164 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx

[2012/03/21 21:05:50 | 000,055,164 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx

[2012/03/21 21:05:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2012/03/21 21:05:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2012/03/21 20:27:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/21 20:26:58 | 000,067,863 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml

[2012/03/21 20:26:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/20 16:28:21 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/03/20 11:58:41 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/20 11:58:41 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/20 11:12:52 | 089,227,264 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\turbotaxdeluxe.exe

[2012/03/20 09:15:21 | 000,623,087 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm

[2012/03/19 15:56:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/02/27 14:28:35 | 000,032,865 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\snopes.htm

[2012/02/22 11:06:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012/02/22 10:53:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/02/21 17:20:36 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\SWF & FLV Player.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/20 16:28:21 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/03/20 11:08:02 | 089,227,264 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\turbotaxdeluxe.exe

[2012/02/27 14:28:35 | 000,032,865 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\snopes.htm

[2012/02/21 17:20:36 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\SWF & FLV Player.lnk

[2012/01/03 15:15:56 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI

[2011/08/01 08:04:04 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe

[2011/07/30 18:13:31 | 000,284,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/04/11 15:29:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011/04/09 11:24:56 | 000,110,387 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2011/04/09 11:24:17 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2011/03/29 13:42:56 | 000,000,201 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2011/03/29 13:42:12 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll

[2011/03/29 13:42:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll

[2011/03/29 13:40:54 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2011/03/29 13:40:54 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin

[2011/03/29 13:40:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2011/03/29 13:39:24 | 000,000,198 | ---- | C] () -- C:\WINDOWS\EPSON 2400 Installer.ini

[2011/03/29 09:00:22 | 000,102,859 | ---- | C] () -- C:\WINDOWS\HPFins09.dat

[2011/03/29 09:00:22 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat

[2011/03/28 16:03:35 | 000,102,833 | ---- | C] () -- C:\WINDOWS\HPFins09.dat.temp

[2011/03/28 16:03:35 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat.temp

[2011/03/28 15:58:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2011/03/26 12:02:00 | 000,000,301 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2011/03/26 11:23:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/03/26 11:23:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2011/03/26 11:23:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2011/03/23 09:53:05 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/22 11:46:52 | 000,068,135 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2011/03/22 11:46:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2011/03/22 11:46:52 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2011/03/22 10:16:40 | 000,034,432 | R--- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys

[2011/03/22 10:11:07 | 000,019,701 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011/03/22 10:11:04 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2011/03/22 10:10:58 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2011/03/21 18:14:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/03/21 18:10:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/03/21 09:22:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/03/21 09:21:28 | 000,387,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2006/07/12 14:19:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/07/12 14:19:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2006/07/12 14:19:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/07/12 14:19:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2006/07/12 14:19:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/07/12 14:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/07/12 14:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/07/12 14:19:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2006/07/12 14:19:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2006/07/12 14:19:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/07/12 14:19:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/02/28 05:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/02/28 05:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006/02/28 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/08/07 15:19:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL

[2005/08/07 15:10:20 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2005/08/07 14:58:10 | 000,366,041 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2005/08/07 14:54:16 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE

[2005/08/07 14:54:10 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT

[2005/08/07 14:52:32 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT

[2005/08/07 14:52:26 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2005/08/07 14:52:26 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2005/08/07 14:52:10 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2005/08/07 14:52:10 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2005/06/07 06:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

[2003/03/21 02:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2001/10/17 18:29:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Ofps.exe

[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2012/01/02 13:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2011/04/12 09:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery

[2012/03/12 11:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/09/07 11:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2012/03/20 16:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2011/03/22 11:05:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/04/14 15:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave

[2012/03/22 15:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/10/12 10:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark

[2011/03/26 11:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2011/03/29 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2011/03/29 14:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2012/01/02 13:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Acronis

[2011/12/11 10:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVG Secure Search

[2012/03/20 16:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\AVG2012

[2012/02/21 17:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\Eltima Software

[2011/03/30 15:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\EPSON

[2011/08/01 08:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dave\Application Data\SoftMaker

========== Purity Check ==========

< End of report >

--------------------------------------------

OTL Extra:

OTL Extras logfile created on: 3/22/2012 3:20:20 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dave\My Documents\SPAM STUFF\OTL

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.60% Memory free

3.85 Gb Paging File | 3.39 Gb Available in Paging File | 87.97% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 672.17 Gb Free Space | 72.16% Space Free | Partition Type: NTFS

Drive J: | 232.88 Gb Total Space | 59.67 Gb Free Space | 25.62% Space Free | Partition Type: NTFS

Drive K: | 475.74 Mb Total Space | 129.32 Mb Free Space | 27.18% Space Free | Partition Type: FAT

Computer Name: HOME-D6C0DF61A2 | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{0E794924-17AC-4565-96C7-960D40F8B61E}" = TurboTax 2010 wcoiper

"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2186F2E0-7023-453B-B604-0F13C72AFF37}" = Acronis True Image Home 2012

"{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible" = Acronis True Image Home 2012

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 30

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper

"{89DD6626-F35B-4989-9703-699E75129D0E}" = OmniForm 5.0

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility

"{C02E178A-52FA-3266-E945-BE38D3171033}" = Nero 7 Ultra Edition

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4830EE9-E795-4CCA-AA7A-612A4E565977}" = SnapAPI

"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012

"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb

"{EDF1085A-73FF-4B3B-8726-2A403D400E48}" = DesignPro 5.0 Media Edition

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007

"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"ATT-PRT22" = ATT-PRT22

"AVG" = AVG 2012

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt

"EPSON Photo Print" = EPSON Photo Print

"GoldWave v5.58" = GoldWave v5.58

"ie8" = Windows Internet Explorer 8

"InstallShield_{EDF1085A-73FF-4B3B-8726-2A403D400E48}" = DesignPro 5.0 Media Edition

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"Silent Package Run-Time Sample" = EPSON Scanner Reference Guide

"SpeedFan" = SpeedFan (remove only)

"SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)

"SysInfo" = Creative System Information

"TextMaker Viewer" = TextMaker Viewer

"Totalcmd" = Total Commander (Remove or Repair)

"TurboTax 2010" = TurboTax 2010

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/17/2011 6:39:28 PM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2011 6:54:57 PM | Computer Name = HOME-D6C0DF61A2 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.18928, fault address 0x000ec345.

Error - 7/27/2011 6:40:42 PM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2011 10:56:25 AM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2011 10:57:40 AM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2011 10:59:30 AM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/2/2011 7:50:26 PM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/2/2011 7:51:24 PM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/2/2011 7:53:22 PM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2011 2:47:18 PM | Computer Name = HOME-D6C0DF61A2 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 3/17/2012 12:06:43 PM | Computer Name = HOME-D6C0DF61A2 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 172.16.1.35 on

the Network Card with network address 001731D66D0F.

Error - 3/17/2012 1:33:06 PM | Computer Name = HOME-D6C0DF61A2 | Source = BROWSER | ID = 8032

Description = The browser service has failed to retrieve the backup list too many

times on transport \Device\NetBT_Tcpip_{CD82113C-E5EA-4D44-A05A-7062F6C9E6EE}. The

backup browser is stopping.

Error - 3/18/2012 12:36:54 PM | Computer Name = HOME-D6C0DF61A2 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 172.16.1.35 on

the Network Card with network address 001731D66D0F.

Error - 3/19/2012 12:13:17 PM | Computer Name = HOME-D6C0DF61A2 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 172.16.1.35 on

the Network Card with network address 001731D66D0F.

Error - 3/19/2012 6:18:46 PM | Computer Name = HOME-D6C0DF61A2 | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk4\D.

Error - 3/20/2012 12:11:32 PM | Computer Name = HOME-D6C0DF61A2 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 172.16.1.35 on

the Network Card with network address 001731D66D0F.

Error - 3/20/2012 7:31:44 PM | Computer Name = HOME-D6C0DF61A2 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 3/21/2012 11:57:19 AM | Computer Name = HOME-D6C0DF61A2 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 172.16.1.35 on

the Network Card with network address 001731D66D0F.

Error - 3/21/2012 11:20:09 PM | Computer Name = HOME-D6C0DF61A2 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 172.16.1.35 on

the Network Card with network address 001731D66D0F.

Error - 3/22/2012 12:09:40 PM | Computer Name = HOME-D6C0DF61A2 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 172.16.1.35 on

the Network Card with network address 001731D66D0F.

< End of report >

-----------------------------------------------------

Mbam Log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.23.02

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

Dave :: HOME-D6C0DF61A2 [administrator]

3/23/2012 10:28:58 AM

mbam-log-2012-03-23 (10-28-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194525

Time elapsed: 12 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Dave\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

-----------------------------------------------

Any help would be appreciated!!!!

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif Logs will be closed if you haven't replied within 3 days

Windows XP Professional Edition Service Pack 2

You should be XP SP3

You need to apply Service Pack 3 for Windows XP. Without this update, you're wide open to re-infection. Click here:

Apply the update, reboot, and let me know how it's running.

Share this post


Link to post
Share on other sites

Larry....

Thanks for the advise but I tried SP3 about 4 times (around 6 months, then 9, 12 and 14 months after it was released and it totally screws up my computer. Ran super slow and other weird stuff). It's been over a year now since I've crossed that off my list.

Tell me truthfully, have they worked out all the bugs yet? I'd hate to waste the hours it takes to install then uninstall if nothing has been done to solve the problems I was having.

Give me your honest opinion.

Thanks again,

Dave

Share this post


Link to post
Share on other sites

I've never had issues with XP3 myself.

If you're running a outdated and unsupported OS version you're asking for trouble.

We can see what we can do as is but I highly suggest you update to XP3.

First thing I'd do is uninstall IE8.

Remove IE8

http://support.microsoft.com/kb/957700

I suggest you do this:

Uninstall Internet Explorer 8 to return to Internet Explorer 7 on Windows XP

Click "Start," and then click "Control Panel."

Click "Add or Remove Programs."

Check "Show Updates" at the top of the dialog box.

Scroll down the list and highlight the version of Internet Explorer 8 that you are running, and then click "Change/Remove."

Let me know how it's running after that.

This support number should still be good.

Issues with getting Windows Updates.

This is a free service and toll-free call.

1-866-PCSAFETY

or

1-866-727-2338

It is available 24 hours a day for the U.S. and Canada.

For support outside the United States and Canada, please contact your Microsoft Help and Support worldwide. Go to this page and choose your region from the box in the upper right corner: http://support.microsoft.com/?pr=SecurityHome

Share this post


Link to post
Share on other sites

No ILLEGAL XP-PRO here. Bought and paid for.

I'm teetering on whether or not to try SP3 again. I know there's a lot of security built into this update and that's fine with me. I'm going to do a complete back-up with my Acronis then try SP3.

I'm right in the middle of doing my taxes with TurboTax so I'll post back in a day or two and let you know whether we continue with iE8 and SP3 or work with iE7.

Thanks for your time.

Share this post


Link to post
Share on other sites

I did my taxes last Saturday.

Bad mood the rest of the weekend.

Hope you do better then I did.

Post back when you can.

Share this post


Link to post
Share on other sites

Computer doesn't like PS3. I'm going to try and eliminate my 2nd drive and try PS3 one more time. If it works, then I can always dump the info from my 2nd drive to a good drive checkec by 3 days of Spinrite and put it back after the PS3 and original hard drive(hopefully) works.

I'll post again as soon as I can!

Share this post


Link to post
Share on other sites

Finally!!!!!

Eliminated 2nd drive. PS3 now up and running.

What's next?

Share this post


Link to post
Share on other sites

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

Right now iExplorer is definitely NO faster than before. Maybe even more lethargic. I really can't say as I haven't had a chance to use it that much.

Speakeasy speed test reads 2.57mbps download speeds. http://www.speakeasy.net/speedtest/

The computer loads windows at the same speed and nothing crashes, so I guess that's good.

Hopefully you have a bag of tricks up your sleeve to re-energize iExplorer or can get some hint of something from the MBAM log.

Thanks again for your patience and help.

--------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Dave :: HOME-D6C0DF61A2 [administrator]

Protection: Enabled

4/10/2012 12:02:18 PM

mbam-log-2012-04-10 (12-02-18).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 320502

Time elapsed: 1 hour(s), 15 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Tell you the truth, I'm having the same issues with IE8.

My DSL speed test are the same as yours, almost 3 which is AT&T's max.

I've turned off all add-ons and that hasn't made any difference.

I haven't found an answer yet but when I do, I'll post back.

Share this post


Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Something BAD happened. I ran ComboFix and some how was not able to boot to windows (in reg or safe mod) nor would the latest working registry restore point. I screwed with it for about an hour then decided to restore the backup.

So right now I'm at SP2 and a slow IE 8. Will scan and run MBAM tomorrow. If it looks good I'll put PS3 back on.

Then I'll post.

Npt sure what happened.....

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.