# Need help with an extremely slow and probably hijacked computer



## composmentis (Jul 21, 2012)

Hi,

This is a great site. Really hope you can help. This is an older PC that I've updated throughout the years. Kids have gotten onto some gaming sites. It is painfully slow, especially starting up and coming out of hibernation. Sometimes I have to reboot just to get it to run faster. It would not surprise me if it has been hijacked and its resources being used in another network somewhere. I'll include requested log info below, though I'm having a difficult time getting the GMER scan to complete, even with the IAT/EAT box unchecked and hitting only the C: drive.

Sys info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+, x86 Family 15 Model 43 Stepping 1
Processor Count: 2
RAM: 958 Mb
Graphics Card: ATI RADEON XPRESS 200 Series, 256 Mb
Hard Drives: C: Total - 230262 MB, Free - 190896 MB; D: Total - 8194 MB, Free - 982 MB;
Motherboard: MSI, AMETHYST-M
Antivirus: None

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by HP_Administrator at 19:29:30 on 2013-04-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.115 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\18.7.2.3\ips\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\18.7.2.3\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
mRun: [<NO NAME>] 
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186974597312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BE3EE324-0B96-4FB2-800B-7B9BDF825397} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\qzxi5quq.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\hp_administrator\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-12 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-12 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20130412.001\BHDrvx86.sys [2013-4-12 1000024]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-12 136312]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2007-4-14 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2007-4-14 3904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-20 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20130426.001\IDSXpx86.sys [2013-4-26 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20130427.007\NAVENG.SYS [2013-4-27 93296]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20130427.007\NAVEX15.SYS [2013-4-27 1603824]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
.
=============== Created Last 30 ================
.
2013-04-08 19:29:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 19:29:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2006-10-09 21:27:00 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 19:36:08.67 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2007 9:55:42 PM
System Uptime: 7/20/2012 8:15:13 PM (0 hours ago)
.
Motherboard: MSI | | AMETHYST-M
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 187.01 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.96 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is FIXED (NTFS) - 932 GiB total, 922.492 GiB free.
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.1
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
ATI Control Panel
ATI Display Driver
AutoUpdate
BufferChm
CameraDrivers
ccCommon
CCleaner (remove only)
CCScore
CheckIt Diagnostics
Component Framework
Connection Keep Alive
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
Drivers Install For Linksys Easylink Advisor
Easy Internet Sign-up
Edmark MindTwister Math
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fax
fflink
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Word Games 3
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Driver Diagnostics
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPTunesAddIn
I.R.I.S. OCR
InstantShareAlert
InstantShareDevices
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kids Cam Sticker Factory 
Kodak EasyShare software
LightScribe 1.4.42.1
Linksys EasyLink Advisor 1.6 (0044)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MagicDisc 2.5.57
Malwarebytes Anti-Malware version 1.61.0.1400
Memeo Instant Backup
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
Move Media Player
Mozilla Firefox (3.0.19)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
Myst V End Of Ages
netbrdg
Netflix Movie Viewer
NewCopy
Nikon Transfer
Norton Cleanup
Norton Internet Security
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
Office 2003 Tour
OfotoXMI
Otto
PanoStandAlone
PC-Doctor 5 for Windows
Photo Story 3 for Windows
PhotoGallery
ProductContext
PS2
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2005
QuickTime
RandMap
Readme
RealPlayer
Rhapsody
Rhapsody Player Engine
Scan
ScannerCopy
Seagate Dashboard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SkinsHP1
SKINXSDK
SmartDraw 2007
SolutionCenter
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC 32bit
staticcr
Status
tooltips
TrayApp
Uninstall Dual Mode Camera
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
ViewNX
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 15.5
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 8:17:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
.
==== End Of File ===========================

Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:34:25 PM, on 4/28/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.com
C:\WINDOWS\system32\cmd.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1186974597312
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11309 bytes

Here is what I have in the ark.txt file so far:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2013-05-10 19:01:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6L250S0 rev.BACE1G10
Running: sygmlj8n.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldapow.sys

---- System - GMER 1.0.15 ----
SSDT 85E23138 ZwAlertResumeThread
SSDT 85E89BF8 ZwAlertThread
SSDT 85F1C1B8 ZwAllocateVirtualMemory
SSDT 85E97BD0 ZwAssignProcessToJobObject
SSDT 858C6838 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEFAA9710]
SSDT 85EBCEF0 ZwCreateMutant
SSDT 85E6A198 ZwCreateSymbolicLinkObject
SSDT 85E54CA0 ZwCreateThread
SSDT 85E63640 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEFAA9990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEFAA9EF0]
SSDT 85E58788 ZwDuplicateObject
SSDT 85E89C30 ZwFreeVirtualMemory
SSDT 85E72200 ZwImpersonateAnonymousToken
SSDT 85E48988 ZwImpersonateThread
SSDT 858D4BD0 ZwLoadDriver
SSDT 85E11B18 ZwMapViewOfSection
SSDT 85DDE348 ZwOpenEvent
SSDT 858842B8 ZwOpenProcess
SSDT 85E7EB80 ZwOpenProcessToken
SSDT 8593BA90 ZwOpenSection
SSDT 85E95B48 ZwOpenThread
SSDT 85EACFC0 ZwProtectVirtualMemory
SSDT 85EAD978 ZwResumeThread
SSDT 85E58750 ZwSetContextThread
SSDT 85E489C0  ZwSetInformationProcess
SSDT 85EBB188 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEFAAA140]
SSDT 858B2888 ZwSuspendProcess
SSDT 85E65110 ZwSuspendThread
SSDT 85E619E8 ZwTerminateProcess
SSDT 85A84190 ZwTerminateThread
SSDT 858899D8 ZwUnmapViewOfSection
SSDT 85EAD9B0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes [E8, 19, E6, 85, 90, 41, A8, ...] {CALL 0xffffffff9085e61e; INC ECX; TEST AL, 0x85}
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Any help you guys can provide will be much appreciated. Thanks for what you do.


----------



## composmentis (Jul 21, 2012)

Intersting that the sys info scan shows no antivirus software as I do have Norton installed and supposedly running on this machine.


----------



## composmentis (Jul 21, 2012)

Anyone willing to help with this? Did I forget or include bad info? Thanks.


----------



## Mark1956 (May 7, 2011)

Sorry you have had to wait so long, there just aren't enough helpers to cope with the demand, you've done nothing wrong.

The System Info scan does not always detect the Anti Virus program installed. It does clearly show in the DDS log that Norton is running.

There is no obvious sign in your logs of any kind of infection or hijack, but many or the most severe infections would not appear in these logs.

There are some items that you need to uninstall, you have multiple outdated versions of Java installed which is a security risk and an Optimizer program which should not be used and would be best to uninstall.

Please uninstall all of the following:

J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
PC-Doctor 5 for Windows

You can get the latest version of Java from here: Java Download

We will now do a check for any Malware.

Please run these three scans and post the logs:

*SCAN 1*
Click on this link to download : ADWCleaner and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:









You will then see the screen below, click on the *Delete* button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post. If the log does not appear you should find it on your C: drive, using Windows Explorer, as ADWCleaner[S1].










*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.


Quit all running programs.
Start RogueKiller.exe by double clicking on the icon.
Wait until Prescan has finished.
Ensure all boxes are ticked under "Report" tab.
Click on Scan.
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*










*SCAN 3*
Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please post this in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

*DO NOT* reboot, run *Malwarebytes*, let it update and run a *full* scan. *Select everything it finds for deletion* and post the resulting log. If it finds nothing, post that log instead.

You can download Malwarebytes from here if you do not have it: Malwarebytes


----------



## composmentis (Jul 21, 2012)

Deleted previous Java versions and installed latest. PC Doctor deleted as well. Did not see anywhere to delete the Java auto updater.

Results from ADWCleaner:

# AdwCleaner v2.303 - Logfile created 06/09/2013 at 22:26:51
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - DEN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
Folder Deleted : C:\Program Files\RegClean Pro
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1947ed9c549f680a9ed3f1fdbb9337a4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v3.0.19 (en-US)
File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qzxi5quq.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2820 octets] - [09/06/2013 22:26:51]
########## EOF - C:\AdwCleaner[S1].txt - [2880 octets] ##########

Will update post with other scans. Machine is ridiculously, painfully slow. Almost unusable.

Thanks!


----------



## composmentis (Jul 21, 2012)

Second report. Nothing deleted yet.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 06/09/2013 23:03:21
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] arservice.exe -- C:\WINDOWS\arservice.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4B7E -> HOOKED (Unknown @ 0x85E0C278)
SSDT[13] : NtAlertThread @ 0x805D4B2E -> HOOKED (Unknown @ 0x85E0B278)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8ABA -> HOOKED (Unknown @ 0x859841A8)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D6642 -> HOOKED (Unknown @ 0x85951008)
SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (Unknown @ 0x858C2260)
SSDT[43] : NtCreateMutant @ 0x8061769E -> HOOKED (Unknown @ 0x85E28220)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C39FA -> HOOKED (Unknown @ 0x8594A328)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0x863819C8)
SSDT[57] : NtDebugActiveProcess @ 0x80643B30 -> HOOKED (Unknown @ 0x85954008)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0x8597A2A0)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FB2 -> HOOKED (Unknown @ 0x8604A5F0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9386 -> HOOKED (Unknown @ 0x85E10218)
SSDT[91] : NtImpersonateThread @ 0x805D7802 -> HOOKED (Unknown @ 0x85E0D1C8)
SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (Unknown @ 0x858813B8)
SSDT[108] : NtMapViewOfSection @ 0x805B203A -> HOOKED (Unknown @ 0x8604A7E8)
SSDT[114] : NtOpenEvent @ 0x8060F04E -> HOOKED (Unknown @ 0x8587A370)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0x8597B1D0)
SSDT[123] : NtOpenProcessToken @ 0x805EE054 -> HOOKED (Unknown @ 0x859872D8)
SSDT[125] : NtOpenSection @ 0x805AA3EC -> HOOKED (Unknown @ 0x8595B2F8)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0x859792C8)
SSDT[137] : NtProtectVirtualMemory @ 0x805B841E -> HOOKED (Unknown @ 0x85950278)
SSDT[206] : NtResumeThread @ 0x805D49BA -> HOOKED (Unknown @ 0x85E0F278)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0x85F4CF48)
SSDT[228] : NtSetInformationProcess @ 0x805CDE8A -> HOOKED (Unknown @ 0x85E43688)
SSDT[240] : NtSetSystemInformation @ 0x8060FD06 -> HOOKED (Unknown @ 0x85959380)
SSDT[253] : NtSuspendProcess @ 0x805D4A82 -> HOOKED (Unknown @ 0x85885250)
SSDT[254] : NtSuspendThread @ 0x805D48F4 -> HOOKED (Unknown @ 0x85E413F8)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0x85E20A10)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (Unknown @ 0x85E42F48)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E48 -> HOOKED (Unknown @ 0x860491D0)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (Unknown @ 0x85983270)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x85E47220)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x85E92658)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x85E50ED8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x85E3E7C8)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x85E5B900)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x85E8C200)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x85E82E48)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x85E8DF80)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x858BDE88)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x858BD0B0)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6L250S0 +++++
--- User ---
[MBR] 70ed0f54399f6a69b52902f6c167fbba
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 230262 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_06092013_02d2303.txt >>
RKreport[1]_S_06092013_02d2303.txt


----------



## composmentis (Jul 21, 2012)

Rkill log:

kill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/09/2013 11:11:28 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
Checking for Windows services to stop:
* No malware services found to stop.
* No malware services found to stop.
Checking for processes to terminate:
Checking for processes to terminate:
* C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE (PID: 2292) [WD-HEUR]
* C:\Documents and Settings\HP_Administrator\Desktop\RogueKiller.exe (PID: 1220) [UP-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* System Restore Disabled
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001
Checking Windows Service Integrity: 
* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic
* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled
* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled
Searching for Missing Digital Signatures: 
* No issues found.
Checking HOSTS File: 
* HOSTS file entries found: 
127.0.0.1 localhost
Program finished at: 06/09/2013 11:14:50 PM
Execution time: 0 hours(s), 3 minute(s), and 21 seconds(s)


----------



## Mark1956 (May 7, 2011)

Please tell me if you disabled System Restore and the Security Center?

Please run this scan:

Please download Farbar Recovery Scan Tool and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note*: You need to run the 32bit version. 


Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.


----------



## composmentis (Jul 21, 2012)

Malwarebytes came back clean:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.09.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: DEN [administrator]
6/9/2013 11:24:32 PM
mbam-log-2013-06-09 (23-24-32).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|J:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359580
Time elapsed: 8 hour(s), 31 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

I did not disable System Restore and Security Center.I plan to go through the Add/Remove process and get rid of several old programs that the kids installed over the years. Some of them may be causing issues, especially at start up.

Running Farbar next. Thanks for your help so far!


----------



## Mark1956 (May 7, 2011)

Ok, ready when you are.


----------



## composmentis (Jul 21, 2012)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-06-2013
Ran by HP_Administrator (administrator) on 16-06-2013 12:26:00
Running from C:\Documents and Settings\HP_Administrator\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft) C:\WINDOWS\arservice.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Symantec Corporation) C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
(HP) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Symantec Corporation) C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Apple Inc.) C:\Program Files\QuickTime\qttask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Symantec Corporation) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [286720 2007-06-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-01-19] (Google Inc.)
MountPoints2: D - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
MountPoints2: {c7f21487-c0ec-11df-8aa7-0013d3bc1035} - H:\LaunchU3.exe -a
MountPoints2: {f577d084-87f5-11dd-8a33-0013d3bc1035} - G:\LaunchU3.exe -a
HKU\Administrator\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [ 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\Default User\...\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [ 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk
ShortcutTarget: HPAiODevice(hp officejet g series) - 1.lnk -> C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: ipp - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qzxi5quq.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF Plugin: @real.com/nppl3260;version=6.0.11.2061 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2122 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1059 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qzxi5quq.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2007-09-06] (Apple, Inc.)
R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
R3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo)
R2 NIS; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\18.7.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 NProtectService; C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE [95832 2005-11-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [73728 2007-08-09] (HP)
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
R2 Speed Disk service; C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE [176193 2005-11-03] (Symantec Corporation)
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-02-12] ()
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-05] (Symantec Corporation)
S3 usprserv; C:\Windows\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S3 KodakCCS; %SystemRoot%\system32\drivers\KodakCCS.exe [x]
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [2317696 2005-04-20] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)
R3 aracpi; C:\Windows\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
R3 arhidfltr; C:\Windows\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
R3 arkbcfltr; C:\Windows\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
R3 armoucfltr; C:\Windows\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
R3 ARPolicy; C:\Windows\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1269760 2005-07-14] (ATI Technologies Inc.)
R0 bb-run; C:\Windows\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
R2 BCMNTIO; C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [3744 2004-03-05] ()
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-11-06] (Symantec Corporation)
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
R0 fasttx2k; C:\Windows\System32\DRIVERS\fasttx2k.sys [142336 2003-12-03] (Promise Technology, Inc.)
R0 ftsata2; C:\Windows\System32\DRIVERS\ftsata2.sys [175616 2005-04-15] (Promise Technology, Inc.)
R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [156800 2005-07-28] (Hauppauge Computer Works, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130614.001\IDSxpx86.sys [373728 2013-06-07] (Symantec Corporation)
R2 MAPMEM; C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [3904 2004-03-05] ()
R2 MCSTRM; C:\Windows\System32\Drivers\MCSTRM.sys [8413 2007-04-07] (RealNetworks, Inc.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130615.008\NAVENG.SYS [93272 2013-06-13] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130615.008\NAVEX15.SYS [1611992 2013-06-13] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NPDriver; C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [81780 2006-10-10] (Symantec Corporation)
R2 npkcrypt; C:\Program Files\Wizet\MapleStory\npkcrypt.sys [23217 2006-12-09] (INCA Internet Co., Ltd.)
R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 SDdriver; C:\WINDOWS\system32\Drivers\sddriver.sys [90272 2005-11-03] (Symantec Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S4 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [418104 2007-04-14] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [126584 2011-05-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1207020.003\SYMTDI.SYS [369784 2011-04-20] (Symantec Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [15616 2013-06-09] ()
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S3 SYMDNS; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMDNS.SYS [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1008000.029\SYMFW.SYS [x]
S3 SYMIDS; \SystemRoot\System32\Drivers\NIS\1008000.029\SYMIDS.SYS [x]
S3 SYMNDIS; \SystemRoot\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS [x]
S3 SYMREDRV; \SystemRoot\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS [x]
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL; 
==================== NetSvcs (Whitelisted) ===================
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
2013-06-16 12:20 - 2013-06-16 12:20 - 00000000 ____D C:\FRST
2013-06-16 11:54 - 2013-06-16 11:55 - 01359389 ____A (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2013-06-09 23:20 - 2013-06-09 23:20 - 00712264 ____A C:\Windows\isRS-000.tmp
2013-06-09 22:59 - 2013-06-09 22:59 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-09 22:58 - 2013-06-09 23:03 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
2013-06-09 22:42 - 2013-06-09 22:42 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun
2013-06-09 22:26 - 2013-06-09 22:27 - 00002949 ____A C:\AdwCleaner[S1].txt
2013-06-09 22:21 - 2013-06-09 22:17 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-09 22:21 - 2013-06-09 22:17 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-09 22:21 - 2013-06-09 22:17 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-09 22:20 - 2013-06-09 22:18 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-09 22:20 - 2013-06-09 22:17 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-09 22:20 - 2013-06-09 22:17 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-09 21:58 - 2013-06-09 21:59 - 00007704 ____A C:\Windows\FaxSetup.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00006638 ____A C:\Windows\iis6.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00005772 ____A C:\Windows\ocgen.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00004591 ____A C:\Windows\tsoc.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00002504 ____A C:\Windows\comsetup.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00001891 ____A C:\Windows\imsins.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00001810 ____A C:\Windows\ntdtcsetup.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00001622 ____A C:\Windows\plusoc.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00001592 ____A C:\Windows\netfxocm.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00000727 ____A C:\Windows\MedCtrOC.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00000513 ____A C:\Windows\ehOCGen.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00000469 ____A C:\Windows\ocmsn.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00000430 ____A C:\Windows\msgsocm.log
2013-06-09 21:58 - 2013-06-09 21:59 - 00000311 ____A C:\Windows\tabletoc.log
2013-06-09 21:58 - 2013-06-09 21:58 - 00001864 ____A C:\Windows\msmqinst.log
2013-06-09 21:58 - 2013-06-09 21:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-09 21:58 - 2013-06-09 21:58 - 00000000 ____A C:\Windows\setupact.log
==================== One Month Modified Files and Folders ========
2013-06-16 12:25 - 2010-02-06 15:00 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 12:25 - 2009-01-11 21:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-16 12:20 - 2013-06-16 12:20 - 00000000 ____D C:\FRST
2013-06-16 12:19 - 2005-07-02 09:36 - 01498865 ____A C:\Windows\WindowsUpdate.log
2013-06-16 12:18 - 2007-11-09 20:24 - 00000484 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-06-16 12:17 - 2005-07-14 13:12 - 00000000 ____D C:\Windows\Registration
2013-06-16 12:17 - 2005-01-28 05:33 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-16 12:17 - 2005-01-28 05:33 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-16 12:15 - 2010-02-06 15:00 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-16 12:15 - 2007-02-11 22:57 - 00000062 __ASH C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
2013-06-16 12:15 - 2005-10-21 22:16 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-16 12:15 - 2005-10-21 22:16 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-16 12:15 - 2005-07-02 09:36 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 12:14 - 2009-12-16 20:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-16 12:10 - 2005-07-02 09:36 - 00032388 ____A C:\Windows\SchedLgU.Txt
2013-06-16 12:09 - 2007-02-11 22:57 - 00000278 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2013-06-16 12:05 - 2013-04-28 19:27 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Computer cleanup process
2013-06-16 11:55 - 2013-06-16 11:54 - 01359389 ____A (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2013-06-16 11:41 - 2013-04-08 15:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 03:00 - 2011-09-19 21:15 - 00000404 ____A C:\Windows\Tasks\RegSERVO.job
2013-06-13 12:00 - 2007-04-14 10:25 - 00000342 ____A C:\Windows\Tasks\Norton SystemWorks One Button Checkup.job
2013-06-13 12:00 - 2007-04-14 10:25 - 00000000 ____D C:\Program Files\Norton SystemWorks Basic Edition
2013-06-12 23:43 - 2013-04-08 15:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 23:43 - 2013-04-08 15:29 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-10 21:13 - 2009-03-08 22:13 - 00000472 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-06-09 23:20 - 2013-06-09 23:20 - 00712264 ____A C:\Windows\isRS-000.tmp
2013-06-09 23:03 - 2013-06-09 22:58 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine
2013-06-09 22:59 - 2013-06-09 22:59 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys
2013-06-09 22:42 - 2013-06-09 22:42 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun
2013-06-09 22:27 - 2013-06-09 22:26 - 00002949 ____A C:\AdwCleaner[S1].txt
2013-06-09 22:23 - 2005-10-21 22:28 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-09 22:18 - 2013-06-09 22:20 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-09 22:17 - 2013-06-09 22:21 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-09 22:17 - 2013-06-09 22:21 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-09 22:17 - 2013-06-09 22:21 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-09 22:17 - 2013-06-09 22:20 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-09 22:17 - 2013-06-09 22:20 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-09 22:17 - 2010-04-18 18:14 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-09 22:16 - 2005-10-21 22:28 - 00000000 ____D C:\Program Files\Java
2013-06-09 21:59 - 2013-06-09 21:58 - 00007704 ____A C:\Windows\FaxSetup.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00006638 ____A C:\Windows\iis6.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00005772 ____A C:\Windows\ocgen.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00004591 ____A C:\Windows\tsoc.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00002504 ____A C:\Windows\comsetup.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00001891 ____A C:\Windows\imsins.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00001810 ____A C:\Windows\ntdtcsetup.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00001622 ____A C:\Windows\plusoc.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00001592 ____A C:\Windows\netfxocm.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00000727 ____A C:\Windows\MedCtrOC.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00000513 ____A C:\Windows\ehOCGen.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00000469 ____A C:\Windows\ocmsn.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00000430 ____A C:\Windows\msgsocm.log
2013-06-09 21:59 - 2013-06-09 21:58 - 00000311 ____A C:\Windows\tabletoc.log
2013-06-09 21:58 - 2013-06-09 21:58 - 00001864 ____A C:\Windows\msmqinst.log
2013-06-09 21:58 - 2013-06-09 21:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-09 21:58 - 2013-06-09 21:58 - 00000000 ____A C:\Windows\setupact.log
2013-06-09 21:57 - 2005-10-21 22:35 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-09 20:30 - 2005-07-02 09:26 - 00001158 ____A C:\Windows\System32\wpa.dbl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-06-2013
Ran by HP_Administrator at 2013-06-16 12:29:27 Run:
Running from C:\Documents and Settings\HP_Administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================
5600 (Version: 50.0.206.000)
5600_Help (Version: 50.0.206.000)
5600Trb (Version: 50.0.206.000)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader 9.5.1 (Version: 9.5.1)
Agere Systems PCI Soft Modem
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
AppCore (Version: 1)
Apple Mobile Device Support (Version: 1.1.1.1)
Apple Software Update (Version: 2.0.2.92)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.16-050713a1-025596C-HP)
AutoUpdate (Version: 1.1)
BufferChm (Version: 53.0.13.000)
CameraDrivers (Version: 5.0.0.290)
CameraDrivers (Version: 5.0.0.328)
ccCommon (Version: 106.2.0.21)
CCleaner (remove only)
CCScore (Version: 6.02.1001.0001)
CheckIt Diagnostics (Version: 7.1)
Component Framework (Version: 2006.1.0.58)
Connection Keep Alive (Version: 1.0.0)
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
Critical Update for Windows Media Player 11 (KB959772)
CueTour (Version: 53.0.13.000)
Destinations (Version: 53.0.13.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Codec (Version: 6.8.2)
DivX Converter (Version: 6.6.0)
DivX Player (Version: 6.7.0)
DivX Web Player (Version: 1.4.0)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 53.0.13.000)
DocumentViewerQFolder (Version: 1.00.0000)
Drivers Install For Linksys Easylink Advisor (Version: 2.0.9)
Easy Internet Sign-up (Version: FE UI-4.0.0.1573)
Edmark MindTwister Math
Enhanced Multimedia Keyboard Solution
ESSBrwr (Version: 6.04.0000.0001)
ESSCDBK (Version: 6.04.0000.0001)
ESScore (Version: 6.04.0000.0003)
ESSgui (Version: 6.04.0000.0001)
ESSini (Version: 6.04.0000.0001)
ESSPCD (Version: 6.04.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.04.0000.0001)
Fax (Version: 50.0.206.000)
fflink (Version: 6.02.1001.0001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
Hoyle Word Games 3
HP Boot Optimizer (Version: 1.0.2)
HP Deskjet Printer Preload (Version: 10.1.0)
HP DigitalMedia Archive (Version: 1.2)
HP Document Viewer 5.3 (Version: 5.3)
HP Driver Diagnostics (Version: 1.03.0009)
HP Game Console and games
HP Image Zone 5.3 (Version: 5.3)
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3 (Version: 5.3)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2)
HP Photosmart 330,380,420,470,7800,8000,8200 Series (Version: 8.1)
HP Photosmart Cameras 5.0 (Version: 5.0)
HP Product Assistant (Version: 100.000.001.000)
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HP Tunes (Version: 2.1.0.5)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 53.0.13.000)
HpSdpAppCoreApp (Version: 3.00.0000)
HPTunesAddIn (Version: 1.0.0)
I.R.I.S. OCR (Version: 12.3.4.0)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 53.0.13.000)
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
InterVideo WinDVD Player (Version: 5.0-B11.789)
iTunes (Version: 7.4.3.1)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
LightScribe 1.4.42.1 (Version: 1.4.42.1)
Linksys EasyLink Advisor 1.6 (0044)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
MagicDisc 2.5.57
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Memeo Instant Backup (Version: 4.60.0.7252)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Money 2005 (Version: 14)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 08.04.0623)
mIRC (Version: 6.2)
Move Media Player
Mozilla Firefox (3.0.19) (Version: 3.0.19 (en-US))
MSRedist (Version: 1.0.0.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 4.0 (Version: 4.00.050)
muvee autoProducer unPlugged 1.1 - HPD (Version: 1.1.000)
netbrdg (Version: 6.04.0000.0001)
Netflix Movie Viewer (Version: 1.2.211)
NewCopy (Version: 50.0.206.000)
Nikon Transfer (Version: 1.5.2)
Norton Cleanup (Version: 1.0.0)
Norton Internet Security (Version: 18.7.2.3)
Norton Protection Center (Version: 2007.2.0.22)
Norton SystemWorks (Symantec Corporation) (Version: 10.0.109)
Norton SystemWorks (Version: 1.0.0)
Norton SystemWorks Basic Edition (Version: 10.0.109)
Norton Utilities (Version: 19.0.0)
Office 2003 Tour (Version: 1.0.0)
OfotoXMI (Version: 6.04.0000.0001)
Otto
PanoStandAlone (Version: 53.0.13.000)
Photo Story 3 for Windows (Version: 3.0.1115.11)
PhotoGallery (Version: 53.0.13.000)
ProductContext (Version: 50.0.206.000)
PS2
PSPrinters08 (Version: 8.01.0000)
PSTAPlugin (Version: 8.01.0000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2005 (Version: 14.00.0000)
QuickTime (Version: 7.2.0.240)
RandMap (Version: 53.0.13.000)
Readme (Version: 50.0.206.000)
RealPlayer
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
Seagate Dashboard (Version: 1.1.0.1421)
SFR (Version: 6.04.0000.0001)
SHASTA (Version: 6.04.0000.0001)
skin0001 (Version: 6.04.0000.0004)
SkinsHP1 (Version: 53.0.13.000)
SKINXSDK (Version: 6.02.1001.0001)
SmartDraw 2007
SolutionCenter (Version: 50.0.152.000)
Sonic Encoders (Version: 1.00)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.1.3)
Sonic RecordNow Audio (Version: 2.0.2)
Sonic RecordNow Copy (Version: 2.0.2)
Sonic RecordNow Data (Version: 2.0.2)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 53.0.13.000)
SPBBC 32bit (Version: 3.2.0.21)
staticcr (Version: 6.04.0000.0005)
Status (Version: 53.0.13.000)
tooltips (Version: 6.04.0000.0001)
TrayApp (Version: 53.0.13.000)
Uninstall Dual Mode Camera
Unload (Version: 5.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Media Format SDK (KB902344)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB953356) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
ViewNX (Version: 1.5.1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VPRINTOL (Version: 6.04.0000.0001)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 53.0.13.000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 15.5 (Version: 15.5.9579)
WIRELESS (Version: 6.04.0000.0001)
==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (06/09/2013 10:41:34 PM) (Source: Automatic LiveUpdate Scheduler) (User: NT AUTHORITY)
Description: Information Level: error
Initialization of the COM subsystem failed. Error code: 0x80080005
Error: (05/08/2013 07:04:31 PM) (Source: Userenv) (User: DEN)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - Insufficient system resources exist to complete the requested service.
Error: (05/08/2013 07:04:13 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - Insufficient system resources exist to complete the requested service. for C:\Documents and Settings\HP_Administrator\ntuser.dat
Error: (04/28/2013 09:44:56 PM) (Source: Application Error) (User: )
Description: Faulting application ati2evxx.exe, version 6.14.10.4118, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010b2c.
Error in creating result PEAP-TLV in response to received PEAP-TLV (ati2evxx.exe!ld!)
Error: (04/08/2013 03:28:51 PM) (Source: Application Error) (User: )
Description: Faulting application ati2evxx.exe, version 6.14.10.4118, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010b2c.
Processing media-specific event for [ati2evxx.exe!ws!]
Error: (03/04/2013 08:19:36 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (03/04/2013 08:19:33 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (03/04/2013 08:19:33 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (06/16/2013 00:18:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
Error: (06/09/2013 11:12:34 PM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
Error: (06/09/2013 10:58:34 PM) (Source: Service Control Manager) (User: )
Description: The ARSVC service terminated unexpectedly. It has done this 1 time(s).
Error: (06/09/2013 10:41:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {03E0E6C2-363B-11D3-B536-00902771A435} did not register with DCOM within the required timeout.
Error: (06/09/2013 10:41:32 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
Error: (06/09/2013 10:38:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
Error: (06/09/2013 09:45:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
Error: (06/09/2013 08:32:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
Error: (06/09/2013 08:30:05 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.101 for the Network Card with network address 0013D3BC1035 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
Error: (05/12/2013 10:00:09 PM) (Source: Service Control Manager) (User: )
Description: The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (02/01/2010 07:14:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/25/2009 06:26:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/13/2009 00:24:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/13/2009 00:24:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/13/2009 00:23:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/13/2009 00:23:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/13/2009 00:23:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/13/2009 00:22:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/09/2009 11:26:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/23/2009 02:57:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info =========================== 
Percentage of memory in use: 59%
Total physical RAM: 958.48 MB
Available physical RAM: 392.4 MB
Total Pagefile: 2312.81 MB
Available Pagefile: 1886.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.99 MB
==================== Drives ================================
Drive c: (HP_PAVILION) (Fixed) (Total:224.87 GB) (Free:187.46 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8 GB) (Free:0.96 GB) FAT32 ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0C)
Partition 2: (Active) - (Size=225 GB) - (Type=07 NTFS)
==================== End Of Log ============================

Thanks.


----------



## Mark1956 (May 7, 2011)

AdwCleaner found several items of Adware which could be slowing down internet use, just to be sure it has all gone please run it again using the Delete button and post the new log.

Your system has produced a few errors due to insufficient system resources which basically means there is not enough available Memory. You only have 1GB or RAM, increasing this to 2GB could make quite a difference.

Is the clock on the PC showing the correct date and time as there are a couple of errors that suggest it is not set correctly, if it is loosing time this could indicate the CMOS battery needs to be changed.

You are using Norton Anti Virus, did you have a previous version of Norton installed as there are several Norton services showing that are not running and could be remnants from an older version.

Norton does use a lot of resources so you might like to consider changing it to Microsoft Security Essentials which is far lower on memory use.

Other than that the system appears clean, just the Adware that ADWCleaner found.


----------



## composmentis (Jul 21, 2012)

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 10:49:47
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - DEN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\Computer cleanup process\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v3.0.19 (en-US)
File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qzxi5quq.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2949 octets] - [09/06/2013 22:26:51]
AdwCleaner[S2].txt - [410 octets] - [17/06/2013 21:12:18]
AdwCleaner[S3].txt - [1001 octets] - [18/06/2013 22:01:29]
AdwCleaner[S4].txt - [934 octets] - [22/06/2013 10:49:47]
########## EOF - C:\AdwCleaner[S4].txt - [993 octets] ##########

I'll look into adding memory and getting rid of Norton.

Yes, clock and date are good.

Good to know it doesn't appear to be infected.

Thanks for your help.


----------



## Mark1956 (May 7, 2011)

You're welcome. The ADWCleaner log is now clean so you are free of any Adware infections.

I would recommend you re-enable a couple of services:

Click on Start then Run.
Type *services.msc* into the box and hit the Enter key.
Scroll down the list of services and double click on each of these services in turn.

*Security Center
System Restore Filter Driver*

In the box that opens for each service set the Startup to Automatic, click on Apply then OK.
Reboot when both are done.

Then run RKill again and post the new log to check the settings have worked.

When that is done please run this:

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.


----------

