Author Topic: Missing rundll32.exe and other annoyances (Read 7390 times)

jannetie · « **Reply #20 on:** June 12, 2011, 03:21:34 AM »

[quote name='guestolo' timestamp='1307810974' post='479757']
Can I have you run a few more tools and post some extra logs

Please do the following:

4. Download and save to Desktop [color="#0000ff"]ESET Online Scanner[/color][/url]
Double click on esetsmartinstaller_enu.exe
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Keep me informed how things are running please
[/quote]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=faa2e5b58929d34abcb1d34ea82b13e7
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-12 08:11:42
# local_time=2011-06-12 04:11:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 445145 445145 0 0
# compatibility_mode=768 16777215 100 0 99785171 99785171 0 0
# compatibility_mode=1026 16777214 0 2 43939355 43939355 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=320134
# found=4
# cleaned=4
# scan_time=9940
D:\I386\Apps\APP15894\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\I386\Apps\APP15894\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP814\A0143480.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP814\A0143481.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

guestolo · « **Reply #21 on:** June 12, 2011, 08:37:24 AM »

Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

Since you have Malwarebytes AntiMalware installed
Can you Open it, Check for Updates
After updating, run a Quick Scan
If anything is found, can remove all selected
Reboot if required
Post the log from the scan please

In addition:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.

jannetie · « **Reply #22 on:** June 12, 2011, 07:54:33 PM »

[quote name='guestolo' timestamp='1307885844' post='479771']
Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

Since you have Malwarebytes AntiMalware installed
Can you Open it, Check for Updates
After updating, run a Quick Scan
If anything is found, can remove all selected
Reboot if required
Post the log from the scan please

In addition:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
[/quote]

No, not experiencing any problems, thanks. Haven't reinstalled AVG; was waiting until you gave the go-ahead. And even then I think I'll try the download rather than the CD reinstall. Will run the MBAM andaswMBR now. Again, thanks for your help!

jannetie · « **Reply #23 on:** June 13, 2011, 01:32:04 AM »

[quote name='guestolo' timestamp='1307885844' post='479771']
Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

Since you have Malwarebytes AntiMalware installed
Can you Open it, Check for Updates
After updating, run a Quick Scan
If anything is found, can remove all selected
Reboot if required
Post the log from the scan please

In addition:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
[/quote]

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6845

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2011 2:26:33 AM
mbam-log-2011-06-13 (02-26-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 457077
Time elapsed: 2 hour(s), 22 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\SAIX.InstallerCaller (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\SAIX.InstallerCaller.1 (Adware.180Solutions) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jannetie · « **Reply #24 on:** June 13, 2011, 01:39:20 AM »

[quote name='guestolo' timestamp='1307885844' post='479771']
Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

In addition:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
[/quote]

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-13 02:36:10
-----------------------------
02:36:10.624 OS Version: Windows 5.1.2600 Service Pack 3
02:36:10.624 Number of processors: 1 586 0x2F02
02:36:10.624 ComputerName: YOUR-55E5F9E3D2 UserName:
02:36:13.203 Initialize success
02:36:31.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:36:31.734 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
02:36:33.765 Disk 0 MBR read successfully
02:36:33.765 Disk 0 MBR scan
02:36:33.765 Disk 0 unknown MBR code
02:36:35.765 Disk 0 scanning sectors +390716865
02:36:35.781 Disk 0 scanning C:\WINDOWS\system32\drivers
02:36:41.031 Service scanning
02:36:42.265 Disk 0 trace - called modules:
02:36:42.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:36:42.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86183ab8]
02:36:42.265 3 CLASSPNP.SYS[f75f0fd7] -> nt!IofCallDriver -> \Device\00000068[0x8618df18]
02:36:42.265 5 ACPI.sys[f7487620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86150d98]
02:36:42.265 Scan finished successfully
02:37:20.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
02:37:20.343 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"

guestolo · « **Reply #25 on:** June 14, 2011, 09:40:37 PM »

Sorry for the delay, can you do the next steps please

Go to START>>RUN>>copy/paste the following command and hit OK

[color="#0000FF"]ComboFix /uninstall[/color]
This will uninstall ComboFix and it's components

Afterwards:
Let's get some of your software updated, and remove a possible unwanted
If you didn't purposely install Ask Toolbar
Close down all browser windows and uninstall it from Add and REmove Programs
You can also uninstall "Eset Online Scanner"

Remain in Add/Remove
Keep your browsers closed and remove the following outdated and insecure software
Adobe Reader 8.1.2
Java™ 6 Update 20

Next:
To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Double-click on the file you've downloaded to uninstall Flash.
We'll update it in a bit

Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: utorrent.com ([www] https in Trusted sites)
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\TDSSKiller.exe
[2011/06/12 01:01:01 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/11 23:41:43 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Compaq_Administrator\Desktop\esetsmartinstaller_enu.exe
[2011/06/11 23:40:25 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip
[2011/06/11 23:39:05 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
:Files
c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ipconfig /flushdns /c
:Commands
[EmptyTemp]
[EmptyFlash]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: Can you update your software

Java: Go to the following link and download and install the latest version of JAVA>>Version 6 Update 26
UNTICK any options for installing any toolbars or Security scans if available
http://www.java.com/en/download/index.jsp

Adobe Reader:
Go to the following link
http://get.adobe.com/reader/otherversions/

UNTICK the option to also install McAfee Security Scan and/or Google toolbar or similiar if available
Select your operating system, language, and then I would opt to choose Adobe Reader version 9.4
Download and save to desktop the installer for the latest version of A. Reader
Double click on the installer to install
After successfully installing, you can delete the installer on desktop
Can you open Adobe Reader and click on HELP>>CHECK FOR UPDATES and install any update if found to ensure you are right up to date

Adobe Flash:
Go to the following link
http://get.adobe.com/flashplayer/otherversions/

Choose operating system and version
Note: Do this procedure twice and get both
"Flash player for IE" then "Flash player for other browsers"
Save the installers to desktop
Untick the selections for 'Google toolbar' or 'McAfee Security Scan' if it is an option
Close browser windows, then install both
install_flash_player_ax.exe and install_flash_player.exe

NOTE: I see the installer for SpywareBlaster 4.4 in your log
If you haven't installed it yet, just hold tight, we'll install it properly

jannetie · « **Reply #26 on:** June 15, 2011, 03:44:28 AM »

[quote name='guestolo' timestamp='1308105637' post='479787']
Sorry for the delay, can you do the next steps please

Double click on OTL.exe and Run it

Under the [color="#0000ff"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Then click the [color="#ff0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

NOTE: I see the installer for SpywareBlaster 4.4 in your log
If you haven't installed it yet, just hold tight, we'll install it properly
[/quote]

[color="#0000ff"]Still have to install latest versions of abovementioned software. There was no ASK TOOLBAR in Add/Remove programs. Computer froze on shutdown, hope it didn't screw things up; shut it down via power strip. Booted up normally, had OTL prompt screen, created log.
OTL log below:
[/color]
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\utorrent.com\www\ deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\TDSSKiller.exe moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
File C:\Documents and Settings\Compaq_Administrator\Desktop\esetsmartinstaller_enu.exe not found.
C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip moved successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2\ deleted successfully.
========== FILES ==========
c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk moved successfully.
File\Folder c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 13047767 bytes
->Temporary Internet Files folder emptied: 3499735 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 22674 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 776704 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4914193 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17228 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1040 bytes

Total Files Cleaned = 22.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Compaq_Administrator
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06152011_034649

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7f0.dat not found!

Registry entries deleted on Reboot...

jannetie · « **Reply #27 on:** June 15, 2011, 05:12:06 AM »

[quote name='guestolo' timestamp='1308105637' post='479787']
Sorry for the delay, can you do the next steps please

Go to START>>RUN>>copy/paste the following command and hit OK

In addition: Can you update your software

Java: Go to the following link and download and install the latest version of JAVA>>Version 6 Update 26
UNTICK any options for installing any toolbars or Security scans if available
http://www.java.com/...nload/index.jsp

Adobe Reader:
Go to the following link
http://get.adobe.com.../otherversions/

UNTICK the option to also install McAfee Security Scan and/or Google toolbar or similiar if available
Select your operating system, language, and then I would opt to choose Adobe Reader version 9.4
Download and save to desktop the installer for the latest version of A. Reader
Double click on the installer to install
After successfully installing, you can delete the installer on desktop
Can you open Adobe Reader and click on HELP>>CHECK FOR UPDATES and install any update if found to ensure you are right up to date

Adobe Flash:
Go to the following link
http://get.adobe.com.../otherversions/

Choose operating system and version
Note: Do this procedure twice and get both
"Flash player for IE" then "Flash player for other browsers"
Save the installers to desktop
Untick the selections for 'Google toolbar' or 'McAfee Security Scan' if it is an option
Close browser windows, then install both
install_flash_player_ax.exe and install_flash_player.exe

NOTE: I see the installer for SpywareBlaster 4.4 in your log
If you haven't installed it yet, just hold tight, we'll install it properly
[/quote]

Java installed with no problems. Using IE, neither Adobe Reader nor Adobe Flash would install; I got the yellow bar saying Adobe wants to install "Adobe DLM" from Adobe Systems and at the same time, got a pop-up from IE saying IE has encountered a problem and needs to close. Gave up after the third try. I don't really need Adobe Reader since I can use my partner's computer for any pdf files I might need to open - that's a rare occurrence for me. I used Opera to install Flash for both IE and for other browsers. Holding off on Spyware Blaster as per your request. Thanks..

guestolo · « **Reply #28 on:** June 15, 2011, 11:52:21 PM »

Can you go ahead and install AVG and let me know how things are then running please
You may have to ensure you register it before it runs properly?

jannetie · « **Reply #29 on:** June 16, 2011, 04:22:40 AM »

[quote name='guestolo' timestamp='1308199941' post='479793']
Can you go ahead and install AVG and let me know how things are then running please
You may have to ensure you register it before it runs properly?

[/quote]

AVG installed and registered, but seems to be making computer run incredibly slowly - much more slowly than it ran when AVG was installed earlier. On the up side, I'm still connected to the Internet. I'll probably look for an anti-virus program that doesn't use so many resources. With the machine running like this, I'm sure Photoshop will encounter problems and shut down more often than in the past; can't take a chance with that and losing work that will have to be done again.

jannetie · « **Reply #30 on:** June 16, 2011, 10:09:06 PM »

[quote name='guestolo' timestamp='1308199941' post='479793']
Can you go ahead and install AVG and let me know how things are then running please
You may have to ensure you register it before it runs properly?

[/quote]

Must be away for at least four days, will be back Sunday night or Monday. Thanks so much for all your help so far. I'll have access to a computer to read/answer any posts, but won't be able to do anything on my own computer.

guestolo · « **Reply #31 on:** June 18, 2011, 04:44:51 PM »

When you get back to the computer
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

jannetie · « **Reply #32 on:** June 21, 2011, 03:33:24 AM »

[quote name='guestolo' timestamp='1308433491' post='479810']
When you get back to the computer
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
[/quote]

Sorry for the delay; thanks for your patience.

HIJACK THIS_UNINSTALL LIST:
3D Starfield Screensaver, Version 1.2
abrViewer.NET v2
Ad-Aware
Ad-Aware
Adobe Acrobat 4.0
Adobe ActiveShare 1.2
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer
Adobe Type Manager 4.0
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AdobeColorCommonSetRGB
AGEIA PhysX v2.4.4
Agere Systems PCI-SV92PP Soft Modem
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.12
ApoMap
Apophysis
Apophysis 2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Software Suite
Ask Toolbar
ATI Control Panel
ATI Display Driver
AVG 2011
AVG 2011
AVG 2011
Bonjour
CCleaner
Chalkaholic Plugin v 1.0
Compaq Connections (remove only)
Compaq Multimedia Keyboard Software
Critical Update for Windows Media Player 11 (KB959772)
Deep Space Screen Saver
Defraggler
DISCover
DriverGuide Toolkit
Easy Internet Sign-up
EPSON Copy Utility 3
EPSON Perf V700-V750 Guide
EPSON Printer Software
EPSON Scan
Eraser 5.85
Family Tree Maker
Filter Forge Freepack 1 - Metals 1.012
Filter Forge Freepack 2 - Photo Effects 1.012
Filter Forge Freepack 3 - Frames 1.012
Fireplace Screensaver
Fireworks
Flickr Uploadr 3.0.5
FlipAlbum 5.5 Suite
Focus Magic
GdiplusUpgrade
GML Matting 0.2
Google Earth
Google Gears
Google SketchUp 6
Google SketchUp 6
Google Update Helper
Google Updater
Haali Media Splitter
HexDump plug-in for Ad-Aware SE
High Definition Audio Driver Package - KB888111
HiJackThis
Holiday Lights 5.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DigitalMedia Archive
HP Driver Diagnostics
Image Analyzer
imeem Download Manager
Inkscape 0.46
Intel(R) Integrated Performance Primitives RTI 4.0
InterVideo WinDVD Player
IrfanView (remove only)
iTunes
Java(TM) 6 Update 26
Junk Mail filter update
Kazoo Player
LimeWire 5.2.13
LSP Explorer plug-in for Ad-Aware SE
LTCM Client
Malwarebytes' Anti-Malware version 1.51.0.1200
Master Index for Pedigree Resource File
MathPlayer
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Outlook Connector
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Works 4.5
mIRC
MSN
MSN Encarta Plus Support Files
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neat Image v5 Demo (with plug-in)
Nero Suite
Netscape Browser (remove only)
Opera 10.60
OpticFilm 7200
Otto
Paint.NET v3.31
PC-Doctor 5 for Windows
PDF Settings CS4
Pedigree Resource File
Polaroid Dust and Scratch Removal v1.0.0.15.2e
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
Raindrops
RealPlayer
Recuva
Rhapsody Player Engine
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SilverFast Ai/Ai-Studio Documentation 6.5.0
SilverFast Ai/AiStudio Movie Documentation 6.5.0
SilverFast SE CD Documentation 6.2.0
SilverFast SE Documentation 6.4.0
SilverFast UScan 6.6.0r6
SilverFast UScan-SE
SilverFast UScan-SE TWAIN
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.3
SSC Service Utility v4.30
Storm
StuffIt 11
Thredgeholder Plugin v 1.0
Tweak-SE plug-in for Ad-Aware SE
Ulead ArtTexture.Plugin 1.0
Ulead FantasyWarp.Plugin 1.0
Ulead Particle.Plugin 1.0
Ulead Photo Express 3.0
Ulead PhotoImpact 4.2
Uninstall DreamSuite Bonus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online Help and Support
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.4
VueScan
Wacom Tablet Driver
Webshots Desktop
Webshots Toolbar for Firefox
Webshots Toolbar for IE
WinAce Archiver
Windows Defender
Windows Driver Package - Product Image (05/02/2002 1.0.1.1)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xpose Plugin v 1.0
Yahoo! Music Jukebox

guestolo · « **Reply #33 on:** June 22, 2011, 10:09:49 PM »

How is the machine behaving now?

jannetie · « **Reply #34 on:** June 23, 2011, 02:39:52 AM »

[quote name='guestolo' timestamp='1308798589' post='479827']
How is the machine behaving now?
[/quote]

Little quirks, but nothing I can't handle.

Well, one thing that keeps occurring is I get a pop-up box saying "the software you are installing for this hardware: Non Plug and Play drivers has not passed Windows Logo testing to verify its compatibility with Windows XP". It seems to happen while AVG is scanning, and I think an update might be occurring at the same time. Then a message says: "Computer must be restarted in order to finish the updating process (AVG cannot update important services while the system is using them)". While this is going on, MS security informs me AVG firewall isn't working. I open AVG, it says nothing is activated. This was happening a number of times a day. But, the last time this happened, both MS & AVG showed everything was working properly (except for ID protection).

It wasn't completing a scan since that message kept popping up. Until I got back from NJ/PA I had it set to hold off running a scan until Monday, and ran defrag while I was away. Unfortunately, my partner wasn't able to tell me exactly what the result was; I didn't use MS, used Defraggler instead, works faster than MS; he said it was the same amount fragmented as it was before the defrag started although it had finished. Then he also got the same popup saying "the software you are installing...." etc, and rebooted the computer.

AVG loaded, but he didn't run a scan. This is the first I've been on, so haven't run an AVG scan yet myself. I think there might be some kind of conflict with AVG now, maybe having to do with its being reinstalled from the CD; it was set to scan Wednesday morning at 6AM and it did start, but I don't think it completed the scan. I have to reboot much more often than before - four or five times a day in fact, where I could leave the computer up and running for days at a time. Other applications (Word for instance) stop responding. I haven't tried Photoshop yet.

I haven't uninstalled AVG yet, wanted to look into the MS firewall on XP to see if it was up to date in protection, since the system is so outdated. Then I thought I'd try Avast free for as long as I have this computer; hoping to get a new one by the end of the year. Until I can see AVG completing a scan I won't know if it is working properly, and until I uninstall it I won't know if it's AVG that's causing the other problems. Oh, and I uninstalled AdAware also, since I wasn't using it regularly since I'd gotten AVG Pro. That hasn't seemed to make a difference. Other than that and its running more slowly than before and windows closing on me, it'll just have to do til I get a new machine. (Just hoping nothing else sneaked in while I wasn't looking...)

Thanks for your help!

guestolo · « **Reply #35 on:** June 25, 2011, 10:56:43 AM »

Let's take another look please
Open OTL.exe, put a tick in "Scan all Users"
Then run a Scan, post the new log that opens when it's done please

Edit>>I see you have CCleaner
Can you open it, click on TOOLS> Under the UNINSTALL option,
do you see "ASK TOOLBAR" under Programs to Remove?

jannetie · « **Reply #36 on:** June 25, 2011, 12:35:21 PM »

[quote name='guestolo' timestamp='1309017403' post='479839']
Let's take another look please
Open OTL.exe, put a tick in "Scan all Users"
Then run a Scan, post the new log that opens when it's done please

Edit>>I see you have CCleaner
Can you open it, click on TOOLS> Under the UNINSTALL option,
do you see "ASK TOOLBAR" under Programs to Remove?
[/quote]

OTL logfile created on: 6/25/2011 1:29:11 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 142.25 Mb Available Physical Memory | 14.84% Memory free
2.26 Gb Paging File | 1.51 Gb Available in Paging File | 66.64% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 61.93 Gb Free Space | 34.73% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.01 Gb Free Space | 12.64% Space Free | Partition Type: FAT32

Computer Name: YOUR-55E5F9E3D2 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)

========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/m.spatafore/index.html
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Webshots\3.1.5.7613\Firefox [2009/07/09 15:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:36:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 10:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/02/20 18:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/02/20 18:56:03 | 000,000,000 | ---D | M]

[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/06/10 21:04:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Suite\FpLaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.webshots.com/html/atx/wsaxcontrol.cab (Webshots Multiple Media Uploader - Container)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (Webshots Photo Uploader)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 13:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/24 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/24 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/24 13:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/16 02:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/16 02:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/16 02:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/16 02:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/15 05:57:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 05:56:31 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/15 05:55:09 | 003,082,400 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player.exe
[2011/06/15 05:54:32 | 003,120,288 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player_ax.exe
[2011/06/15 04:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/15 04:58:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/15 04:58:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/15 04:58:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/15 04:58:15 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/15 03:46:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/15 01:22:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/14 07:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ulead.dat
[2011/06/12 20:55:59 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/06/11 21:17:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/10 20:39:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 20:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/09 22:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\COMPUTER FIX STUFF JUNE 2011
[2011/06/08 08:22:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/04 03:43:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\HiJackThis
[2011/05/27 01:35:36 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2011/05/27 01:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\ADOBE PS CS3 AND 4
[2011/05/27 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\JANICE STUFF FROM DESKTOP
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 13:26:56 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2011/06/25 13:02:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 12:51:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/25 12:17:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 12:16:28 | 000,000,317 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/06/25 12:15:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 12:15:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 12:15:29 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 11:05:24 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
[2011/06/25 09:51:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/25 07:01:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/25 05:45:14 | 119,825,460 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/24 13:23:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 13:21:58 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/24 10:01:05 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/22 13:43:34 | 000,655,146 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/06/16 23:31:48 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/06/15 16:40:38 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/06/15 07:42:50 | 000,443,582 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 07:42:50 | 000,072,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 07:33:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 05:57:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 05:55:09 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player.exe
[2011/06/15 05:54:32 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player_ax.exe
[2011/06/15 04:57:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/15 04:57:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/15 04:57:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/15 04:57:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/15 04:57:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/14 11:16:38 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/14 07:10:09 | 000,000,078 | -H-- | M] () -- C:\WINDOWS\Xwdupv.ns
[2011/06/14 07:10:08 | 000,005,124 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/06/13 02:37:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/06/12 20:56:01 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/06/11 00:39:22 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk
[2011/06/10 21:04:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 20:39:23 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/08 08:22:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/08 00:36:21 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 01:35:44 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 05:45:14 | 119,825,460 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/24 13:23:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 13:21:58 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/22 13:43:34 | 000,655,146 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/06/16 02:50:54 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/15 07:27:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/14 11:16:38 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/13 02:37:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/05/14 21:24:34 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 21:24:33 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/01/13 15:53:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/12/15 14:41:19 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/15 14:41:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/15 14:41:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/15 14:41:18 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/15 12:22:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVSDVDPlayer.m3u
[2009/08/13 20:35:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/08/10 18:21:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/08/10 18:21:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/08/10 18:21:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/20 22:39:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2009/04/11 17:25:09 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PRF_MI_B.INI
[2009/04/11 17:21:28 | 000,000,313 | ---- | C] () -- C:\WINDOWS\PRF_MI.INI
[2008/12/10 17:10:24 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2008/12/10 17:10:24 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2008/12/10 17:10:23 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2008/08/01 16:56:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/01 16:56:28 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/01 16:56:28 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/01 16:56:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/01 16:56:28 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/01 16:56:28 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/01 16:56:28 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/01 16:56:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/01 16:56:28 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/01 16:56:28 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/01 16:56:28 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/01 16:56:28 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/01 16:55:20 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2008/07/13 03:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
[2008/04/18 18:51:02 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/16 00:20:30 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\PnIC.dll
[2008/03/16 00:20:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gm_dll1.dll
[2007/11/11 20:34:36 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 03:03:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/25 13:57:06 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/24 00:49:55 | 000,000,839 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/08/10 23:45:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/10 03:30:58 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2007/06/21 13:01:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/05/28 02:59:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/05/19 23:41:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/04 13:14:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/23 17:12:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2006/11/20 02:15:26 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/09/23 04:39:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HPPREC~1.INI
[2006/09/23 04:28:17 | 000,274,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/03 16:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/18 18:32:58 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/05/18 18:32:58 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/05/17 22:06:09 | 000,000,317 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2006/05/17 22:06:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2006/05/17 22:06:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2006/05/17 22:05:02 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2006/05/17 22:05:02 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2006/05/02 00:04:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/04/24 02:51:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/24 02:32:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/24 02:31:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/24 02:30:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/31 00:57:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2006/03/30 17:11:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/03/11 23:35:17 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2006/03/11 23:35:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/03/02 15:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/27 09:25:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/27 07:06:59 | 000,021,348 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2006/02/26 05:05:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/02/26 02:12:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/02/26 02:11:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/02/26 02:09:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\A11U.INI
[2006/02/24 22:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/02/24 22:26:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\UNUSBDRV.EXE
[2006/02/23 22:00:39 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\venlx32n.dll
[2006/02/23 16:32:08 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/02/23 16:28:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/23 16:28:45 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/02/23 05:13:13 | 000,005,124 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/02/23 05:04:09 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/23 05:04:09 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/23 05:04:09 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/23 05:04:09 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/23 05:04:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/23 05:04:04 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/02/23 01:32:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/21 22:01:05 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/11 17:57:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/11 17:36:25 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/11 17:32:20 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/11 17:31:25 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/11 17:31:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/11 17:28:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/11 17:26:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 17:22:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/11 17:22:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/11 17:22:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/11 17:22:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/11 17:17:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:16:33 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/11 17:16:33 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/11 17:11:36 | 000,072,082 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/11/11 17:10:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/11 17:06:21 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/11 16:55:07 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/11 16:48:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/11 16:48:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/11 16:48:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/02 09:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 09:34:10 | 003,154,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 09:28:10 | 000,443,582 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 09:28:10 | 000,072,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/28 13:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 13:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/27 01:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/08 13:38:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2001/08/23 19:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\fft.rar:SummaryInformation
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

guestolo · « **Reply #37 on:** June 25, 2011, 02:16:34 PM »

Sorry, I added the following edit to my last reply

Quote

>I see you have CCleaner
Can you open it, click on TOOLS> Under the UNINSTALL option,
do you see "ASK TOOLBAR" under Programs to Remove?

In addition, I see remnants of AdAware, you definately uninstalled it correct?

jannetie · « **Reply #38 on:** June 25, 2011, 08:54:36 PM »

[quote name='guestolo' timestamp='1309029394' post='479845']
Sorry, I added the following edit to my last reply

In addition, I see remnants of AdAware, you definately uninstalled it correct?
[/quote]

I saw the Ask Toolbar addition, and uninstalled that using CCleaner - didn't see it before since I was looking for "Ask", not MP3 - GRRR! lol. I uninstalled AdAware using Add/Remove Software from Control Panel. There are probably remnants in the registry - a guess on my part, but it wouldn't be a surprise. (I'd love to know this much about computers and registry etc...)

guestolo · « **Reply #39 on:** June 26, 2011, 12:47:35 PM »

Right click on [color="#0000FF"]THIS LINK[/color] and save the file to your desktop. Next, right-click on the downloaded file (DelDomains.inf) and select “Install.” The package will remove all Internet Explorer restricted sites, enhanced security configuration zones and trusted sites.
Note: you will not see any onscreen action.
You can deleted deldomains.inf afterwards

Your copy of SpywareBlaster is outdated
Can you open it please, under the main menu
"Disable All Protections"
Afterwards, close it and uninstall it from Add/Remove programs
We'll update it in a bit

Since you removed Ad-Aware, if the next entries are in Add/Remove, you can uninstall them also
HexDump plug-in for Ad-Aware SE
Tweak-SE plug-in for Ad-Aware SE
LSP Explorer plug-in for Ad-Aware SE

Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
[2011/06/15 01:22:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/14 21:24:34 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 21:24:33 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
:Reg
:Files
C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
ipconfig /flushdns /c
:Commands
[EmptyFlash]
[EmptyTemp]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Run the installer for SpywareBlaster 4.4 from your desktop

Enable all Protection"
IMPORTANT>>"Check for updates every couple of weeks or so"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection[/list]

I would like you to run Malwarebytes again, follow my instructions closely
Last time I asked you to run a Quick Scan, you ran the Full scan instead, you can save much time'
only running the Quick for now
Run Malwarebytes Anti-Malware, when it opens

Under the Update tab, "Check For Updates"
If an update is found, it will download and install the latest version.
Afterwards, click on the Scanner tab, select "Perform Quick Scan", then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

One more log please:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code: [Select]
:filefind .ntsrsacp ntsrsacp
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

In addition: You said the following earlier

Quote

neither Adobe Reader nor Adobe Flash would install; I got the yellow bar saying Adobe wants to install "Adobe DLM" from Adobe Systems and at the same time, got a pop-up from IE saying IE has encountered a problem and needs to close.

It would be nice if we could resolve that issue
Can you go back to post #26
Try the installations again, if it won't work with IE, can you try downloading/installing using Opera or Netscape please

News:

Author Topic: Missing rundll32.exe and other annoyances (Read 7390 times)