Jump to content

Computer keeps crashing and startup fails 2 out of 3 times


Recommended Posts

Here are contents of DDS.txt and Attach.txt generated from DDS

 

 

*************

DDS.txt

*************

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21342
Run by HP_Administrator at 11:20:09 on 2013-07-17
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1440 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.





uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = 127.0.0.1:9421;<local>


BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {365723b6-04f0-4c31-963b-ba8d22bd8c17} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.1.14\ips\ipsbho.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.1.14\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.1.14\coieplg.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\hp_administrator\local settings\application data\akamai\netsession_win.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: StumbleUpon: &Blog This - StumbleUponIEBar.dll/blogimage
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - <orphaned>
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.










TCP: NameServer = 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{9D73BE98-044B-4593-9AB8-745507429AAE} : DHCPNameServer = 192.168.1.1
Handler: bw+0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw+0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw-0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw-0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw00 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw00s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw10 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw10s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw20 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw20s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw30 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw30s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw40 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw40s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw50 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw50s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw60 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw60s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw70 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw70s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw80 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw80s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw90 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw90s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwa0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwa0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwb0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwb0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwc0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwc0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwd0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwd0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwe0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwe0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwf0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwf0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: bwg0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwg0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwh0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwh0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwi0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwi0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwj0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwj0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwk0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwk0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwl0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwl0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwm0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwm0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwn0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwn0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwo0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwo0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwp0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwp0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwq0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwq0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwr0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwr0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bws0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bws0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwt0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwt0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwu0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwu0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwv0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwv0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bww0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bww0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwx0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwx0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwy0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwy0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwz0 - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwz0s - {bfc7ab99-6e99-4977-9ae3-42aa5276c091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: offline-8876480 - {BFC7AB99-6E99-4977-9AE3-42AA5276C091} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\s9jtbs0c.default-1373979163769\

FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\citrix\plugins\92\npappdetector.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-07-15 15:48; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\IPSFFPlgn
FF - ExtSQL: 2013-07-16 05:48; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309010.00e\symds.sys [2013-2-5 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309010.00e\symefa.sys [2013-2-5 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309010.00e\ccsetx86.sys [2013-2-5 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309010.00e\ironx86.sys [2013-2-5 149624]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files\cisco systems\cisco valet connector\CiscoAdapterSvc.exe [2010-11-16 528512]
R3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [2010-11-16 816672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-6-25 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\ipsdefs\20130716.001\IDSXpx86.sys [2013-7-16 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\virusdefs\20130716.017\NAVENG.SYS [2013-7-16 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.7.1.5\definitions\virusdefs\20130716.017\NAVEX15.SYS [2013-7-16 1611992]
S2 M4-Service;M4-Service;c:\documents and settings\hp_administrator\local settings\application data\mikogo4\viewer\service\M4-Service.exe [2012-6-13 1008032]
S3 cpuz132;cpuz132;\??\c:\docume~1\hp_adm~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\hp_adm~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
.
=============== Created Last 30 ================
.
2013-07-16 23:42:34    --------    d-----w-    c:\windows\system32\MRT
2013-07-10 21:35:48    --------    d-----w-    c:\documents and settings\hp_administrator\local settings\application data\PCHealth
.
==================== Find3M  ====================
.
2013-06-17 20:51:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-17 20:51:06    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-17 20:50:54    9089416    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-06-07 21:30:55    841216    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:30:54    78336    ----a-w-    c:\windows\system32\ieencode.dll
2013-06-07 21:30:54    1830912    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-07 21:30:54    17408    ------w-    c:\windows\system32\corpol.dll
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-09 07:28:02    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-05-03 01:30:20    2149888    ------w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ------w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 11:22:10.21 ===============
 

***********************************

Attach.txt

***********************************

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/27/2006 6:32:34 PM
System Uptime: 7/17/2013 11:15:18 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | EMERY
Processor:               Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 82.617 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.456 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\00000000
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\00000000
Service: NIC1394
.
==== System Restore Points ===================
.
RP2462: 4/18/2013 6:01:31 PM - System Checkpoint
RP2463: 4/19/2013 6:13:34 PM - System Checkpoint
RP2464: 4/20/2013 7:25:31 PM - System Checkpoint
RP2465: 4/21/2013 8:13:32 PM - System Checkpoint
RP2466: 4/22/2013 8:37:46 PM - System Checkpoint
RP2467: 4/23/2013 11:39:46 PM - System Checkpoint
RP2468: 4/25/2013 2:50:45 AM - System Checkpoint
RP2469: 4/26/2013 7:41:29 AM - System Checkpoint
RP2470: 4/27/2013 5:56:59 PM - System Checkpoint
RP2471: 4/28/2013 9:08:48 PM - System Checkpoint
RP2472: 4/29/2013 10:17:13 PM - System Checkpoint
RP2473: 4/30/2013 10:48:42 PM - System Checkpoint
RP2474: 5/2/2013 9:03:40 PM - System Checkpoint
RP2475: 5/3/2013 9:23:41 PM - System Checkpoint
RP2476: 5/5/2013 12:01:09 AM - System Checkpoint
RP2477: 5/6/2013 1:05:02 AM - System Checkpoint
RP2478: 5/7/2013 6:27:10 AM - System Checkpoint
RP2479: 5/8/2013 6:53:34 PM - System Checkpoint
RP2480: 5/9/2013 7:43:08 PM - System Checkpoint
RP2481: 5/13/2013 1:01:42 PM - System Checkpoint
RP2482: 5/14/2013 2:54:08 PM - System Checkpoint
RP2483: 5/15/2013 3:00:35 AM - Software Distribution Service 3.0
RP2484: 5/15/2013 9:28:34 AM - Software Distribution Service 3.0
RP2485: 5/16/2013 8:16:22 PM - System Checkpoint
RP2486: 5/17/2013 11:00:53 PM - System Checkpoint
RP2487: 5/19/2013 5:58:29 PM - System Checkpoint
RP2488: 5/22/2013 7:55:58 PM - System Checkpoint
RP2489: 5/23/2013 10:09:39 PM - System Checkpoint
RP2490: 5/28/2013 1:19:38 AM - System Checkpoint
RP2491: 5/29/2013 1:31:24 AM - System Checkpoint
RP2492: 5/30/2013 3:01:12 PM - System Checkpoint
RP2493: 6/5/2013 3:07:17 PM - System Checkpoint
RP2494: 6/6/2013 6:09:54 PM - System Checkpoint
RP2495: 6/7/2013 3:00:18 AM - Software Distribution Service 3.0
RP2496: 6/8/2013 3:00:19 AM - Software Distribution Service 3.0
RP2497: 6/9/2013 3:23:14 AM - System Checkpoint
RP2498: 6/10/2013 3:00:21 AM - Software Distribution Service 3.0
RP2499: 6/11/2013 3:00:19 AM - Software Distribution Service 3.0
RP2500: 6/12/2013 4:49:55 AM - System Checkpoint
RP2501: 6/13/2013 7:04:25 AM - System Checkpoint
RP2502: 6/14/2013 8:01:55 AM - System Checkpoint
RP2503: 6/15/2013 8:13:55 AM - System Checkpoint
RP2504: 6/16/2013 8:25:55 AM - System Checkpoint
RP2505: 6/17/2013 1:21:42 PM - Software Distribution Service 3.0
RP2506: 6/17/2013 3:28:21 PM - Software Distribution Service 3.0
RP2507: 6/19/2013 3:00:19 AM - Software Distribution Service 3.0
RP2508: 6/19/2013 3:57:35 PM - Software Distribution Service 3.0
RP2509: 6/20/2013 7:31:57 PM - System Checkpoint
RP2510: 6/21/2013 3:00:18 AM - Software Distribution Service 3.0
RP2511: 6/22/2013 11:03:31 AM - Software Distribution Service 3.0
RP2512: 6/23/2013 3:00:19 AM - Software Distribution Service 3.0
RP2513: 6/24/2013 3:00:18 AM - Software Distribution Service 3.0
RP2514: 6/25/2013 4:00:04 AM - System Checkpoint
RP2515: 6/26/2013 3:00:21 AM - Software Distribution Service 3.0
RP2516: 6/27/2013 3:00:20 AM - Software Distribution Service 3.0
RP2517: 6/28/2013 5:18:46 PM - Software Distribution Service 3.0
RP2518: 6/28/2013 5:26:55 PM - Software Distribution Service 3.0
RP2519: 6/28/2013 5:54:38 PM - Software Distribution Service 3.0
RP2520: 7/8/2013 11:24:42 AM - Software Distribution Service 3.0
RP2521: 7/9/2013 1:19:16 PM - Software Distribution Service 3.0
RP2522: 7/10/2013 1:26:57 PM - Software Distribution Service 3.0
RP2523: 7/10/2013 2:11:35 PM - Removed Google Talk Plugin
RP2524: 7/10/2013 2:15:32 PM - Removed Skype Click to Call
RP2525: 7/10/2013 2:18:22 PM - Removed ViewSonic Monitor Drivers
RP2526: 7/11/2013 2:00:47 PM - Software Distribution Service 3.0
RP2527: 7/12/2013 2:46:46 PM - System Checkpoint
RP2528: 7/13/2013 3:17:19 PM - System Checkpoint
RP2529: 7/15/2013 6:00:00 PM - System Checkpoint
RP2530: 7/16/2013 4:24:20 PM - Software Distribution Service 3.0
RP2531: 7/16/2013 4:35:15 PM - Removed Skype™ 6.3
RP2532: 7/16/2013 4:39:52 PM - Software Distribution Service 3.0
RP2533: 7/16/2013 4:42:16 PM - Software Distribution Service 3.0
RP2534: 7/17/2013 10:59:25 AM - Restore Operation
.
==== Installed Programs ======================
.
5500
5500_Help
5500Tour
5500Trb
Adobe Acrobat  8 Standard
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader XI (11.0.03)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AiO_Scan
AiO_Scan_CDA
AiOSoftware
Apple Application Support
Apple Software Update
AutoUpdate
BlackBerry USB and Modem Drivers 6.1
BufferChm
CameraDrivers
Camtasia Studio 4
Cisco Valet Connector
Compatibility Pack for the 2007 Office system
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Destinations
DivX Codec
DocProc
DocumentViewer
DocumentViewerQFolder
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Evernote v. 4.5.1
Fax
FLV Player 1.3.3
FullDPAppQFolder
GdiplusUpgrade
Google AdWords Editor
Google Update Helper
GoToMeeting 5.4.0.1082
GPL MPEG-1/2 DirectShow Decoder Filter
Haali Media Splitter
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
hp deskjet 6122
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Imaging Device Functions 6.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP Photosmart, Officejet and Deskjet 7.0.A
hp print screen utility
HP PSC & OfficeJet 5.3.B
HP Rhapsody
HP Solution Center & Imaging Support Tools 5.3
HP Update
HP Web Helper
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
Ipswitch WS_FTP Professional 2006
LightScribe  1.4.62.1
Logitech Desktop Messenger
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia HomeSite 5
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office File Validation Add-In
Microsoft Office Project Standard 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy
Norton Internet Security
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
OptionalContentQFolder
PanoStandAlone
PDF Settings
PhotoGallery
ProductContext
PS2
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickBooks Pro 2006
Quicken 2006
QuickTime
RandMap
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB2817183)
Security Update for Windows Internet Explorer 7 (KB2829530)
Security Update for Windows Internet Explorer 7 (KB2838727)
Security Update for Windows Internet Explorer 7 (KB2846071)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Symantec Technical Support Web Controls
TopStyle (Version 3)
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VLC media player 2.0.6
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
XMind
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 10:53:28 AM, error: System Error [1003]  - Error code 1000008e, parameter1 c0000005, parameter2 a418c26e, parameter3 b8327b8c, parameter4 00000000.
7/16/2013 5:50:23 AM, error: System Error [1003]  - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 80522800.
7/16/2013 4:34:58 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Skype 5.10 for Windows (KB2727727).
7/13/2013 12:44:03 PM, error: NIC1394 [5002]  - 1394 Net Adapter #2 : Has determined that the adapter is not functioning properly.
7/13/2013 12:42:46 PM, error: Service Control Manager [7022]  - The Intel® Quick Resume Technology Drivers service hung on starting.
7/12/2013 1:16:59 PM, error: System Error [1003]  - Error code 00000024, parameter1 001902fe, parameter2 a5868608, parameter3 a5868304, parameter4 8051b7e7.
7/10/2013 2:28:46 PM, error: Service Control Manager [7034]  - The Intel® Quick Resume Technology Drivers service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:28:46 PM, error: Service Control Manager [7034]  - The FLEXnet Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:24:23 PM, error: Service Control Manager [7000]  - The M4-Service service failed to start due to the following error:  %1 is not a valid Win32 application.
7/10/2013 2:21:06 PM, error: Service Control Manager [7034]  - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:21:06 PM, error: Service Control Manager [7034]  - The Intel® Quick Resume Technology Drivers service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:21:06 PM, error: Service Control Manager [7034]  - The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:21:06 PM, error: Service Control Manager [7034]  - The CLCV0 service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:21:06 PM, error: Service Control Manager [7034]  - The Cisco Valet Connector Service service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:21:05 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 2:06:03 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
7/10/2013 2:04:44 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Office 2003 (KB2817480).
7/10/2013 2:03:55 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2840629).
7/10/2013 1:24:47 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 687F747A82CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/10/2013 1:22:51 PM, error: Service Control Manager [7022]  - The Intel® Quick Resume Technology Drivers service hung on starting.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello paulconn! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
Link to post
Share on other sites

Thanks for your help!

 

4 log files below (JRT, AdwClearner, mbam,RKreport)

 

***************************

JRT

***************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on Wed 07/17/2013 at 18:44:42.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\All Users\start menu\programs\ebay.lnk"
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/17/2013 at 18:52:24.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

***************************

AdwCleaner

 

***************************

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 18:55:03
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - PAUL_HP_DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\StumbleUpon

***** [Registry] *****

Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\StumbleUpon
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\StumbleUpon
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]

***** [internet Browsers] *****

-\\ Internet Explorer v7.0.6000.21342

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\s9jtbs0c.default-1373979163769\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3419 octets] - [17/07/2013 18:55:03]

########## EOF - C:\AdwCleaner[s1].txt - [3479 octets] ##########
 

 

***************************

mbam-log (no threats found)

***************************

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
HP_Administrator :: PAUL_HP_DESKTOP [administrator]

7/17/2013 7:01:24 PM
mbam-log-2013-07-17 (19-01-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269258
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

***************************

RKreport (I did NOT remove or fix the identified threats)

***************************

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 07/17/2013 19:18:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x89B673F8)
[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x89B66DD0)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x89E78820)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x89C85A10)
[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x89BD2908)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x89B8CE80)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x89BEF608)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x89BF4A08)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x89C70C18)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x89E6D9E8)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x89C4A320)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x89E8C108)
[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x89B67658)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89B6E550)
[Address] SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x89C07518)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x89F4F9F8)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x89E7C490)
[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x89B63370)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x89E56E30)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x89E734D8)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x898D7448)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x89B654E8)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x89B63880)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x89C7C600)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x89C80370)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x89E14420)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x89B64460)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x89B631D8)
[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x89B64260)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x89B63668)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x89C57B70)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x89B6EDA0)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89CBAC30)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x89CE2E00)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x898C4408)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89C56DF0)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89BB4088)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89934108)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89CD4AA8)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89BFB160)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89B92B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250824AS +++++
--- User ---
[MBR] 6588eb7d0749421be15c9ac2f5703ac9
[bSP] e53f08a2547f8ceb7cedf0196039bc96 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 229710 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 470463525 | Size: 8754 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3250824AS +++++
--- User ---
[MBR] d563707c095d40065400ed873e283cc5
[bSP] dec9f0908d0564afbcbcc26fa1ab4266 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 123 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07172013_191830.txt >>


 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Here is ESET Scan result

 

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\JamPartyDemo112-dm.exe    a variant of Win32/Adware.Trymedia.A application    
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\PicMorph.exe    Win32/Toolbar.Zugo application    
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe    Win32/PowerReg application    
 

Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Kaspersky Log: (I chose to scan my D: partition... not sure if I was supposed to do that... but Kaspersky found 3 threats there)

 

Status: Deleted   (events: 4)    
7/19/2013 3:50:56 PM    Deleted    Trojan program Trojan.Win32.Vilsel.btos    C:\Program Files\Sonic\MyDVD\MyDVDReg.exe    High    
7/19/2013 5:27:23 PM    Deleted    Trojan program Trojan.Win32.Vilsel.btos    D:\I386\APPS\APP09012\src\MyDVD.MSI    High    
7/19/2013 5:27:23 PM    Deleted    Trojan program Trojan.Win32.Vilsel.btos    D:\I386\APPS\APP09012\src\MyDVD.MSI//Disk1//FILE0001.B546AE05_E78C_41AC_A641_7EEF6B9FAF1D    High    
7/19/2013 5:27:23 PM    Deleted    Trojan program Trojan.Win32.Vilsel.btos    D:\I386\APPS\APP09012\src\MyDVD.MSI//Disk1    High    
 

Link to post
Share on other sites

overall, the computer is working better (faster) but I'm still having boot issues and shutdown issues.  Very rarely I get "blue screen", mostly I get freezes after long idle time (2 - 3 hours) or immediate freeze when I login to windows.  I suspect I may have an operating system or hardware issue.  I was hoping it was an infection (I am STILL hoping!) that can be fixed.  Do you have any other suggestions?

 

I really appreciate the help you've already given me,

Paul

Link to post
Share on other sites

One last additional scan:

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:

    Drweb-cureit-1_zps34a2f747.gif

    Click the checkbox to participate, and then click on Continue button.

  • Next

    Drweb-cureit-2_zpsee7bdcb6.gif

    Click on Select onjects for scanning

  • Next

    Drweb-cureit-3_zps137b4332.gif

    Put a checkmark by clicking on the boxes as shown.

    Do not select Temporary files or System Restore points.

    Then click on Start scanning button

  • The scan in progress will be shown like this

    Drweb-cureit-4_zps211037d0.gif

  • IF something is detected, you will see a screen similar to this

    Drweb-cureit-5_zpsd7be6acf.gif

    For each item "detected", click on the Action column down arrow, like this

    Drweb-cureit-8_zpsb099f9d5.gif

    Your options will be Cure or Ignore

    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.

    Typically, you will keep the Cure default.

    Then click on the Neutralize button.

  • When the actions are completed, you will see this

    Drweb-cureit-7_zpsd290a127.gif

  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.

    Save the report to your desktop. The report will be called Cureit.log

  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
Re-Enable your antivirus program when all done.
Link to post
Share on other sites

I messed this one up, but hopefully it's still useful. I had to run the scan 3 times... here's what I did:

1) turned off Norton Internet Security and scanned with CureIt... but it ran in Emergency mode.
2) Scan complete with 4 threats found.
3) I forgot to save the log file... but I remember seeing this onscreen:

4 threats found

d:.../../PicMorph.exe
c:../../zoo-vet.exe (a very old game from 5 years ago)
c:../../zoo-vet-(2).exe
I did not see the 4th threat

The recommended action was "Move" and I clicked "Neutralize".

Then I ran the scan again in "regular" mode but forgot to disable Norton
Then I ran the scan again in "regular" mode and DID disable Norton

 

I've tried to copy/paste the 2 logs for the last 2 scans but my Firefox keeps freezing/crashing.  So I'm only pasting the summary at the bottom of each log:

 

Scan 1 - no log file

Scan 2 (norton NOT disabled)

==========================

Total 119558027640 bytes in 50134 files scanned (75383 objects)
Total 50119 files (75368 objects) are clean
There are no infected objects detected
Total 15 files are raised error condition
Scan time is 00:41:58.297

=============================================================================
Dr.Web Scanner SE for Windows v8.2.0.07100
© Doctor Web, Ltd., 1992-2013
Scan session started 2013/07/23 09:14:22
Module location : c:\documents and settings\hp_administrator\local settings\temp\2D72C340-69E9E0F0-BD18BD60-885C60F0\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [use Sound Alerts] NO
OPTION [block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"

 

 

Scan 3 (norton disabled)

==========================

Total 119558027640 bytes in 50134 files scanned (75383 objects)
Total 50119 files (75368 objects) are clean
There are no infected objects detected
Total 15 files are raised error condition
Scan time is 00:41:58.297
 

 

Link to post
Share on other sites

Pretty much the same as before.  Computer is faster, browsing is faster but I'm still having boot issues.  Here is what happens every time I start the computer:

 

1) press power button to turn on computer

2) Start up screen shows

3) then "choose your operating system to start" shows

4) then "there was a problem ... do you want to start windows normally, start in safe mode, or choose a restore point

5) I choose "start windows normally" and the MS Windows icon shows up and appears to be loading windows

6) then goes black screen and freezes

 

7) use power button to turn computer off

8) use power button to turn computer back on

9) Start up screen shows

3) then "choose your operating system to start" shows

4) Then Windows starts automatically loading normally

5) Windows finishes loading and I get the login screen

6) I enter login creds and click "login"

7) Desktop shows up and starts to populate desktop icons

8) Then computer goes black screen and freezes

 

 

Variations of above occur every time I start the computer.  Also, if I leave the computer idle for long periods, it must go into sleep mode and then I have the same issues as above when I try to "wake it up".... and have to use the power button to turn power off and go through start up nightmare again.

 

A few times I get a Microsoft "send error report" message and I submit the report.  That process then takes me to a MS page that says "you have a hardware problem but Microsoft is unable to determine which hardware component is causing the problem.... suggest you disable them one by one to identify which component is the problem.."  or something like that.

 

Any thoughts?  Otherwise... thank you so much for your help.

 

Thanks,

paul

Link to post
Share on other sites

Here is the key of the treasure:

That process then takes me to a MS page that says "you have a hardware problem but Microsoft is unable to determine which hardware component is causing the problem.... suggest you disable them one by one to identify which component is the problem.." or something like that.

My mission is to clean your system from malware. I don't have so much knowledge about hardware issues.

I suggest you to ask for help in this section:

http://forums.malwarebytes.org/index.php?showforum=6

Link to post
Share on other sites

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Dr.Web CureIt and Kaspersky AVP

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.