Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer is running slowly with unknown cause

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer is running slowly with unknown cause

Unread postby sberger7 » March 12th, 2013, 8:37 pm

the computer is running very slowly. even as i type this it is lagging behind and i cant see what im typing. i dont understand why can you help?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Sheri at 19:08:20 on 2013-03-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2592 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3247201
uProxyOverride = <local>
uURLSearchHooks: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\internethelper1.5\prxtbInt0.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: CouponAmazing 5.0: {160B42B4-CBA6-4DB3-A316-00A3ADE3AEA0} - c:\documents and settings\sheri\local settings\application data\couponamazing\ie\couponamazing_1360004687.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\internethelper1.5\prxtbInt0.dll
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.10.0\bh\delta.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: InternetHelper1.5 Toolbar: {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - c:\program files\internethelper1.5\prxtbInt0.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\internethelper1.5\prxtbInt0.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.10.0\deltaTlbr.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - f:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{581D1CE7-F22F-46A9-B609-1ED07BAD4838} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sheri\application data\mozilla\firefox\profiles\nnccaaed.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=1193 ... 15c55560cc
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={4283AF5C-ED9F-473A-A577-15C2720AA429}&mid=eb46ea4206ab47d0a373d15c83b1893f-fde57a7379c132da89e9ce1ec6da43f14fbe5469&lang=en&ds=AVG&pr=fr&d=2012-10-07 09:10:20&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-02-11 07:37; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\program files\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2013-02-11 07:38; ffxtlbr@delta.com; c:\documents and settings\sheri\application data\mozilla\firefox\profiles\nnccaaed.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2012-10-17 19:38; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3497ab250000000000000015c55560cc
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15747
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.07:38:36
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-7 33112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2012-10-21 1087792]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-12-23 15896]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\drivers\zghsdiag.sys [2012-12-23 113688]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2012-12-23 113688]
S3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\drivers\zghsnmea.sys [2012-12-23 113688]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
.
=============== Created Last 30 ================
.
2013-03-02 23:06:33 9808 ----a-w- c:\documents and settings\sheri\application data\BabMaint.exe
2013-03-02 23:06:33 -------- d-----w- c:\documents and settings\sheri\application data\BabSolution
2013-02-26 23:49:44 -------- d-sh--w- c:\documents and settings\sheri\PrivacIE
2013-02-17 17:41:50 81920 ------w- c:\windows\system32\ieencode.dll
2013-02-17 17:39:35 19569 ----a-w- c:\windows\000001_.tmp
2013-02-17 17:24:29 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-02-17 17:24:22 -------- d-----w- c:\program files\McAfee Security Scan
2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-13 14:27:32 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-13 03:51:31 -------- d-----w- c:\documents and settings\sheri\local settings\application data\IsolatedStorage
2013-02-13 03:51:03 -------- d-----w- c:\documents and settings\sheri\local settings\application data\Intuit
2013-02-13 01:34:17 -------- d-sh--w- c:\documents and settings\sheri\IETldCache
2013-02-13 01:30:12 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-02-13 01:28:30 -------- d-----w- c:\windows\ie8updates
2013-02-13 01:26:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-02-13 01:26:34 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-02-13 01:26:34 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-02-13 01:26:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-02-13 01:26:33 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-02-13 01:26:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-02-13 01:26:31 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-02-13 01:19:48 -------- dc-h--w- c:\windows\ie8
2013-02-13 01:14:26 -------- d-----w- C:\01207f71097138f149b6
2013-02-13 00:25:09 -------- d-----w- C:\659eb9b5839b0252c49e71655007
2013-02-12 23:50:33 -------- d-----w- C:\7b30d73589aaa8169439af7e
2013-02-12 14:03:16 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-02-12 14:02:20 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-02-12 14:01:35 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-02-12 13:58:46 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-02-12 13:58:37 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-02-12 13:58:35 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-02-12 13:58:27 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-02-12 13:58:25 2069760 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-02-12 13:58:04 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-02-12 13:55:36 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-02-12 13:54:06 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-02-12 13:38:25 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-02-12 13:36:36 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-02-12 13:33:18 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-02-12 13:33:16 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-02-12 13:31:26 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-02-12 13:31:22 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-02-12 13:31:21 110592 -c----w- c:\windows\system32\dllcache\services.exe
2013-02-12 13:31:18 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-02-12 13:31:16 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-02-12 13:31:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-02-12 13:31:03 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-02-12 13:29:20 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-02-12 13:26:08 -------- d-----w- c:\program files\MSXML 4.0
2013-02-12 05:19:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-02-12 05:12:14 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-02-12 05:10:12 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-02-12 05:00:39 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-02-12 04:56:58 759296 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2013-02-12 04:34:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-02-12 04:34:27 3072 ------w- c:\windows\system32\iacenc.dll
2013-02-12 04:17:39 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-02-12 04:17:04 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-02-12 04:00:05 -------- d-----w- c:\windows\system32\PreInstall
2013-02-12 03:57:26 -------- d-----w- c:\documents and settings\sheri\application data\Intuit
2013-02-12 03:55:59 -------- d--h--w- c:\windows\$hf_mig$
2013-02-12 03:11:53 -------- d-----w- c:\program files\TurboTax
2013-02-12 02:54:06 990208 -c----w- c:\windows\system32\dllcache\kernel32.dll
2013-02-12 02:51:39 8462848 -c----w- c:\windows\system32\dllcache\shell32.dll
2013-02-12 02:49:10 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2013-02-12 02:49:08 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2013-02-12 02:49:06 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2013-02-12 02:49:04 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2013-02-12 02:48:59 420864 -c--a-w- c:\windows\system32\dllcache\vbscript.dll
2013-02-12 02:48:59 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2013-02-12 02:48:58 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2013-02-12 02:47:50 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2013-02-12 02:47:32 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2013-02-12 02:46:57 1288704 -c----w- c:\windows\system32\dllcache\ole32.dll
2013-02-12 02:46:41 406016 -c----w- c:\windows\system32\dllcache\usp10.dll
2013-02-12 02:46:30 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2013-02-12 02:46:19 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2013-02-12 02:46:17 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2013-02-12 02:46:16 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2013-02-12 02:46:16 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2013-02-12 02:46:15 149504 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2013-02-12 02:46:14 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2013-02-12 02:45:04 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-02-12 02:44:45 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-02-12 02:44:33 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-02-12 02:43:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-02-12 02:43:26 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-02-12 02:36:03 -------- d-----w- C:\c405ff230d421e9664e43f6a1f
2013-02-12 02:20:17 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-02-12 01:48:28 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2013-02-12 01:48:25 1371648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2013-02-12 01:48:24 79872 ------w- c:\windows\system32\msxml6r.dll
2013-02-12 01:48:22 1371648 ------w- c:\windows\system32\msxml6.dll
2013-02-12 01:45:58 9216 ------w- c:\windows\system32\dot3dlg.dll
2013-02-12 01:36:41 -------- d-----w- c:\windows\ServicePackFiles
2013-02-12 01:35:21 294912 ------w- c:\program files\windows media player\dlimport.exe
2013-02-12 01:35:04 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-02-12 01:21:01 -------- d-----w- c:\windows\network diagnostic
2013-02-12 01:19:58 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2013-02-12 01:09:26 19569 ----a-w- c:\windows\002931_.tmp
2013-02-12 01:09:13 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-02-11 13:38:32 -------- d-----w- c:\program files\Delta
2013-02-11 13:38:32 -------- d-----w- c:\documents and settings\all users\application data\BrowserProtect
2013-02-11 13:38:27 -------- d-----w- c:\documents and settings\sheri\application data\DealPly
2013-02-11 13:37:49 817120 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2013-02-11 13:37:49 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-02-11 13:37:35 -------- d-----w- c:\documents and settings\sheri\application data\Delta
2013-02-11 13:37:07 -------- d-----w- c:\program files\DealPly
2013-02-11 13:37:00 -------- d-----w- c:\documents and settings\sheri\local settings\application data\couponamazing
2013-02-11 13:36:54 -------- d-----w- c:\documents and settings\sheri\application data\Babylon
2013-02-11 13:36:54 -------- d-----w- c:\documents and settings\all users\application data\Babylon
.
==================== Find3M ====================
.
2013-02-27 02:04:17 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:04:16 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 16:17:04 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-29 12:37:26 1087792 ----a-w- c:\windows\system32\dmwu.exe
2013-01-29 12:34:46 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 16:58:28 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-02 16:58:28 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-02 16:58:28 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 19:15:00.06 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2012 1:51:02 AM
System Uptime: 3/12/2013 7:03:04 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 994/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 558.693 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_10DE&DEV_01D7&SUBSYS_01C21028&REV_A1\4&1C9EC085&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_10DE&DEV_01D7&SUBSYS_01C21028&REV_A1\4&1C9EC085&0&0008
Service:
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&10575340&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&10575340&0&0102
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
Service: NETw5x32
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Data Interface
Device ID: USB\VID_413C&PID_8133&MI_00\7&2B5E4A83&0&0000
Manufacturer:
Name: Data Interface
PNP Device ID: USB\VID_413C&PID_8133&MI_00\7&2B5E4A83&0&0000
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Data Interface
Device ID: USB\VID_413C&PID_8133&MI_01\7&2B5E4A83&0&0001
Manufacturer:
Name: Data Interface
PNP Device ID: USB\VID_413C&PID_8133&MI_01\7&2B5E4A83&0&0001
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Biometric Coprocessor
Device ID: USB\VID_0483&PID_2016\7&312B4FD&0&1
Manufacturer:
Name: Biometric Coprocessor
PNP Device ID: USB\VID_0483&PID_2016\7&312B4FD&0&1
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP89: 12/13/2012 8:32:27 AM - System Checkpoint
RP90: 12/14/2012 9:59:59 AM - System Checkpoint
RP91: 12/14/2012 5:22:27 PM - Removed AVG 2013
RP92: 12/15/2012 5:52:49 PM - System Checkpoint
RP93: 12/16/2012 6:48:02 PM - System Checkpoint
RP94: 12/17/2012 7:19:58 PM - System Checkpoint
RP95: 12/18/2012 7:20:13 PM - System Checkpoint
RP96: 12/19/2012 7:22:49 PM - System Checkpoint
RP97: 12/20/2012 8:10:00 PM - System Checkpoint
RP98: 12/21/2012 9:04:43 PM - System Checkpoint
RP99: 12/22/2012 9:22:01 PM - System Checkpoint
RP100: 12/23/2012 4:57:03 PM - Installed Join Me Drivers
RP101: 12/25/2012 12:11:27 AM - System Checkpoint
RP102: 12/26/2012 8:26:38 AM - System Checkpoint
RP103: 12/27/2012 8:28:52 AM - System Checkpoint
RP104: 12/28/2012 8:56:15 AM - System Checkpoint
RP105: 12/29/2012 7:32:09 PM - System Checkpoint
RP106: 12/31/2012 11:26:26 AM - Installed Intel(R) PROSet/Wireless WiFi Software.
RP107: 1/1/2013 8:17:52 PM - System Checkpoint
RP108: 1/2/2013 8:23:29 PM - System Checkpoint
RP109: 1/3/2013 8:26:51 PM - System Checkpoint
RP110: 1/4/2013 8:29:36 PM - System Checkpoint
RP111: 1/5/2013 9:38:47 PM - System Checkpoint
RP112: 1/6/2013 9:56:16 PM - System Checkpoint
RP113: 1/8/2013 8:22:24 AM - System Checkpoint
RP114: 1/8/2013 4:41:58 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP115: 1/9/2013 5:28:50 PM - System Checkpoint
RP116: 1/10/2013 6:02:44 PM - System Checkpoint
RP117: 1/11/2013 9:56:37 AM - Removed AVG 2013
RP118: 1/11/2013 5:37:13 PM - Removed AVG 2013
RP119: 1/12/2013 6:18:48 PM - System Checkpoint
RP120: 1/13/2013 6:19:26 PM - System Checkpoint
RP121: 1/14/2013 7:18:46 PM - System Checkpoint
RP122: 1/15/2013 7:35:25 PM - System Checkpoint
RP123: 1/16/2013 8:37:14 PM - System Checkpoint
RP124: 1/17/2013 9:47:02 AM - Removed AVG 2013
RP125: 1/20/2013 6:57:15 PM - System Checkpoint
RP126: 1/21/2013 7:11:22 PM - System Checkpoint
RP127: 1/22/2013 10:17:15 PM - System Checkpoint
RP128: 1/24/2013 9:19:46 AM - System Checkpoint
RP129: 1/25/2013 10:59:46 AM - System Checkpoint
RP130: 1/26/2013 11:15:58 AM - System Checkpoint
RP131: 1/27/2013 2:26:14 PM - System Checkpoint
RP132: 1/28/2013 2:52:38 PM - System Checkpoint
RP133: 1/29/2013 3:40:45 PM - System Checkpoint
RP134: 1/30/2013 4:30:12 PM - System Checkpoint
RP135: 1/31/2013 5:27:31 PM - System Checkpoint
RP136: 2/1/2013 9:00:52 AM - Removed AVG 2013
RP137: 2/2/2013 9:31:37 AM - System Checkpoint
RP138: 2/3/2013 12:08:52 PM - System Checkpoint
RP139: 2/4/2013 12:24:58 PM - System Checkpoint
RP140: 2/5/2013 1:22:05 PM - System Checkpoint
RP141: 2/6/2013 5:53:26 PM - System Checkpoint
RP142: 2/7/2013 6:20:53 PM - System Checkpoint
RP143: 2/8/2013 7:49:50 PM - System Checkpoint
RP144: 2/9/2013 8:04:55 PM - System Checkpoint
RP145: 2/10/2013 8:25:21 PM - System Checkpoint
RP146: 2/11/2013 7:09:43 PM - Installed Windows XP Service Pack 3.
RP147: 2/11/2013 9:12:30 PM - Installed TurboTax 2012 wrapper
RP148: 2/11/2013 9:55:49 PM - Software Distribution Service 3.0
RP149: 2/12/2013 7:17:52 AM - Software Distribution Service 3.0
RP150: 2/12/2013 3:56:23 PM - Software Distribution Service 3.0
RP151: 2/12/2013 6:03:32 PM - Software Distribution Service 3.0
RP152: 2/12/2013 7:03:06 PM - Software Distribution Service 3.0
RP153: 2/12/2013 8:38:51 PM - Software Distribution Service 3.0
RP154: 2/13/2013 6:49:46 AM - Software Distribution Service 3.0
RP155: 2/13/2013 9:58:01 PM - Software Distribution Service 3.0
RP156: 2/14/2013 10:44:50 PM - System Checkpoint
RP157: 2/16/2013 8:37:09 AM - System Checkpoint
RP158: 2/17/2013 11:39:53 AM - Installed Windows XP Service Pack 3.
RP159: 2/17/2013 12:06:19 PM - Installed Windows XP WgaNotify.
RP160: 2/17/2013 2:54:36 PM - Software Distribution Service 3.0
RP161: 2/17/2013 10:11:31 PM - Software Distribution Service 3.0
RP162: 2/19/2013 8:14:39 AM - System Checkpoint
RP163: 2/20/2013 9:12:29 AM - System Checkpoint
RP164: 2/21/2013 11:33:00 AM - System Checkpoint
RP165: 2/22/2013 12:50:05 PM - System Checkpoint
RP166: 2/23/2013 1:10:40 PM - System Checkpoint
RP167: 2/24/2013 2:09:14 PM - System Checkpoint
RP168: 2/25/2013 2:11:49 PM - System Checkpoint
RP169: 2/26/2013 2:34:51 PM - System Checkpoint
RP170: 2/27/2013 3:24:39 PM - System Checkpoint
RP171: 2/28/2013 4:17:36 PM - System Checkpoint
RP172: 3/1/2013 4:35:56 PM - System Checkpoint
RP173: 3/2/2013 5:28:05 PM - System Checkpoint
RP174: 3/3/2013 8:32:37 PM - System Checkpoint
RP175: 3/4/2013 10:29:38 PM - System Checkpoint
RP176: 3/6/2013 9:48:21 AM - System Checkpoint
RP177: 3/7/2013 10:24:21 AM - System Checkpoint
RP178: 3/8/2013 11:59:50 AM - System Checkpoint
RP179: 3/9/2013 2:06:33 PM - System Checkpoint
RP180: 3/10/2013 4:25:11 PM - System Checkpoint
RP181: 3/11/2013 8:29:41 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Akamai NetSession Interface
Anti-phishing Domain Advisor
AVG 2013
AVG Security Toolbar
Broadcom Advanced Control Suite
Broadcom Gigabit Integrated Controller
BufferChm
Copy
Coupon Printer for Windows
couponamazing
DealPly
Delta Chrome Toolbar
Delta toolbar
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
F4500
Google Chrome
Google Drive
Google Update Helper
GPBaseService2
HiDef Media Player 1.1.12
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 14.0
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
IB Updater 2.0.0.530
IB Updater Service
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
InternetHelper1.5 Toolbar
Join Me Drivers
join.me
Macromedia Flash Player
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Palm Desktop
PDFCreator
QuickBooks Pro 2005
Scan
SeaMonkey 2.16.1 (x86 en-US)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Status
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wksiper
TurboTax 2012 wmoiper
TurboTax 2012 wrapper
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Toolbar
ZTE Handset USB Driver
.
==== Event Viewer Messages From Past Week ========
.
3/8/2013 9:40:19 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/5/2013 7:27:39 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
3/5/2013 7:18:58 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/12/2013 4:26:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/12/2013 4:26:49 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
sberger7
Active Member
 
Posts: 12
Joined: October 2nd, 2012, 9:58 pm
Advertisement
Register to Remove

Re: Computer is running slowly with unknown cause

Unread postby melboy » March 13th, 2013, 5:25 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


============================================


Please uninstall the programs below before running AdwCleaner


Uninstall Programs

  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
Anti-phishing Domain Advisor
couponamazing
DealPly
Delta Chrome Toolbar
Delta toolbar
IB Updater 2.0.0.530
IB Updater Service
InternetHelper1.5 Toolbar
McAfee Security Scan Plus



AdwCleaner

Download AdwCleaner from HERE & save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Computer is running slowly with unknown cause

Unread postby melboy » March 15th, 2013, 2:18 pm

Hi sberger7

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • In accordance with Malware Removal policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Computer is running slowly with unknown cause

Unread postby sberger7 » March 15th, 2013, 9:33 pm

I'm sorry it took so long to reply. the computer wasn"t making it easy to open the forum. thank you for you help. here is your log:


# AdwCleaner v2.114 - Logfile created 03/15/2013 at 20:31:48
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sheri - BERGER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sheri\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : IBUpdaterService

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\bprotector_extensions.sqlite
File Found : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\bprotector_prefs.js
File Found : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\searchplugins\delta.xml
File Found : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\searchplugins\MyStart Search.xml
File Found : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\WINDOWS\system32\dmwu.exe
File Found : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Found : C:\DOCUME~1\Sheri\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\DealPly
Folder Found : C:\Documents and Settings\Kevin.BERGER\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\NetworkService\Application Data\DealPly
Folder Found : C:\Documents and Settings\Sheri\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Sheri\Application Data\BabSolution
Folder Found : C:\Documents and Settings\Sheri\Application Data\Babylon
Folder Found : C:\Documents and Settings\Sheri\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Sheri\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\WINDOWS\system32\WNLT

***** [Registry] *****

Key Found : HKCU\Software\582d7dee56eee44
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\delta LTD
Key Found : HKCU\Software\IB Updater
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\582d7dee56eee44
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\WNLT
Key Found : HKU\S-1-5-21-448539723-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-448539723-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-448539723-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource= ... =CT3247201
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?affID=1193 ... 15c55560cc

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "Delta Search");
Found : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119351&babsrc=HP_ss&mntrId[...]
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119351&babsrc[...]
Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.bbDpng", "1");
Found : user_pref("extensions.delta.cntry", "US");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.hdrMd5", "5FAC5845CBDCE2FFD03D726A0C90EA5E");
Found : user_pref("extensions.delta.id", "3497ab250000000000000015c55560cc");
Found : user_pref("extensions.delta.instlDay", "15747");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.lastVrsnTs", "1.8.10.07:38:36");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.sg", "tzb");
Found : user_pref("extensions.delta.smplGrp", "tzb");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.10.0");
Found : user_pref("extensions.delta.vrsnTs", "1.8.10.07:38:36");
Found : user_pref("extensions.delta.vrsni", "1.8.10.0");
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

File : C:\Documents and Settings\Kevin.BERGER\Application Data\Mozilla\Firefox\Profiles\u5juadxh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12868 octets] - [15/03/2013 20:31:48]

########## EOF - C:\AdwCleaner[R1].txt - [12929 octets] ##########
sberger7
Active Member
 
Posts: 12
Joined: October 2nd, 2012, 9:58 pm

Re: Computer is running slowly with unknown cause

Unread postby melboy » March 16th, 2013, 3:59 am

Hi

Thanks.

Let me know how the computer is running after completing the instructions below. Please allow AdwCleaner to reboot the system before running OTL.


AdwCleaner

  • Double click AdwCleaner.exe to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Computer is running slowly with unknown cause

Unread postby sberger7 » March 16th, 2013, 10:47 am

Here you go. thanks again for helping

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 09:23:22
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sheri - BERGER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sheri\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Deleted on reboot : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\WINDOWS\system32\Zynga
Deleted on reboot : C:\WINDOWS\system32\Zynga
File Deleted : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\searchplugins\delta.xml
File Deleted : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\DOCUME~1\Sheri\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\DealPly
Folder Deleted : C:\Documents and Settings\Kevin.BERGER\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\DealPly
Folder Deleted : C:\Documents and Settings\Sheri\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Sheri\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Sheri\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Sheri\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Sheri\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\WINDOWS\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\582d7dee56eee44
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\IB Updater
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\582d7dee56eee44
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource= ... =CT3247201 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\prefs.js

C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119351&babsrc=HP_ss&mntrId[...]
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119351&babsrc[...]
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.bbDpng", "1");
Deleted : user_pref("extensions.delta.cntry", "US");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.hdrMd5", "5FAC5845CBDCE2FFD03D726A0C90EA5E");
Deleted : user_pref("extensions.delta.id", "3497ab250000000000000015c55560cc");
Deleted : user_pref("extensions.delta.instlDay", "15747");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.10.07:38:36");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.sg", "tzb");
Deleted : user_pref("extensions.delta.smplGrp", "tzb");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.07:38:36");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

File : C:\Documents and Settings\Kevin.BERGER\Application Data\Mozilla\Firefox\Profiles\u5juadxh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12999 octets] - [15/03/2013 20:31:48]
AdwCleaner[S1].txt - [12770 octets] - [16/03/2013 09:23:22]

########## EOF - C:\AdwCleaner[S1].txt - [12831 octets] ##########




OTL logfile created on: 3/16/2013 9:32:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sheri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.43% Memory free
5.09 Gb Paging File | 4.50 Gb Available in Paging File | 88.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 557.53 Gb Free Space | 93.52% Space Free | Partition Type: NTFS

Computer Name: BERGER | User Name: Sheri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/16 09:31:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheri\Desktop\OTL.exe
PRC - [2013/03/13 16:07:03 | 000,068,096 | ---- | M] (mozilla.org) -- C:\Program Files\SeaMonkey\seamonkey.exe
PRC - [2013/02/18 11:17:01 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/12/17 20:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 14:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/11/03 16:45:48 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 16:35:14 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/16 09:29:57 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32api.pyd
MOD - [2013/03/16 09:29:57 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\_elementtree.pyd
MOD - [2013/03/16 09:29:57 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\_socket.pyd
MOD - [2013/03/16 09:29:57 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32ts.pyd
MOD - [2013/03/16 09:29:56 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\pysqlite2._sqlite.pyd
MOD - [2013/03/16 09:29:56 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32com.shell.shell.pyd
MOD - [2013/03/16 09:29:55 | 001,024,616 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\windows._cacheinvalidation.pyd
MOD - [2013/03/16 09:29:55 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\wx._gdi_.pyd
MOD - [2013/03/16 09:29:55 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\pythoncom26.dll
MOD - [2013/03/16 09:29:55 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\pyexpat.pyd
MOD - [2013/03/16 09:29:55 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\_ctypes.pyd
MOD - [2013/03/16 09:29:55 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\wx._html2.pyd
MOD - [2013/03/16 09:29:55 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32profile.pyd
MOD - [2013/03/16 09:29:55 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32crypt.pyd
MOD - [2013/03/16 09:29:54 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\wx._misc_.pyd
MOD - [2013/03/16 09:29:54 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32security.pyd
MOD - [2013/03/16 09:29:54 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\PyWinTypes26.dll
MOD - [2013/03/16 09:29:53 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\_ssl.pyd
MOD - [2013/03/16 09:29:52 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\wx._core_.pyd
MOD - [2013/03/16 09:29:52 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32process.pyd
MOD - [2013/03/16 09:29:52 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32pdh.pyd
MOD - [2013/03/16 09:29:51 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\wx._windows_.pyd
MOD - [2013/03/16 09:29:51 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\_hashlib.pyd
MOD - [2013/03/16 09:29:51 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\wx._wizard.pyd
MOD - [2013/03/16 09:29:51 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32file.pyd
MOD - [2013/03/16 09:29:51 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32inet.pyd
MOD - [2013/03/16 09:29:41 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\wx._controls_.pyd
MOD - [2013/03/16 09:29:41 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\unicodedata.pyd
MOD - [2013/03/16 09:29:41 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\win32event.pyd
MOD - [2013/03/16 09:29:40 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sheri\Local Settings\Temp\_MEI6162\select.pyd
MOD - [2013/03/13 16:07:32 | 002,839,040 | ---- | M] () -- C:\Program Files\SeaMonkey\mozjs.dll
MOD - [2013/03/13 16:07:30 | 000,150,528 | ---- | M] () -- C:\Program Files\SeaMonkey\nsldap32v60.dll
MOD - [2013/03/13 16:07:30 | 000,014,848 | ---- | M] () -- C:\Program Files\SeaMonkey\nsldappr32v60.dll
MOD - [2013/02/18 11:17:01 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
MOD - [2013/02/12 19:35:27 | 000,221,696 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
MOD - [2013/02/12 18:50:55 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
MOD - [2013/02/12 18:50:50 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll
MOD - [2013/02/12 18:50:47 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll
MOD - [2013/02/12 18:47:20 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/02/12 18:47:08 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/02/12 18:46:47 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/02/12 18:46:37 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/02/12 18:46:27 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll
MOD - [2013/02/12 18:46:17 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/02/12 18:45:56 | 009,093,120 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/02/12 18:45:36 | 014,412,800 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/13 08:04:27 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/18 11:17:01 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/10 20:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/11/03 16:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/11/03 16:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/18 11:17:04 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/22 12:40:16 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsnmea.sys -- (zghsnmea)
DRV - [2011/08/22 12:40:16 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011/08/22 12:40:16 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2011/08/22 12:40:16 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2009/10/26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/26 12:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/05/13 18:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/17 19:38:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/18 19:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.16.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2013/03/13 16:07:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.16.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2013/02/20 22:19:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/17 19:38:04 | 000,000,000 | ---D | M]

[2012/12/29 19:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\Extensions
[2012/12/29 19:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\Extensions\home2@tomtom.com
[2013/03/15 20:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\extensions
[2012/10/21 13:57:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\nnccaaed.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/08 20:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\564khbeh.default\extensions
[2013/02/08 20:04:42 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\564khbeh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/11/14 19:22:33 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\564khbeh.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/10/07 19:41:12 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\564khbeh.default\extensions\inspector@mozilla.org
[2013/02/10 23:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\dpw87mdj.B\extensions
[2013/02/10 23:52:19 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\dpw87mdj.B\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/10/07 19:33:14 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\dpw87mdj.B\extensions\inspector@mozilla.org
[2012/10/07 11:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\gux3mmag.default\extensions
[2012/10/07 11:03:23 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\gux3mmag.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/10/07 11:03:21 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\gux3mmag.default\extensions\inspector@mozilla.org
[2013/02/13 22:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\i2lmmbad.Family account\extensions
[2013/02/13 22:00:10 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\i2lmmbad.Family account\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/10/07 19:28:11 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\i2lmmbad.Family account\extensions\inspector@mozilla.org
[2012/10/18 19:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/11 08:37:26 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/10/18 19:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/10/18 19:14:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NNCCAAED.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
[2012/10/10 20:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/10 20:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/10 20:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.delta-search.com/?affID=1193 ... 15c55560cc
CHR - Extension: No name found = C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Sheri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{581D1CE7-F22F-46A9-B609-1ED07BAD4838}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/07 01:47:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{254c082e-5218-11e2-814f-0015c55560cc}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{ccc0dff2-3f54-11e2-8124-0015c55560cc}\Shell\AutoRun\command - "" = E:\RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/16 09:31:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheri\Desktop\OTL.exe
[2013/03/15 20:23:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/03/08 11:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/05 08:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheri\My Documents\New Folder
[2013/02/26 18:49:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sheri\PrivacIE
[2013/02/26 18:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheri\Application Data\HPAppData
[2013/02/21 21:16:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sheri\My Documents\Google Drive
[2013/02/21 21:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/02/17 13:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/02/17 12:58:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sheri\My Documents\*.tmp files -> C:\Documents and Settings\Sheri\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/16 09:31:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheri\Desktop\OTL.exe
[2013/03/16 09:31:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/16 09:27:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/16 09:27:55 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/16 09:27:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/15 21:04:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/15 20:31:04 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Sheri\Desktop\adwcleaner.exe
[2013/03/15 17:06:15 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/03/15 07:38:06 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/03/15 07:38:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/03/13 23:37:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/13 07:23:42 | 000,408,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/13 07:23:42 | 000,055,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 21:54:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/11 19:47:20 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2013/03/08 11:19:52 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/01 09:03:52 | 000,009,808 | ---- | M] () -- C:\Documents and Settings\Sheri\Application Data\BabMaint.exe
[2013/02/21 21:16:23 | 000,001,474 | ---- | M] () -- C:\Documents and Settings\Sheri\Desktop\Google Drive.lnk
[2013/02/18 11:17:04 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/02/17 13:00:41 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Sheri\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/02/17 13:00:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Sheri\My Documents\*.tmp files -> C:\Documents and Settings\Sheri\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/15 20:31:02 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Sheri\Desktop\adwcleaner.exe
[2013/03/05 08:38:04 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2013/03/02 18:06:35 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/03/02 18:06:33 | 000,009,808 | ---- | C] () -- C:\Documents and Settings\Sheri\Application Data\BabMaint.exe
[2013/02/21 21:16:23 | 000,001,474 | ---- | C] () -- C:\Documents and Settings\Sheri\Desktop\Google Drive.lnk
[2013/02/11 23:34:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/02/11 23:03:50 | 000,588,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-448539723-362288127-839522115-1003-0.dat
[2013/02/11 23:03:46 | 000,286,578 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/11 22:14:11 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/11/07 19:27:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2012/11/07 19:21:55 | 000,000,613 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2012/10/21 14:23:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012/10/21 14:21:18 | 001,087,792 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2012/10/21 14:21:18 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2012/10/17 19:14:58 | 000,205,946 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2012/10/17 19:14:58 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2012/10/16 21:14:24 | 000,206,118 | ---- | C] () -- C:\WINDOWS\hpoins46.dat.temp
[2012/10/12 14:15:03 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2012/10/08 15:23:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/07 20:36:07 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sheri\Local Settings\Application Data\fusioncache.dat
[2012/10/07 01:51:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/07 01:41:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/06 18:19:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/06 18:17:57 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Sheri\Application Data\Mozilla\SeaMonkey\Profiles\564khbeh.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/10/07 16:17:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/12/27 05:24:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/07 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/10/07 11:04:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/16 09:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/29 19:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/10/07 11:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheri\Application Data\AVG2013
[2013/01/05 20:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheri\Application Data\Target
[2012/12/29 19:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheri\Application Data\TomTom
[2012/10/07 11:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheri\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 3/16/2013 9:32:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sheri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.43% Memory free
5.09 Gb Paging File | 4.50 Gb Available in Paging File | 88.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 557.53 Gb Free Space | 93.52% Space Free | Partition Type: NTFS

Computer Name: BERGER | User Name: Sheri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1051:TCP" = 1051:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Sheri\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Sheri\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Sheri\Local Settings\Temp\Incredibar_install.exe" = C:\Documents and Settings\Sheri\Local Settings\Temp\Incredibar_install.exe:*:Enabled:IncrediBar Installer -- ()
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu -- ()
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- ()
"C:\WINDOWS\Temp\avgcu_mDNSResponder.exe" = C:\WINDOWS\Temp\avgcu_mDNSResponder.exe:*:Enabled:Bonjour
"C:\Palm\PPLTReg.exe" = C:\Palm\PPLTReg.exe:*:Enabled:PPLTReg -- (Leader Technologies/Palm)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{7269695A-88FE-47CB-9AE5-D787460DEEBB}" = TurboTax 2012 wksiper
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel(R) PROSet/Wireless WiFi Software
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91719435-F4B9-4D21-814D-7C66959DB632}" = Join Me Drivers
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBA641F3-7A87-4179-8E4E-F77D25BC1067}" = TurboTax 2012 wmoiper
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HiDef Media Player" = HiDef Media Player 1.1.12
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"ProInst" = Intel PROSet Wireless
"SeaMonkey 2.16.2 (x86 en-US)" = SeaMonkey 2.16.2 (x86 en-US)
"Shop for HP Supplies" = Shop for HP Supplies
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TurboTax 2012" = TurboTax 2012
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"JoinMe" = join.me
"Pilot Desktop" = Palm Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2013 12:36:56 PM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application QBW32.EXE, version 15.0.4004.469, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2013 12:46:00 AM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application QBW32.EXE, version 15.0.4004.469, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/5/2013 9:36:28 AM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application QBW32.EXE, version 15.0.4004.469, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2013 7:14:37 PM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2013 10:14:43 AM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application QBW32.EXE, version 15.0.4004.469, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/10/2013 3:09:12 PM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application QBW32.EXE, version 15.0.4004.469, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/11/2013 10:55:17 PM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application IntuitUpdater.exe, version 4.0.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/11/2013 10:55:18 PM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application IntuitUpdater.exe, version 4.0.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/15/2013 7:06:24 PM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application seamonkey.exe, version 19.0.2.4817, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/15/2013 9:56:42 PM | Computer Name = BERGER | Source = Application Hang | ID = 1002
Description = Hanging application seamonkey.exe, version 19.0.2.4817, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 10/12/2012 4:13:06 PM | Computer Name = BERGER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15820
seconds with 8280 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/5/2013 8:21:19 PM | Computer Name = BERGER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/5/2013 8:21:19 PM | Computer Name = BERGER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/5/2013 8:21:22 PM | Computer Name = BERGER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/5/2013 8:58:15 PM | Computer Name = BERGER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/5/2013 8:58:15 PM | Computer Name = BERGER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/5/2013 8:59:25 PM | Computer Name = BERGER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/5/2013 8:59:25 PM | Computer Name = BERGER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/5/2013 8:59:27 PM | Computer Name = BERGER | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/6/2013 9:23:50 AM | Computer Name = BERGER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/6/2013 9:23:50 AM | Computer Name = BERGER | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >
sberger7
Active Member
 
Posts: 12
Joined: October 2nd, 2012, 9:58 pm

Re: Computer is running slowly with unknown cause

Unread postby melboy » March 16th, 2013, 3:09 pm

Hi

melboy wrote:Let me know how the computer is running after completing the instructions below.


OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code:
    Code: Select all
    :otl
    FF - prefs.js..extensions.enabledAddons: ffxtlbr@delta.com :1.5.0
    FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
    [2013/02/11 08:37:26 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\SHERI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NNCCAAED.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
    
    
    :files
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\EPUpdater.job
    C:\Documents and Settings\Sheri\Application Data\BabMaint.exe
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please allow it to do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Computer is running slowly with unknown cause

Unread postby sberger7 » March 16th, 2013, 4:04 pm

It has been running a little faster. just a little bit slow at random times

All processes killed
========== OTL ==========
Prefs.js: ffxtlbr@delta.com :1.5.0 removed from extensions.enabledAddons
Prefs.js: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 removed from extensions.enabledAddons
C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\EPUpdater.job moved successfully.
C:\Documents and Settings\Sheri\Application Data\BabMaint.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 4896659 bytes
->Temporary Internet Files folder emptied: 1690738 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18499951 bytes
->Google Chrome cache emptied: 91010294 bytes
->Flash cache emptied: 58618 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: kevin
->Temp folder emptied: 127029 bytes
->Temporary Internet Files folder emptied: 98321 bytes
->Flash cache emptied: 56504 bytes

User: Kevin.BERGER
->Temp folder emptied: 183703 bytes
->Temporary Internet Files folder emptied: 2634874 bytes
->FireFox cache emptied: 7093860 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10606721 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sheri
->Temp folder emptied: 4920392715 bytes
->Temporary Internet Files folder emptied: 19265386 bytes
->FireFox cache emptied: 75100836 bytes
->Google Chrome cache emptied: 11071485 bytes
->Flash cache emptied: 59372 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2181852 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98343855 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7885 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 650551 bytes

Total Files Cleaned = 5,020.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03162013_145449

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
sberger7
Active Member
 
Posts: 12
Joined: October 2nd, 2012, 9:58 pm

Re: Computer is running slowly with unknown cause

Unread postby melboy » March 17th, 2013, 6:59 am

Hi

Thanks. A couple of last checks and we should be done. Let one scan finish before starting the other.

Let me know how things are running.

Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup-version.number.exe
  • Allow any UAC prompt and follow the prompts to install the program.
  • Towards the end of the installation, Uncheck Enable the free trial Malwarebytes' Anti-Malware PRO
    (You can activate this when we've finished, if you wish)
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when the application is started.
.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



aswMBR

Download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Allow any UAC prompt.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Computer is running slowly with unknown cause

Unread postby sberger7 » March 17th, 2013, 3:54 pm

running much better. thank you again
i had one issue with the second scan. it completely froze the computer so i restarted the computer and it worked the second time

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.17.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sheri :: BERGER [administrator]

3/17/2013 1:46:09 PM
mbam-log-2013-03-17 (13-46-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292402
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Sheri\My Documents\Downloads\Setup2.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-17 14:33:06
-----------------------------
14:33:06.265 OS Version: Windows 5.1.2600 Service Pack 3
14:33:06.265 Number of processors: 2 586 0xF06
14:33:06.265 ComputerName: BERGER UserName: Sheri
14:33:10.593 Initialize success
14:33:31.171 AVAST engine defs: 13031700
14:33:33.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:33:33.859 Disk 0 Vendor: TOSHIBA_MK6475GSX GT001U Size: 610480MB BusType: 3
14:33:33.921 Disk 0 MBR read successfully
14:33:33.953 Disk 0 MBR scan
14:33:34.031 Disk 0 Windows XP default MBR code
14:33:34.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610477 MB offset 63
14:33:34.109 Disk 0 scanning sectors +1250258625
14:33:34.218 Disk 0 scanning C:\WINDOWS\system32\drivers
14:33:49.562 Service scanning
14:34:12.468 Modules scanning
14:34:20.453 Disk 0 trace - called modules:
14:34:20.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:34:20.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0d6ab8]
14:34:20.578 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8b1957b0]
14:34:20.828 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b137940]
14:34:23.656 AVAST engine scan C:\WINDOWS
14:34:42.281 AVAST engine scan C:\WINDOWS\system32
14:37:25.015 AVAST engine scan C:\WINDOWS\system32\drivers
14:37:55.796 AVAST engine scan C:\Documents and Settings\Sheri
14:47:47.906 AVAST engine scan C:\Documents and Settings\All Users
14:50:38.140 Scan finished successfully
14:52:04.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sheri\Desktop\MBR.dat"
14:52:05.031 The log file has been saved successfully to "C:\Documents and Settings\Sheri\Desktop\aswMBR.txt"
sberger7
Active Member
 
Posts: 12
Joined: October 2nd, 2012, 9:58 pm

Re: Computer is running slowly with unknown cause

Unread postby melboy » March 17th, 2013, 4:19 pm

Your logs now appears to be clean. Congratulations!

This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are before continuing.


AdwCleaner

  • Double click AdwCleaner.exe to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
  • AdwCleaner will close and uninstall itself

Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.



OTL by OldTimer

  • Double-click OTL.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


Clear Infected System Restore Points

  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    -
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck Turn off System Restore on all drives.
  • Click Apply
  • Click each drive in turn where system restore is not required and click Settings
    Note: System restore is only needed on drives with an operating system installed
  • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
Note: only do this once, and not on a regular basis


=========================================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Computer is running slowly with unknown cause

Unread postby deltalima » March 20th, 2013, 7:26 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 104 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware