Solved Dump data

Phoebbufet · 2010/12/26

[Resolved] Dump data

My computer began crashing about a week ago, each time giving me a blue screen for a brief moment including the word "dump. "

I have looked through this bbs as to how to obtain my dump collection data. The following is what I have retrieved from my debuglog.txt file. I have also attached the following logs (in two separate posts): MBAM and GMER (post 1) and MBRCheck and DDS (both logs) (post #2). I would appreaciate greatly any help that you can provide. Much thanks!

[Admin: Removed Debug log data, there's no need for that here]

MBAM Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5398

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2010 1:21:14 PM
mbam-log-2010-12-26 (13-21-14).txt

Scan type: Quick scan
Objects scanned: 135931
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-26 14:12:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3500418AS rev.CC3E
Running: qptx4mkl[1].exe; Driver: C:\DOCUME~1\Ivan\LOCALS~1\Temp\kxtdrpob.sys

---- System - GMER 1.0.15 ----

SSDT 89B1FAD0 ZwAlertResumeThread
SSDT 89B68E08 ZwAlertThread
SSDT 89A63768 ZwAllocateVirtualMemory
SSDT 89BB4890 ZwAssignProcessToJobObject
SSDT 89C8E680 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB049A210]
SSDT 89BA3650 ZwCreateMutant
SSDT 899F5660 ZwCreateSymbolicLinkObject
SSDT 89CB7A60 ZwCreateThread
SSDT 89C46C50 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB049A490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB049A9F0]
SSDT 89CC5F48 ZwDuplicateObject
SSDT 89A7FB78 ZwFreeVirtualMemory
SSDT 89B612F0 ZwImpersonateAnonymousToken
SSDT 899A2378 ZwImpersonateThread
SSDT 89549060 ZwLoadDriver
SSDT 89C39F08 ZwMapViewOfSection
SSDT 89DA7100 ZwOpenEvent
SSDT 899B15D0 ZwOpenProcess
SSDT 89CAA660 ZwOpenProcessToken
SSDT 89B78660 ZwOpenSection
SSDT 89CB18D8 ZwOpenThread
SSDT 89A04348 ZwProtectVirtualMemory
SSDT 89BA25E0 ZwResumeThread
SSDT 89A8E560 ZwSetContextThread
SSDT 89A0CEA0 ZwSetInformationProcess
SSDT 89DE4818 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB049AC40]
SSDT 89BA0C38 ZwSuspendProcess
SSDT 89E3E2B0 ZwSuspendThread
SSDT 8942C090 ZwTerminateProcess
SSDT 89C78F38 ZwTerminateThread
SSDT 89B53140 ZwUnmapViewOfSection
SSDT 89D6E098 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB3195380, 0x566445, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01073880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01073930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01073A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010739D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [012D3880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [012D3930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [012D3A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [012D39D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Phoebbufet · 2010/12/26

Dump data (2 of 2)

The following is my MBRCheck and DDS logs (both logs):

MBRCheck Log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 150):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7E95000 SYMDS.SYS
0xB7E83000 sr.sys
0xB7E56000 SYMEFA.SYS
0xB7E3F000 KSecDD.sys
0xB7DB2000 Ntfs.sys
0xB7D85000 NDIS.sys
0xB85AE000 speedfan.sys
0xB7D6B000 Mup.sys
0xB8671000 giveio.sys
0xB8138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8248000 \SystemRoot\system32\DRIVERS\processr.sys
0xB7D3F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB3195000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB3181000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB3159000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB3124000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8258000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8268000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8278000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB3101000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8450000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB30DD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8460000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB8288000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7D37000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB30C9000 \SystemRoot\system32\DRIVERS\parport.sys
0xB8697000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8298000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7D33000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB30B2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8468000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB30A1000 \SystemRoot\system32\DRIVERS\psched.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8470000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8478000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB3071000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8480000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8488000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB3013000 \SystemRoot\system32\DRIVERS\update.sys
0xB3B78000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB3B74000 \SystemRoot\system32\drivers\WmBEnum.sys
0xB82E8000 \SystemRoot\system32\drivers\WmXlCore.sys
0xB8490000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB8308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8148000 \SystemRoot\system32\drivers\nvhda32.sys
0xB0DBF000 \SystemRoot\system32\drivers\portcls.sys
0xB8158000 \SystemRoot\system32\drivers\drmk.sys
0xB8168000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB07CA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB85FA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86C4000 \SystemRoot\System32\Drivers\Null.SYS
0xB85FC000 \SystemRoot\System32\Drivers\Beep.SYS
0xB84A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB84A8000 \SystemRoot\System32\drivers\vga.sys
0xB85FE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB84B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8350000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB1E47000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB076F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0716000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB06C6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB06A0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8188000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB067E000 \SystemRoot\System32\drivers\afd.sys
0xB8198000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB05BF000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0xB81D8000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0xB0594000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB0524000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB81E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB04C6000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB8390000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB04A9000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB0484000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB0405000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0xB0359000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0xB8218000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB0712000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB2FCB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAFCD4000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xB2FAB000 \SystemRoot\system32\drivers\usbaudio.sys
0xAFC90000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xB06FA000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB8418000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8420000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB8428000 \SystemRoot\system32\drivers\WmFilter.sys
0xB06EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8430000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB2F9B000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAFBED000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB2FFB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB061E000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xAFC8C000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xAFBD5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85E6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB1E2B000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83D0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87EA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAF875000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAF538000 \SystemRoot\system32\drivers\wdmaud.sys
0xAF695000 \SystemRoot\system32\drivers\sysaudio.sys
0xAF123000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB85D2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAEF13000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8410000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xAEA4A000 \SystemRoot\System32\Drivers\HTTP.sys
0xAE8B3000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS
0xAE85B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101224.001\IDSxpx86.sys
0xAE6EC000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0xADE6A000 \??\C:\DOCUME~1\Ivan\LOCALS~1\Temp\kxtdrpob.sys
0xADD1F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101226.003\NAVEX15.SYS
0xADD0B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101226.003\NAVENG.SYS
0xAFBAD000 \??\C:\DOCUME~1\Ivan\LOCALS~1\Temp\mbr.sys
0xAD96A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
708 C:\WINDOWS\system32\smss.exe
772 csrss.exe
796 C:\WINDOWS\system32\winlogon.exe
840 C:\WINDOWS\system32\services.exe
852 C:\WINDOWS\system32\lsass.exe
1028 C:\WINDOWS\system32\nvsvc32.exe
1060 C:\WINDOWS\system32\svchost.exe
1128 svchost.exe
1224 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1392 svchost.exe
1504 C:\WINDOWS\system32\spoolsv.exe
1904 C:\WINDOWS\explorer.exe
256 C:\WINDOWS\system32\rundll32.exe
272 C:\WINDOWS\RTHDCPL.EXE
280 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
368 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
496 C:\WINDOWS\system32\ctfmon.exe
516 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
536 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
580 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
1340 svchost.exe
1680 C:\WINDOWS\system32\svchost.exe
1732 C:\Program Files\Java\jre6\bin\jqs.exe
1944 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1840 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
692 C:\WINDOWS\system32\svchost.exe
724 C:\WINDOWS\system32\svchost.exe
916 C:\WINDOWS\system32\svchost.exe
2864 alg.exe
3500 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3532 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3748 C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
2216 C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
2344 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
484 C:\WINDOWS\system32\svchost.exe
3660 C:\WINDOWS\system32\notepad.exe
3328 C:\Program Files\Internet Explorer\iexplore.exe
2140 C:\Program Files\Internet Explorer\iexplore.exe
2588 C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
1832 C:\Program Files\Internet Explorer\iexplore.exe
1088 C:\Program Files\Internet Explorer\iexplore.exe
4568 C:\WINDOWS\system32\notepad.exe
4992 C:\Program Files\Internet Explorer\iexplore.exe
5172 wmiprvse.exe
5596 C:\WINDOWS\system32\wscntfy.exe
5804 C:\Documents and Settings\Ivan\Local Settings\Temporary Internet Files\Content.IE5\WEDUBKCX\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC3E

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

DDS Logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2010 2:48:49 PM
System Uptime: 12/26/2010 1:12:57 PM (2 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon(tm) II X4 630 Processor | Socket M2 | 2812/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 419.078 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_43851458&REV_3C\3&61AAA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_43851458&REV_3C\3&61AAA01&0&A0
Service:

==== System Restore Points ===================

RP112: 9/30/2010 3:00:14 AM - Software Distribution Service 3.0
RP113: 10/1/2010 6:14:10 AM - System Checkpoint
RP114: 10/2/2010 12:14:10 PM - System Checkpoint
RP115: 10/3/2010 12:15:15 PM - System Checkpoint
RP116: 10/4/2010 6:14:10 PM - System Checkpoint
RP117: 10/6/2010 12:14:10 AM - System Checkpoint
RP118: 10/6/2010 3:00:13 AM - Software Distribution Service 3.0
RP119: 10/7/2010 6:14:10 AM - System Checkpoint
RP120: 10/8/2010 12:15:08 PM - System Checkpoint
RP121: 10/9/2010 6:14:03 PM - System Checkpoint
RP122: 10/10/2010 8:25:28 PM - System Checkpoint
RP123: 10/15/2010 12:16:23 AM - Software Distribution Service 3.0
RP124: 10/16/2010 3:19:53 AM - System Checkpoint
RP125: 10/17/2010 1:11:02 PM - System Checkpoint
RP126: 10/18/2010 3:19:53 PM - System Checkpoint
RP127: 10/19/2010 9:19:53 PM - System Checkpoint
RP128: 10/21/2010 3:19:53 AM - System Checkpoint
RP129: 10/22/2010 3:20:58 AM - System Checkpoint
RP130: 10/23/2010 9:19:53 AM - System Checkpoint
RP131: 10/24/2010 3:19:53 PM - System Checkpoint
RP132: 10/25/2010 9:19:47 PM - System Checkpoint
RP133: 10/27/2010 3:20:52 AM - System Checkpoint
RP134: 10/28/2010 9:57:38 AM - System Checkpoint
RP135: 10/29/2010 3:19:47 PM - System Checkpoint
RP136: 10/30/2010 9:19:51 PM - System Checkpoint
RP137: 10/31/2010 11:24:01 PM - System Checkpoint
RP138: 11/2/2010 3:20:47 AM - System Checkpoint
RP139: 11/3/2010 9:19:42 AM - System Checkpoint
RP140: 11/4/2010 3:19:42 PM - System Checkpoint
RP141: 11/4/2010 10:23:17 PM - Removed Logitech Vid.
RP142: 11/5/2010 10:24:38 PM - System Checkpoint
RP143: 11/6/2010 3:00:13 AM - Software Distribution Service 3.0
RP144: 11/6/2010 5:51:10 PM - Removed ooVoo
RP145: 11/7/2010 10:46:04 PM - System Checkpoint
RP146: 11/9/2010 4:44:58 AM - System Checkpoint
RP147: 11/10/2010 3:00:17 AM - Software Distribution Service 3.0
RP148: 11/11/2010 4:44:59 AM - System Checkpoint
RP149: 11/12/2010 10:44:58 AM - System Checkpoint
RP150: 11/13/2010 7:05:42 PM - System Checkpoint
RP151: 11/14/2010 8:32:55 PM - System Checkpoint
RP152: 11/15/2010 10:44:56 PM - System Checkpoint
RP153: 11/16/2010 10:46:01 PM - System Checkpoint
RP154: 11/18/2010 4:44:56 AM - System Checkpoint
RP155: 11/19/2010 10:44:56 AM - System Checkpoint
RP156: 11/20/2010 11:35:46 AM - System Checkpoint
RP157: 11/21/2010 4:44:56 PM - System Checkpoint
RP158: 11/22/2010 10:44:53 PM - System Checkpoint
RP159: 11/23/2010 10:55:35 PM - System Checkpoint
RP160: 11/25/2010 4:44:53 AM - System Checkpoint
RP161: 11/26/2010 10:45:59 AM - System Checkpoint
RP162: 11/26/2010 11:51:47 PM - Installed W Photo Studio
RP163: 11/27/2010 12:07:22 AM - Removed W Photo Studio
RP164: 11/27/2010 7:00:16 PM - Installed QuickTime
RP165: 11/28/2010 7:21:21 PM - System Checkpoint
RP166: 11/29/2010 10:44:49 PM - System Checkpoint
RP167: 11/30/2010 10:45:54 PM - System Checkpoint
RP168: 12/2/2010 4:44:49 AM - System Checkpoint
RP169: 12/3/2010 10:44:49 AM - System Checkpoint
RP170: 12/4/2010 4:45:54 PM - System Checkpoint
RP171: 12/6/2010 3:26:52 AM - System Checkpoint
RP172: 12/7/2010 4:44:45 AM - System Checkpoint
RP173: 12/8/2010 10:44:45 AM - System Checkpoint
RP174: 12/9/2010 4:44:45 PM - System Checkpoint
RP175: 12/11/2010 3:42:24 PM - System Checkpoint
RP176: 12/11/2010 10:11:23 PM - Software Distribution Service 3.0
RP177: 12/11/2010 11:06:21 PM - Restore Operation
RP178: 12/12/2010 11:19:28 AM - [ErrorText_1715]
RP179: 12/12/2010 5:40:43 PM - Software Distribution Service 3.0
RP180: 12/13/2010 6:38:27 PM - System Checkpoint
RP181: 12/13/2010 10:12:56 PM - Software Distribution Service 3.0
RP182: 12/18/2010 5:49:31 PM - Software Distribution Service 3.0
RP183: 12/19/2010 1:32:05 AM - Software Distribution Service 3.0
RP184: 12/19/2010 3:00:13 AM - Software Distribution Service 3.0
RP185: 12/19/2010 3:05:49 PM - Software Distribution Service 3.0
RP186: 12/20/2010 11:04:07 PM - Software Distribution Service 3.0
RP187: 12/21/2010 9:47:31 PM - Software Distribution Service 3.0
RP188: 12/21/2010 9:51:53 PM - Software Distribution Service 3.0
RP189: 12/21/2010 9:52:13 PM - Software Distribution Service 3.0
RP190: 12/21/2010 9:52:34 PM - Software Distribution Service 3.0
RP191: 12/21/2010 10:09:35 PM - Software Distribution Service 3.0
RP192: 12/21/2010 10:14:03 PM - Software Distribution Service 3.0
RP193: 12/21/2010 10:14:26 PM - Software Distribution Service 3.0
RP194: 12/21/2010 10:19:03 PM - Software Distribution Service 3.0
RP195: 12/21/2010 10:28:39 PM - Software Distribution Service 3.0
RP196: 12/22/2010 10:34:01 PM - System Checkpoint
RP197: 12/23/2010 3:35:39 PM - Software Distribution Service 3.0
RP198: 12/23/2010 6:47:08 PM - Software Distribution Service 3.0
RP199: 12/23/2010 8:24:09 PM - Software Distribution Service 3.0
RP200: 12/24/2010 5:48:10 PM - Installed DriverUpdate
RP201: 12/24/2010 5:57:14 PM - Installed FixCleaner
RP202: 12/24/2010 6:01:32 PM - Before Cleaning
RP203: 12/24/2010 6:22:04 PM - Removed DriverUpdate
RP204: 12/24/2010 6:22:15 PM - Removed FixCleaner
RP205: 12/24/2010 6:36:35 PM - Installed DriverUpdate
RP206: 12/24/2010 6:37:31 PM - Installed FixCleaner
RP207: 12/24/2010 6:44:01 PM - DriverUpdate Installing Drivers
RP208: 12/24/2010 8:24:34 PM - Installed Java(TM) 6 Update 23
RP209: 12/24/2010 8:31:15 PM - Before Updating
RP210: 12/24/2010 8:32:41 PM - Software Distribution Service 3.0
RP211: 12/24/2010 8:58:57 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP212: 12/24/2010 9:01:27 PM - Installed Windows XP Wdf01009.
RP213: 12/24/2010 9:10:34 PM - Restore Operation
RP214: 12/25/2010 3:00:23 AM - Software Distribution Service 3.0
RP215: 12/25/2010 9:45:16 PM - ADVANCED REGISTRY OPTIMIZER - FIRST RUN
RP216: 12/25/2010 9:46:42 PM - Advanced Registry Optimizer Sat, Dec 25, 10 21:46

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Advanced Registry Optimizer
Apple Application Support
Apple Software Update
BufferChm
CameraHelperMsi
CCleaner
Copy
Debugging Tools for Windows (x86)
Destinations
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
erLT
F4400
FSX Flight Weather Report
Google Earth
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Java Auto Updater
Java(TM) 6 Update 20
Logitech Gaming Software 5.08
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Windows 7 (7.1)
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton Security Suite
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skype Toolbars
Skypeâ„¢ 5.0
SmartWebPrinting
SolutionCenter
SpeedFan (remove only)
Status
System Requirements Lab
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
WinRAR archiver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/26/2010 1:11:45 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
12/26/2010 1:11:45 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/26/2010 1:11:44 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/25/2010 9:49:40 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 8051b462, parameter3 b84f3b70, parameter4 b84f386c.
12/25/2010 9:36:29 PM, error: System Error [1003] - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 41c95402, parameter4 cdcdcdcd.
12/25/2010 9:36:26 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 ad1e9238, parameter3 ad1e8f34, parameter4 8051b462.
12/25/2010 9:36:25 PM, error: System Error [1003] - Error code 10000050, parameter1 e7776828, parameter2 00000000, parameter3 b7ddc1f3, parameter4 00000002.
12/25/2010 9:36:22 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000071, parameter2 00000002, parameter3 00000001, parameter4 805172f6.
12/25/2010 10:39:40 PM, error: System Error [1003] - Error code 0000001a, parameter1 00041284, parameter2 6acf5001, parameter3 000042d5, parameter4 c0883000.
12/25/2010 10:39:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
12/25/2010 10:36:55 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054b10d, parameter3 af64fb2c, parameter4 00000000.
12/25/2010 1:09:32 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054bfd2, parameter3 af698308, parameter4 00000000.
12/24/2010 9:17:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl SRTSPX SymDS SymEFA SymIRON SYMTDI
12/24/2010 9:17:00 PM, error: Service Control Manager [7000] - The Norton Security Suite service failed to start due to the following error: The system cannot find the file specified.
12/24/2010 9:16:53 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/24/2010 9:16:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buShell.dll. Reference error message: The operation completed successfully. .
12/24/2010 9:16:53 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/24/2010 8:56:52 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054b10d, parameter3 b12c7744, parameter4 00000000.
12/24/2010 8:56:37 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054bfd2, parameter3 b0676b1c, parameter4 00000000.
12/24/2010 8:40:37 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
12/24/2010 8:40:37 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_disp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
12/24/2010 8:33:34 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670).
12/24/2010 8:16:27 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/24/2010 7:02:06 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
12/24/2010 7:01:51 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/24/2010 6:04:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Au_.exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/24/2010 6:01:32 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'QuarantineW' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/24/2010 5:48:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'WINDOWS' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/24/2010 5:47:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'DriverUpdate-setup[1].exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/24/2010 5:41:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86
12/24/2010 5:07:52 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 b84f7a98, parameter3 b84f7794, parameter4 8052d2ed.
12/24/2010 10:24:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054b10f, parameter3 af9dd94c, parameter4 00000000.
12/24/2010 10:23:58 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00000000, parameter3 b067dc20, parameter4 00000000.
12/24/2010 10:23:53 AM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 ae4f04a0, parameter3 ae4f019c, parameter4 b7da264a.
12/23/2010 6:47:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.95.2506.0).
12/23/2010 6:47:19 PM, error: Microsoft Antimalware [2001] -
12/23/2010 3:35:56 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.95.2476.0).
12/21/2010 9:33:28 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
12/21/2010 10:28:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.95.2294.0).
12/21/2010 10:20:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Cryptography' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/21/2010 10:14:30 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'Definition Updates' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/21/2010 10:12:25 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'mseinstall[1].exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/21/2010 10:09:48 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.95.2294.0).
12/19/2010 6:50:55 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054bfd2, parameter3 ae5dcb74, parameter4 00000000.
12/19/2010 4:19:55 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'downloaded_setup.exe' on the volume 'CPMEvdd1'. It has stopped monitoring the volume.
12/19/2010 2:50:26 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 89f029b0, parameter3 89f02b24, parameter4 805d2954.
12/19/2010 2:50:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 Cdrom Imapi redbook

==== End Of File ===========================

DDS (Ver_10-12-12.02) - NTFSx86
Run by Ivan at 15:39:39.12 on Sun 12/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1063 [GMT -5:00]

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ivan\Local Settings\Temporary Internet Files\Content.IE5\9NMHNIE1\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\norton security suite\engine\4.3.0.5\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276067157671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ivan\applic~1\mozilla\firefox\profiles\858c5ejr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-12-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-12-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-12-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-12-26 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-12-26 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-26 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101224.001\IDSXpx86.sys [2010-12-25 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101226.003\NAVENG.SYS [2010-12-26 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101226.003\NAVEX15.SYS [2010-12-26 1360760]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-6-9 58600]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-20 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-9 1691480]

=============== Created Last 30 ================

2010-12-26 18:18:26 -------- d-----w- c:\docume~1\ivan\applic~1\Malwarebytes
2010-12-26 18:18:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 18:18:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-26 18:18:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 18:18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-26 15:54:16 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-12-26 15:54:16 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-12-26 15:54:16 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2010-12-26 15:54:16 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-12-26 15:54:16 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-12-26 15:54:16 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-12-26 15:54:16 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-12-26 15:54:16 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-12-26 15:54:01 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2010-12-26 02:45:09 -------- d-----w- c:\docume~1\ivan\applic~1\Sammsoft
2010-12-26 02:45:02 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-12-26 02:18:45 -------- d-----w- C:\symbols
2010-12-26 02:03:35 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-12-26 01:45:38 -------- d-----w- c:\docume~1\ivan\locals~1\applic~1\Symantec
2010-12-26 01:45:38 -------- d-----w- c:\docume~1\ivan\applic~1\Tific
2010-12-25 02:26:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-25 02:26:09 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 02:26:09 -------- d-----w- c:\program files\Symantec
2010-12-25 02:15:49 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-25 02:15:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-25 02:15:38 -------- d-----w- C:\1e93ef42b2cc3e542014da214d5d46
2010-12-25 02:12:36 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-12-25 02:06:14 -------- d-sh--w- C:\found.000
2010-12-25 02:02:37 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-25 02:01:15 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-12-25 01:25:26 -------- d-----w- c:\program files\common files\Java(2)
2010-12-24 23:36:35 -------- d-----w- c:\program files\DriverUpdate(2)
2010-12-24 22:57:21 -------- d-----w- c:\docume~1\ivan\applic~1\FixCleaner
2010-12-24 22:57:15 -------- d-----w- c:\program files\FixCleaner
2010-12-24 22:48:48 -------- d-----w- c:\docume~1\ivan\locals~1\applic~1\SlimWare Utilities Inc
2010-12-22 03:12:57 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-19 21:11:46 8 ----a-w- c:\windows\crpf.bin
2010-12-19 21:11:46 4 ----a-w- c:\windows\crpf_sdum.bin
2010-12-12 16:35:07 -------- d-----w- c:\docume~1\ivan\applic~1\ComodoGroup
2010-12-12 04:06:41 -------- d-----w- c:\windows\system32\drivers\N360
2010-12-12 04:06:40 -------- d-----w- c:\program files\NortonInstaller
2010-12-12 04:06:35 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-12 04:06:34 -------- d-----w- c:\program files\Norton Security Suite
2010-12-11 22:36:15 -------- d-----w- c:\program files\Ace Utilities
2010-11-27 23:59:52 -------- d-----w- c:\docume~1\ivan\locals~1\applic~1\Apple
2010-11-27 23:59:27 -------- d-----w- c:\docume~1\ivan\locals~1\applic~1\Apple Computer
2010-11-27 02:58:28 -------- d-----w- c:\docume~1\ivan\applic~1\W Photo Studio Viewer

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet(2).dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1991680 ----a-w- c:\windows\system32\iertutil(2).dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26:58 1210880 ----a-w- c:\windows\system32\urlmon(2).dll
2010-11-06 00:26:57 11080704 ----a-w- c:\windows\system32\ieframe(2).dll
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd(2).dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k(2).sys

============= FINISH: 15:40:05.04 ===============

broni · 2010/12/26

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Phoebbufet · 2010/12/26

Thanks, broni. I will give it a try and will let you know what happens.

Phoebbufet · 2010/12/26

I ran ComboFix, the computer rebooted but has not progressed beyond my desktop. It appears that the program is no longer running, though ComboFix has not produced a report. Is it possible that the program is still running? (FYI I am sending this message to you through another computer).

broni · 2010/12/26

Restart manually and run Combofix again.

Phoebbufet · 2010/12/26

will do!

Phoebbufet · 2010/12/26

OK, here is the combofix.txt log:

ComboFix 10-12-26.01 - Ivan 12/26/2010 19:19:09.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -5:00]
Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-26 18:18 . 2010-12-26 18:18 -------- d-----w- c:\documents and settings\Ivan\Application Data\Malwarebytes
2010-12-26 18:18 . 2010-12-26 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-26 18:18 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 18:18 . 2010-12-26 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-26 18:18 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 02:45 . 2010-12-26 02:45 -------- d-----w- c:\documents and settings\Ivan\Application Data\Sammsoft
2010-12-26 02:45 . 2010-12-26 02:45 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-12-26 02:18 . 2010-12-26 02:19 -------- d-----w- C:\symbols
2010-12-26 02:03 . 2010-12-26 02:19 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-12-26 01:45 . 2010-12-26 01:45 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Symantec
2010-12-26 01:45 . 2010-12-26 01:45 -------- d-----w- c:\documents and settings\Ivan\Application Data\Tific
2010-12-26 01:43 . 2010-12-26 01:43 -------- d-----w- c:\program files\Microsoft SDKs
2010-12-25 02:26 . 2010-12-25 02:26 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-25 02:26 . 2010-12-25 02:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-25 02:26 . 2010-12-25 02:26 -------- d-----w- c:\program files\Symantec
2010-12-25 02:15 . 2010-12-25 02:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-25 02:15 . 2010-12-25 02:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-25 02:15 . 2010-12-25 02:15 -------- d-----w- C:\1e93ef42b2cc3e542014da214d5d46
2010-12-25 02:13 . 2010-12-25 02:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-12-24 22:48 . 2010-12-24 22:48 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\SlimWare Utilities Inc
2010-12-22 03:12 . 2010-12-25 02:12 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-19 21:11 . 2010-12-19 21:11 8 ----a-w- c:\windows\crpf.bin
2010-12-19 21:11 . 2010-12-19 21:11 4 ----a-w- c:\windows\crpf_sdum.bin
2010-12-12 16:35 . 2010-12-12 16:35 -------- d-----w- c:\documents and settings\Ivan\Application Data\ComodoGroup
2010-12-12 04:06 . 2010-12-26 18:13 -------- d-----w- c:\windows\system32\drivers\N360
2010-12-12 04:06 . 2010-12-12 04:06 -------- d-----w- c:\program files\NortonInstaller
2010-12-12 04:06 . 2010-12-25 02:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-12 04:06 . 2010-12-25 02:25 -------- d-----w- c:\program files\Norton Security Suite
2010-12-11 22:36 . 2010-12-25 02:15 -------- d-----w- c:\program files\Ace Utilities
2010-11-27 23:59 . 2010-11-27 23:59 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Apple
2010-11-27 23:59 . 2010-11-27 23:59 -------- d-----w- c:\program files\Apple Software Update
2010-11-27 23:59 . 2010-11-27 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-11-27 23:59 . 2010-11-27 23:59 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Apple Computer
2010-11-27 02:58 . 2010-11-27 04:48 -------- d-----w- c:\documents and settings\Ivan\Application Data\W Photo Studio Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-06-09 18:45 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2009-03-08 08:32 1991680 ----a-w- c:\windows\system32\iertutil(2).dll
2010-11-06 00:26 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet(2).dll
2010-11-06 00:26 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2008-04-14 12:00 1210880 ----a-w- c:\windows\system32\urlmon(2).dll
2010-11-06 00:26 . 2009-03-08 08:39 11080704 ----a-w- c:\windows\system32\ieframe(2).dll
2010-11-05 02:18 . 2010-11-05 02:18 53248 ----a-r- c:\documents and settings\Ivan\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-03 12:25 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd(2).dll
2010-10-26 13:25 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-26 13:25 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k(2).sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder "= "c:\program files\Advanced Registry Optimizer\aro.exe" [2009-10-22 2132480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"RTHDCPL "= "RTHDCPL.EXE" [2010-03-12 19521056]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Start WingMan Profiler "= "c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LWS "= "c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe "=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [12/26/2010 10:54 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [12/26/2010 10:54 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/23/2010 3:34 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [12/26/2010 10:54 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [12/26/2010 10:54 AM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [12/26/2010 10:54 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/26/2010 11:58 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101224.001\IDSXpx86.sys [12/25/2010 8:31 AM 341944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [6/9/2010 1:56 AM 58600]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/20/2010 11:29 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/9/2010 1:59 AM 1691480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 04:29]

2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-21 04:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\858c5ejr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
AddRemove-SDKSetup_7.1.7600.0.30514 - c:\program files\Microsoft SDKs\Windows\v7.1\Setup\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-26 19:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath "= "\ "c:\program files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,5c,35,d0,50,6f,2b,40,a2,90,33,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,5c,35,d0,50,6f,2b,40,a2,90,33,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-26 19:23:50
ComboFix-quarantined-files.txt 2010-12-27 00:23

Pre-Run: 449,940,328,448 bytes free
Post-Run: 449,897,611,264 bytes free

- - End Of File - - D241BF021001A2E4ED96040D8E07D8CE

broni · 2010/12/26

Not much there, either.
I can see some Comodo leftovers, but we can remove them through our next scan.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Phoebbufet · 2010/12/26

I am trying to run OTL but received the following error message:

"Access violation at address 00402A13 in module 'OTL.exe.' Read of address 001CF000 "

broni · 2010/12/26

Disable Norton momentarily and try again.

Phoebbufet · 2010/12/26

Excellent. That worked. Here is the OTL.txt log (I will upload the Extras.txt log momentarily):

OTL logfile created on: 12/26/2010 8:35:34 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Ivan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 419.02 Gb Free Space | 89.97% Space Free | Partition Type: NTFS
Drive D: | 193.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: IVAN-PC | User Name: Ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/26 20:23:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
PRC - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 17:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/12/26 20:23:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/21 22:02:19 | 000,066,408 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\efacli.dll
MOD - [2010/03/18 16:37:15 | 002,389,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\bushell.dll
MOD - [2010/02/25 19:32:56 | 000,646,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccl90u.dll
MOD - [2009/08/13 08:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Ivan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/12/26 11:58:21 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101226.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/26 11:58:21 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/26 11:58:21 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101226.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/24 21:26:09 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/01 01:03:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101224.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/11/23 03:34:08 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/27 03:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 03:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2010/07/27 03:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/06/10 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/03 17:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/22 03:30:22 | 000,222,672 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/03/12 16:41:22 | 005,867,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/01/28 09:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/09/11 14:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 14:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 14:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 14:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/12/25 22:16:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/12/24 21:26:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/10 23:17:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/24 21:13:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/24 21:13:13 | 000,000,000 | ---D | M]

[2010/06/09 01:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions
[2010/12/18 22:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\858c5ejr.default\extensions
[2010/09/09 20:53:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\858c5ejr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/24 21:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/04 21:33:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/09 02:09:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/24 21:11:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/06/09 02:09:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe (Sammsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276067157671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/09 13:47:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/26 18:57:08 | 000,000,037 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56871556046913536)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 20:22:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
[2010/12/26 18:44:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/26 18:43:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/26 18:43:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/26 18:43:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/26 18:43:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/26 18:43:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/26 18:36:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/26 13:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Application Data\Malwarebytes
[2010/12/26 13:18:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/26 13:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/26 13:18:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/26 13:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/26 13:09:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ivan\My Documents\TFC.exe
[2010/12/26 10:54:16 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys
[2010/12/26 10:54:16 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys
[2010/12/26 10:54:16 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys
[2010/12/26 10:54:16 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys
[2010/12/26 10:54:16 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys
[2010/12/26 10:54:16 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys
[2010/12/26 10:54:16 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys
[2010/12/26 10:54:16 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys
[2010/12/26 10:54:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005
[2010/12/25 21:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Application Data\Sammsoft
[2010/12/25 21:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2010/12/25 21:18:45 | 000,000,000 | ---D | C] -- C:\symbols
[2010/12/25 21:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010/12/25 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Application Data\Tific
[2010/12/25 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Local Settings\Application Data\Symantec
[2010/12/25 20:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/12/24 21:26:09 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/12/24 21:26:09 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/12/24 21:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/12/24 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/24 21:15:38 | 000,000,000 | ---D | C] -- C:\1e93ef42b2cc3e542014da214d5d46
[2010/12/24 21:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/12/24 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/12/24 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/24 21:06:14 | 000,000,000 | ---D | C] -- C:\found.000
[2010/12/24 21:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/12/24 21:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/12/24 21:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/12/24 20:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2010/12/24 18:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate(2)
[2010/12/24 17:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Application Data\FixCleaner
[2010/12/24 17:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2010/12/24 17:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Local Settings\Application Data\SlimWare Utilities Inc
[2010/12/21 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/12/12 11:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Application Data\ComodoGroup
[2010/12/11 23:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/12/11 23:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/12/11 23:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/11 23:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/12/11 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\My Documents\Ace Utilities Backups
[2010/12/11 17:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities
[2010/12/09 19:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/27 19:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/27 19:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/27 19:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/27 18:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Local Settings\Application Data\Apple
[2010/11/27 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/27 18:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/11/27 18:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Local Settings\Application Data\Apple Computer
[2010/11/26 21:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ivan\Application Data\W Photo Studio Viewer

========== Files - Modified Within 30 Days ==========

[2010/12/26 20:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/26 20:23:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
[2010/12/26 20:23:09 | 000,001,728 | -H-- | M] () -- C:\Documents and Settings\Ivan\My Documents\Default.rdp
[2010/12/26 20:21:37 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Ivan\My Documents\abc.doc
[2010/12/26 19:21:49 | 000,078,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/26 19:21:49 | 000,017,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/26 19:17:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/26 19:17:27 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/26 19:17:25 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/26 19:17:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 19:17:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/12/26 19:17:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/12/26 18:44:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/26 18:42:47 | 003,998,686 | R--- | M] () -- C:\Documents and Settings\Ivan\Desktop\ComboFix.exe
[2010/12/26 15:53:51 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Ivan\My Documents\Log Results.doc
[2010/12/26 13:18:22 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/26 13:18:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/26 13:13:42 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/12/26 13:13:13 | 000,597,470 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2010/12/26 13:11:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\My Documents\TFC.exe
[2010/12/25 21:45:03 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\Check PC For Errors.lnk
[2010/12/25 21:45:03 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2010/12/25 03:05:34 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/25 03:02:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/24 21:26:09 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/12/24 21:26:09 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/12/24 21:26:09 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/12/24 21:26:09 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/12/24 21:25:48 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\Norton Installation Files.lnk
[2010/12/24 21:02:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2010/12/24 21:01:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/12/24 21:01:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/12/24 21:01:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/12/24 20:46:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/23 20:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/21 22:13:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 16:11:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\crpf.bin
[2010/12/19 16:11:46 | 000,000,004 | ---- | M] () -- C:\WINDOWS\crpf_sdum.bin
[2010/12/11 17:36:22 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ace Utilities.lnk
[2010/12/11 17:36:22 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\Ace Utilities.lnk
[2010/12/06 03:11:15 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Ivan\My Documents\Flyer questions.doc
[2010/12/05 22:37:58 | 000,102,829 | ---- | M] () -- C:\Documents and Settings\Ivan\My Documents\IJG photo.JPG
[2010/12/05 18:02:17 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Ivan\My Documents\Election envelope.pub
[2010/11/28 12:27:51 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Ivan\My Documents\IJG letterhead - Personal.doc
[2010/11/28 12:25:57 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\Microsoft Office Word 2003.lnk
[2010/11/27 19:00:38 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/27 18:35:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2010/12/26 20:21:36 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Ivan\My Documents\abc.doc
[2010/12/26 18:44:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/26 18:44:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/26 18:43:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/26 18:43:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/26 18:43:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/26 18:43:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/26 18:43:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/26 18:42:38 | 003,998,686 | R--- | C] () -- C:\Documents and Settings\Ivan\Desktop\ComboFix.exe
[2010/12/26 13:29:29 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Ivan\My Documents\Log Results.doc
[2010/12/26 13:18:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/26 13:18:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/26 13:13:08 | 000,597,470 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2010/12/26 10:54:16 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat
[2010/12/26 10:54:16 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat
[2010/12/26 10:54:16 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat
[2010/12/26 10:54:16 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat
[2010/12/26 10:54:16 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat
[2010/12/26 10:54:16 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat
[2010/12/26 10:54:16 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat
[2010/12/26 10:54:16 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat
[2010/12/26 10:54:16 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf
[2010/12/26 10:54:16 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf
[2010/12/26 10:54:16 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf
[2010/12/26 10:54:16 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf
[2010/12/26 10:54:16 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf
[2010/12/26 10:54:16 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf
[2010/12/26 10:54:16 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf
[2010/12/26 10:54:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf
[2010/12/26 10:54:01 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini
[2010/12/25 21:45:03 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\Ivan\Desktop\Check PC For Errors.lnk
[2010/12/25 21:45:03 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2010/12/24 21:26:09 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/12/24 21:26:09 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/12/24 21:26:04 | 000,002,254 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/12/24 21:17:27 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/24 21:02:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2010/12/24 21:01:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/12/24 21:01:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/12/24 21:01:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/12/24 20:46:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/24 20:33:07 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/21 22:13:48 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/12/19 16:11:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\crpf.bin
[2010/12/19 16:11:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\crpf_sdum.bin
[2010/12/11 17:36:22 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ace Utilities.lnk
[2010/12/11 17:36:22 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Ivan\Desktop\Ace Utilities.lnk
[2010/12/05 22:29:36 | 000,102,829 | ---- | C] () -- C:\Documents and Settings\Ivan\My Documents\IJG photo.JPG
[2010/12/05 18:02:17 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Ivan\My Documents\Election envelope.pub
[2010/12/04 14:51:25 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Ivan\My Documents\Flyer questions.doc
[2010/11/28 12:27:09 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Ivan\My Documents\IJG letterhead - Personal.doc
[2010/11/27 19:00:38 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/27 18:59:52 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/27 03:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 03:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 02:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/06/10 22:33:05 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/06/09 22:09:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/09 13:53:48 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/09 09:36:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/12/24 21:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/24 20:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\FixCleaner
[2010/11/04 21:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Leadertech
[2010/10/30 15:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\ooVoo Details
[2010/12/25 21:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Sammsoft
[2010/06/09 02:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\SystemRequirementsLab
[2010/12/25 20:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Tific
[2010/11/26 23:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\W Photo Studio Viewer

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/09 13:47:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/09 13:42:29 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/26 18:44:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/26 19:23:51 | 000,013,919 | ---- | M] () -- C:\ComboFix.txt
[2010/06/09 13:47:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/25 22:25:53 | 001,421,914 | ---- | M] () -- C:\Copy of new Direct Loan MPN - Ariel.pdf
[2010/12/25 21:20:19 | 000,022,528 | ---- | M] () -- C:\debuglog.txt
[2010/06/09 13:47:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/09 13:47:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/04 21:12:05 | 000,006,830 | ---- | M] () -- C:\PA police record request - Ariel.htm
[2010/12/26 19:17:15 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/11 13:44:22 | 000,167,669 | ---- | M] () -- C:\Picture1.GIF
[2010/07/11 13:36:54 | 000,031,317 | ---- | M] () -- C:\Picture1.jpg

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/06/09 13:46:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/10/06 14:37:30 | 000,315,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp083.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/06/09 09:33:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/09 09:33:03 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/09 09:33:03 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/06/09 13:47:14 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/09 13:50:47 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/06/09 13:50:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/26 18:42:47 | 003,998,686 | R--- | M] () -- C:\Documents and Settings\Ivan\Desktop\ComboFix.exe
[2010/12/26 20:23:18 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/12/26 13:11:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\My Documents\TFC.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/01/19 12:26:00 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\Ivan\Favorites\Additional Objects Template.lnk
[2006/01/19 12:26:00 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\Ivan\Favorites\Additional Templates Folder.lnk
[2006/01/19 12:26:40 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Ivan\Favorites\Default Template.lnk
[2008/06/03 23:13:50 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Ivan\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/26 20:35:26 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Ivan\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 07:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 22:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 07:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 22:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Phoebbufet · 2010/12/26

Here is the Extras.txt log:

OTL Extras logfile created on: 12/26/2010 8:35:34 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Ivan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 419.02 Gb Free Space | 89.97% Space Free | Partition Type: NTFS
Drive D: | 193.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: IVAN-PC | User Name: Ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FSX Flight Weather Report1.0" = FSX Flight Weather Report
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Shop for HP Supplies" = Shop for HP Supplies
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2010 8:05:11 PM | Computer Name = IVAN-PC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/24/2010 8:12:33 PM | Computer Name = IVAN-PC | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 3.0.8107.0, faulting module
mpengine.dll, version 1.1.6402.0, fault address 0x0001e4d2.

Error - 12/24/2010 9:21:54 PM | Computer Name = IVAN-PC | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 12/24/2010 9:21:54 PM | Computer Name = IVAN-PC | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 12/24/2010 9:34:50 PM | Computer Name = IVAN-PC | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 12/24/2010 9:34:50 PM | Computer Name = IVAN-PC | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 12/24/2010 9:36:58 PM | Computer Name = IVAN-PC | Source = ESENT | ID = 474
Description = wuauclt (1144) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb "
at offset 55205888 (0x00000000034a6000) for 4096 (0x00001000) bytes failed verification
due to a page checksum mismatch. The expected checksum was 2651270465 (0x9e072d41)
and the actual checksum was 2651008321 (0x9e032d41). The read operation will fail
with error -1018 (0xfffffc06). If this condition persists then please restore
the database from a previous backup.

Error - 12/24/2010 9:39:35 PM | Computer Name = IVAN-PC | Source = Application Error | ID = 1000
Description = Faulting application MsMpEng.exe, version 3.0.8107.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001a5db.

Error - 12/24/2010 9:39:48 PM | Computer Name = IVAN-PC | Source = MsiInstaller | ID = 11335
Description = Product: NVIDIA PhysX -- Error 1335. The cabinet file 'Cabs.w1.cab'
required for this installation is corrupt and cannot be used. This could indicate
a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 12/24/2010 9:40:15 PM | Computer Name = IVAN-PC | Source = MsiInstaller | ID = 11335
Description = Product: NVIDIA Control Panel -- Error 1335.The cabinet file 'Data1.cab'
required for this installation is corrupt and cannot be used. This could indicate
a network error, an error reading from the CD-ROM, or a problem with this package.

[ System Events ]
Error - 12/25/2010 10:36:29 PM | Computer Name = IVAN-PC | Source = System Error | ID = 1003
Description = Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3
41c95402, parameter4 cdcdcdcd.

Error - 12/25/2010 11:36:55 PM | Computer Name = IVAN-PC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 8054b10d, parameter3
af64fb2c, parameter4 00000000.

Error - 12/25/2010 11:38:35 PM | Computer Name = IVAN-PC | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 12/25/2010 11:39:05 PM | Computer Name = IVAN-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.

Error - 12/25/2010 11:39:40 PM | Computer Name = IVAN-PC | Source = System Error | ID = 1003
Description = Error code 0000001a, parameter1 00041284, parameter2 6acf5001, parameter3
000042d5, parameter4 c0883000.

Error - 12/26/2010 2:11:44 PM | Computer Name = IVAN-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/26/2010 2:11:45 PM | Computer Name = IVAN-PC | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/26/2010 2:11:45 PM | Computer Name = IVAN-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/26/2010 7:36:39 PM | Computer Name = IVAN-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/26/2010 8:18:01 PM | Computer Name = IVAN-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

broni · 2010/12/26

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

OTL log looks perfectly clean

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Phoebbufet · 2010/12/26

I updated Java and removed the older version(s). Here is the checkup.txt log (I will upload the ESETScahn report in my next post shortly):

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

broni · 2010/12/26

Update Firefox to the current 3.6.13 version.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

Phoebbufet · 2010/12/26

Cleaned the temp file and finished the ESET scan - no threats found.

broni · 2010/12/26

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

Phoebbufet · 2010/12/26

Completed the Firefox and Adobe updates/uninstalls.

broni · 2010/12/26

Go on....

Log in or Sign up

Solved Dump data

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Dump data

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Phoebbufet Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches