A few weeks ago i came home and attempted to access the internet via firefox, received a message that my proxy settings may have been changed, tired to adjust but to no avail. I then tried internet explorer and found the some problem. reset connections, rebooted, tried safe mode. nothing worked. I ran a MBAM scan and found several trojans, I removed them ,tried to reconnect and still nothing. Ran a full Scan with MBAM, and found a couple of more nasty critters. removed them and still no internet connection. I then attempted a system restore, restored to point of a week prior. This seemed to fix the issue of connecting to internet, but ever since the access speed has been slow, taking up to a minute or so to load a web page EX: My email zoominternet, very slow. I also noticed that my download speed was decreased from 1.2 mbit per second to at most 200 kbits per second.
Early this morning, i can across the program combo fix, I ran a scan and it detected a root kit it then rebooted my system and then proceeded to do a full scan, it found several files and deleted them. Here is the name of the root kit and the files deleted by ComboFix.
(Let me know if you want a copy of that combofix log) Please note i ran the combofix scan before coming to this forum.)
Root Kit Name: TDL3
Files that Combo Fix Deleted:
C:\desktop.ini
c:\documents and settings\Owner\Application Data\inst.exe
c:\program files\Antbar\Ant.com Toolbar\tbHElper.dll
C:\test.txt
c:\windows\jestertb.dll
c:\windows\system32\Thumbs.db
E:\autorun.inf
Here are the scans that you requested
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5256
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/6/2010 10:01:32 AM
mbam-log-2010-12-06 (10-01-32).txt
Scan type: Quick scan
Objects scanned: 164328
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-06 10:08:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: random named file.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgxoqkob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC7FEBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAC7FE9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAC7FEB0C]
Code 826E7A7F IoReportHalResourceUsage
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\IpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\TcpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\UdpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-05.01) - NTFSx86
Run by Owner at 10:11:07.53 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -5:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe acrobat speed launcher.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmstatus.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmartware.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\opensearch@ask.com
FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Extension: Office Black: Office2007Black@JBBS - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-7 102400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-17 10384]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-9-29 101904]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-12-6 3584]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-10 16512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-5 25704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]
=============== Created Last 30 ================
2010-12-06 14:53:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 14:52:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 14:18:49 38848 ----a-w- c:\windows\avastSS.scr
2010-12-06 14:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-06 11:44:47 -------- d-----w- c:\program files\windows media components
2010-12-06 10:35:10 -------- d-sha-r- C:\cmdcons
2010-12-06 10:31:52 98816 ----a-w- c:\windows\sed.exe
2010-12-06 10:31:52 89088 ----a-w- c:\windows\MBR.exe
2010-12-06 10:31:52 256512 ----a-w- c:\windows\PEV.exe
2010-12-06 10:31:52 161792 ----a-w- c:\windows\SWREG.exe
2010-12-06 01:58:20 -------- d-----w- c:\program files\common files\HP
2010-12-06 01:57:52 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-12-06 01:57:52 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-12-06 01:57:52 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-12-04 05:29:10 -------- d-----w- c:\docume~1\owner\applic~1\NeroDigital(TM)
2010-12-04 04:55:36 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero_AG
2010-12-04 04:52:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero
2010-12-02 17:24:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-12-02 17:24:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-12-02 17:24:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-12-02 17:24:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-12-02 17:24:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-12-02 17:24:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-12-02 17:24:58 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-12-02 13:36:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-12-02 13:36:47 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-12-02 13:36:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-12-02 13:36:47 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-12-02 13:36:47 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-12-02 13:36:47 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-12-02 13:36:47 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-12-02 12:54:49 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-12-02 12:33:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2010-12-01 06:09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 11:10:33 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-21 10:45:25 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
2010-11-11 06:45:40 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Western_Digital
2010-11-11 06:44:34 -------- d-----w- c:\docume~1\owner\applic~1\Western Digital
2010-11-11 06:44:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2010-11-07 07:30:52 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Unity
2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 20:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 19:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 19:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 19:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 19:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 19:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 19:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 19:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 19:11:42 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
2010-09-24 18:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 19:10:18 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-15 04:35:31 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
============= FINISH: 10:11:57.59 ==============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x254023f800+1
Install Date: 9/1/2009 5:37:48 PM
System Uptime: 12/6/2010 9:46:43 AM (1 hours ago)
Motherboard: Dell Inc. | | 0KP561
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU | 1994/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 116.204 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 931 GiB total, 22.09 GiB free.
F: is CDROM (UDF)
G: is FIXED (NTFS) - 297 GiB total, 170.238 GiB free.
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Service: b57w2k
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-N USB Network Adapter
Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Manufacturer: Marvell
Name: Wireless-N USB Network Adapter #7
PNP Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Service: MRVW245
==== System Restore Points ===================
RP1: 12/6/2010 6:16:25 AM - System Checkpoint
RP2: 12/6/2010 6:16:55 AM - Revo Uninstaller's restore point - Akamai NetSession Interface
RP3: 12/6/2010 6:17:55 AM - Revo Uninstaller's restore point - Any Video Converter Professional 2.7.9
RP4: 12/6/2010 6:18:47 AM - Revo Uninstaller's restore point - DVDx 2
RP5: 12/6/2010 6:19:23 AM - Revo Uninstaller's restore point - GOM Encoder
RP6: 12/6/2010 6:19:32 AM - GOM Encoder Kaldirildi
RP7: 12/6/2010 6:19:59 AM - Revo Uninstaller's restore point - Dziobas Rar Player 0.009.39
RP8: 12/6/2010 6:20:53 AM - Revo Uninstaller's restore point - Microsoft Expression Studio 4
RP9: 12/6/2010 6:32:52 AM - Revo Uninstaller's restore point - Microsoft Expression Encoder 4 Screen Capture Codec
RP10: 12/6/2010 6:32:58 AM - Removed Microsoft Expression Encoder 4 Screen Capture Codec
RP11: 12/6/2010 6:33:25 AM - Revo Uninstaller's restore point - Microsoft Expression Blend 3 SDK
RP12: 12/6/2010 6:33:33 AM - Removed Microsoft Expression Blend 3 SDK
RP13: 12/6/2010 6:34:22 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for .NET 4
RP14: 12/6/2010 6:34:32 AM - Removed Microsoft Expression Blend SDK for .NET 4
RP15: 12/6/2010 6:35:31 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for Silverlight 4
RP16: 12/6/2010 6:35:38 AM - Removed Microsoft Expression Blend SDK for Silverlight 4
RP17: 12/6/2010 6:36:49 AM - Revo Uninstaller's restore point - Remote Control USB Driver
RP18: 12/6/2010 6:37:04 AM - Removed Remote Control USB Driver
RP19: 12/6/2010 6:38:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP20: 12/6/2010 6:39:16 AM - Revo Uninstaller's restore point - Windows Media Encoder 9 Series
RP21: 12/6/2010 6:44:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP22: 12/6/2010 6:46:04 AM - Revo Uninstaller's restore point - Ultra Video Joiner 5.1.1127
RP23: 12/6/2010 6:47:10 AM - Revo Uninstaller's restore point - Unity Web Player
RP24: 12/6/2010 6:47:44 AM - Revo Uninstaller's restore point - WPF Toolkit February 2010 (Version 3.5.50211.1)
RP25: 12/6/2010 6:47:53 AM - Removed WPF Toolkit February 2010 (Version 3.5.50211.1)
RP26: 12/6/2010 6:48:20 AM - Revo Uninstaller's restore point - XviD4PSP 5.0
RP27: 12/6/2010 6:49:36 AM - Revo Uninstaller's restore point - TitanTV Client components for ATI
RP28: 12/6/2010 6:49:55 AM - Removed TitanTV Client components for ATI
RP29: 12/6/2010 8:19:50 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
RP30: 12/6/2010 9:18:44 AM - avast! Free Antivirus Setup
==== Installed Programs ======================
32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Acrobat 5.0
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 9.4.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
avast! Free Antivirus
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
CustomerResearchQFolder
DAO
Data Lifeguard Diagnostic for Windows
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
erLT
eSupportQFolder
GOM Player
GPBaseService
Haemo
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Hyperdesk - Crysis Warhead
Hyperdesk - DarkMatter Gamma Ray
Hyperdesk - DarkMatter Solar Flare
Hyperdesk - DarkMatter Subspace
Hyperdesk - Sony Ericsson Onyx Series
Intel(R) Graphics Media Accelerator Driver
KhalInstallWrapper
LightScribe 1.4.31.1
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Mozilla Firefox (3.5.3)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
neroxml
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Revo Uninstaller 1.90
Royale Remixed Theme
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skins
SmartWebPrinting
SmnoduloTwe
SolutionCenter
SoundMAX
Sql Server Customer Experience Improvement Program
Status
Suite Specific
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
VCRedistSetup
VideoToolkit01
WD SmartWare
WebFldrs XP
WebReg
Windows Essentials Media Codec Pack 3.2
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
WinRAR archiver
Zune
Zune Desktop Theme
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
==== Event Viewer Messages From Past Week ========
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acledit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acctres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaaamon.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\a3d.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 4.12.1.2009.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\6to4svc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5935.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520850.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520437.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/3/2010 2:34:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2435682).
12/3/2010 2:25:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/3/2010 11:32:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
12/3/2010 11:32:15 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/2/2010 12:57:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/2/2010 10:57:30 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 11:41:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:45:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:37:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:35:46 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 1:16:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x254023f800+1'. It has stopped monitoring the volume.
11/30/2010 11:13:40 PM, error: Service Control Manager [7034] - The Hyperdesk Theme Enabler service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
Early this morning, i can across the program combo fix, I ran a scan and it detected a root kit it then rebooted my system and then proceeded to do a full scan, it found several files and deleted them. Here is the name of the root kit and the files deleted by ComboFix.
(Let me know if you want a copy of that combofix log) Please note i ran the combofix scan before coming to this forum.)
Root Kit Name: TDL3
Files that Combo Fix Deleted:
C:\desktop.ini
c:\documents and settings\Owner\Application Data\inst.exe
c:\program files\Antbar\Ant.com Toolbar\tbHElper.dll
C:\test.txt
c:\windows\jestertb.dll
c:\windows\system32\Thumbs.db
E:\autorun.inf
Here are the scans that you requested
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5256
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/6/2010 10:01:32 AM
mbam-log-2010-12-06 (10-01-32).txt
Scan type: Quick scan
Objects scanned: 164328
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-06 10:08:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: random named file.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgxoqkob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC7FEBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAC7FE9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAC7FEB0C]
Code 826E7A7F IoReportHalResourceUsage
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\IpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\TcpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\UdpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIpaswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-05.01) - NTFSx86
Run by Owner at 10:11:07.53 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1341 [GMT -5:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe acrobat speed launcher.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe gamma.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmstatus.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmartware.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Ant Video Downloader: anttoolbar@ant.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\anttoolbar@ant.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: MultirowBookmarksToolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
FF - Extension: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Extension: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Extension: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Extension: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Extension: Virtus Search Opt-in: extension@virtusdesigns.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\extension@virtusdesigns.com
FF - Extension: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Extension: Nuri: {beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{beab8ae9-eb2d-4ded-3b29-d35f6b82bfa5}
FF - Extension: XboxFox: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
FF - Extension: Stratini Padded: {8479ade0-2eec-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - Extension: Virtus Ask Search Plugin: opensearch@ask.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\opensearch@ask.com
FF - Extension: Firefox Zune: {e06bacc0-d6f8-11de-8a39-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}
FF - Extension: Revelation: {586bd060-22d6-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{586bd060-22d6-11de-8c30-0800200c9a66}
FF - Extension: Vista Red: {d4385b60-11f0-11de-8c30-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{d4385b60-11f0-11de-8c30-0800200c9a66}
FF - Extension: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Extension: Office Black: Office2007Black@JBBS - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Office2007Black@JBBS
FF - Extension: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Extension: Alienware Invader v1.2: {5476e6b0-3de0-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{5476e6b0-3de0-11dd-ae16-0800200c9a66}
FF - Extension: StrataStripe: {cbbbbcd0-3cf7-11dd-ae16-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{cbbbbcd0-3cf7-11dd-ae16-0800200c9a66}
FF - Extension: XP on Vista: {07b2a769-ed19-4483-87ce-c643914caed1} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{07b2a769-ed19-4483-87ce-c643914caed1}
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\Foxdie@tanjihay.com
FF - Extension: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Extension: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
FF - Extension: Bazzacuda Image Saver Plus: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z9u88kuq.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-6 165584]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-6 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-7 102400]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-17 10384]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2010-9-29 101904]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-12-6 3584]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-3-10 16512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-6 40384]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-5 25704]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; [x]
=============== Created Last 30 ================
2010-12-06 14:53:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 14:52:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 14:18:49 38848 ----a-w- c:\windows\avastSS.scr
2010-12-06 14:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-06 11:44:47 -------- d-----w- c:\program files\windows media components
2010-12-06 10:35:10 -------- d-sha-r- C:\cmdcons
2010-12-06 10:31:52 98816 ----a-w- c:\windows\sed.exe
2010-12-06 10:31:52 89088 ----a-w- c:\windows\MBR.exe
2010-12-06 10:31:52 256512 ----a-w- c:\windows\PEV.exe
2010-12-06 10:31:52 161792 ----a-w- c:\windows\SWREG.exe
2010-12-06 01:58:20 -------- d-----w- c:\program files\common files\HP
2010-12-06 01:57:52 970752 ----a-w- c:\windows\system32\hpotiop6.dll
2010-12-06 01:57:52 729088 ----a-w- c:\windows\system32\hpowiax8.dll
2010-12-06 01:57:52 303104 ----a-w- c:\windows\system32\hpovst14.dll
2010-12-04 05:29:10 -------- d-----w- c:\docume~1\owner\applic~1\NeroDigital(TM)
2010-12-04 04:55:36 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero_AG
2010-12-04 04:52:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Nero
2010-12-02 17:24:59 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-12-02 17:24:59 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-12-02 17:24:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-12-02 17:24:59 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-12-02 17:24:59 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-12-02 17:24:59 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-12-02 17:24:58 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-12-02 13:36:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2010-12-02 13:36:47 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2010-12-02 13:36:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2010-12-02 13:36:47 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2010-12-02 13:36:47 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2010-12-02 13:36:47 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2010-12-02 13:36:47 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2010-12-02 12:54:49 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-12-02 12:33:50 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2010-12-01 06:09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-21 11:10:33 -------- d-----w- c:\program files\Essentials Codec Pack
2010-11-21 10:45:25 -------- d-----w- c:\program files\NeroAACCodec-1.5.1
2010-11-11 06:45:40 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Western_Digital
2010-11-11 06:44:34 -------- d-----w- c:\docume~1\owner\applic~1\Western Digital
2010-11-11 06:44:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2010-11-07 07:30:52 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Unity
2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 20:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 19:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 19:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 19:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 19:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 19:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 19:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 19:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 19:11:42 111104 ----a-w- c:\windows\system32\ZuneIPTransport.dll
2010-09-24 18:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 19:10:18 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-15 04:35:31 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
============= FINISH: 10:11:57.59 ==============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x254023f800+1
Install Date: 9/1/2009 5:37:48 PM
System Uptime: 12/6/2010 9:46:43 AM (1 hours ago)
Motherboard: Dell Inc. | | 0KP561
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU | 1994/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 116.204 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 931 GiB total, 22.09 GiB free.
F: is CDROM (UDF)
G: is FIXED (NTFS) - 297 GiB total, 170.238 GiB free.
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_169B&SUBSYS_02201028&REV_02\4&117729E2&0&00E0
Service: b57w2k
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-N USB Network Adapter
Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Manufacturer: Marvell
Name: Wireless-N USB Network Adapter #7
PNP Device ID: USB\VID_13B1&PID_0029\5&425E0F2&0&2
Service: MRVW245
==== System Restore Points ===================
RP1: 12/6/2010 6:16:25 AM - System Checkpoint
RP2: 12/6/2010 6:16:55 AM - Revo Uninstaller's restore point - Akamai NetSession Interface
RP3: 12/6/2010 6:17:55 AM - Revo Uninstaller's restore point - Any Video Converter Professional 2.7.9
RP4: 12/6/2010 6:18:47 AM - Revo Uninstaller's restore point - DVDx 2
RP5: 12/6/2010 6:19:23 AM - Revo Uninstaller's restore point - GOM Encoder
RP6: 12/6/2010 6:19:32 AM - GOM Encoder Kaldirildi
RP7: 12/6/2010 6:19:59 AM - Revo Uninstaller's restore point - Dziobas Rar Player 0.009.39
RP8: 12/6/2010 6:20:53 AM - Revo Uninstaller's restore point - Microsoft Expression Studio 4
RP9: 12/6/2010 6:32:52 AM - Revo Uninstaller's restore point - Microsoft Expression Encoder 4 Screen Capture Codec
RP10: 12/6/2010 6:32:58 AM - Removed Microsoft Expression Encoder 4 Screen Capture Codec
RP11: 12/6/2010 6:33:25 AM - Revo Uninstaller's restore point - Microsoft Expression Blend 3 SDK
RP12: 12/6/2010 6:33:33 AM - Removed Microsoft Expression Blend 3 SDK
RP13: 12/6/2010 6:34:22 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for .NET 4
RP14: 12/6/2010 6:34:32 AM - Removed Microsoft Expression Blend SDK for .NET 4
RP15: 12/6/2010 6:35:31 AM - Revo Uninstaller's restore point - Microsoft Expression Blend SDK for Silverlight 4
RP16: 12/6/2010 6:35:38 AM - Removed Microsoft Expression Blend SDK for Silverlight 4
RP17: 12/6/2010 6:36:49 AM - Revo Uninstaller's restore point - Remote Control USB Driver
RP18: 12/6/2010 6:37:04 AM - Removed Remote Control USB Driver
RP19: 12/6/2010 6:38:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP20: 12/6/2010 6:39:16 AM - Revo Uninstaller's restore point - Windows Media Encoder 9 Series
RP21: 12/6/2010 6:44:33 AM - Revo Uninstaller's restore point - Security Update for Windows Media Encoder (KB979332)
RP22: 12/6/2010 6:46:04 AM - Revo Uninstaller's restore point - Ultra Video Joiner 5.1.1127
RP23: 12/6/2010 6:47:10 AM - Revo Uninstaller's restore point - Unity Web Player
RP24: 12/6/2010 6:47:44 AM - Revo Uninstaller's restore point - WPF Toolkit February 2010 (Version 3.5.50211.1)
RP25: 12/6/2010 6:47:53 AM - Removed WPF Toolkit February 2010 (Version 3.5.50211.1)
RP26: 12/6/2010 6:48:20 AM - Revo Uninstaller's restore point - XviD4PSP 5.0
RP27: 12/6/2010 6:49:36 AM - Revo Uninstaller's restore point - TitanTV Client components for ATI
RP28: 12/6/2010 6:49:55 AM - Removed TitanTV Client components for ATI
RP29: 12/6/2010 8:19:50 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
RP30: 12/6/2010 9:18:44 AM - avast! Free Antivirus Setup
==== Installed Programs ======================
32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Acrobat 5.0
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 9.4.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
avast! Free Antivirus
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
CustomerResearchQFolder
DAO
Data Lifeguard Diagnostic for Windows
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
erLT
eSupportQFolder
GOM Player
GPBaseService
Haemo
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Hyperdesk - Crysis Warhead
Hyperdesk - DarkMatter Gamma Ray
Hyperdesk - DarkMatter Solar Flare
Hyperdesk - DarkMatter Subspace
Hyperdesk - Sony Ericsson Onyx Series
Intel(R) Graphics Media Accelerator Driver
KhalInstallWrapper
LightScribe 1.4.31.1
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Mozilla Firefox (3.5.3)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
neroxml
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Revo Uninstaller 1.90
Royale Remixed Theme
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skins
SmartWebPrinting
SmnoduloTwe
SolutionCenter
SoundMAX
Sql Server Customer Experience Improvement Program
Status
Suite Specific
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
VCRedistSetup
VideoToolkit01
WD SmartWare
WebFldrs XP
WebReg
Windows Essentials Media Codec Pack 3.2
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
WinRAR archiver
Zune
Zune Desktop Theme
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
==== Event Viewer Messages From Past Week ========
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/6/2010 9:44:33 AM, error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/5/2010 8:52:10 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 12:59:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acledit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:54 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\acctres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaaamon.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\a3d.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 4.12.1.2009.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\6to4svc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5935.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520850.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 12:59:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\12520437.cpx. This file was restored to the original version to maintain system stability. The file version of the system file is 0.0.0.1.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aclui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\accwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\access.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
12/4/2010 1:00:34 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\aaclient.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.6001.18000.
12/3/2010 2:34:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2435682).
12/3/2010 2:25:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/3/2010 11:32:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
12/3/2010 11:32:15 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/2/2010 12:57:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/2/2010 10:57:30 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 11:41:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:45:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A703C0ECE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:37:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 10:35:46 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001D0928C224 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 1:16:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x254023f800+1'. It has stopped monitoring the volume.
11/30/2010 11:13:40 PM, error: Service Control Manager [7034] - The Hyperdesk Theme Enabler service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================