Free Malware Removal Forum

by **deltalima** » January 19th, 2011, 2:23 pm

Hi Oceana,

I tried to paste some screen captures of this and the windows search list on ZSHP2010 (there were 38 of them)

Download SystemLook and save it to your Desktop.

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code: Select all
```
:filefind
ZSHP1020.EXE
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

by **Oceana** » January 19th, 2011, 2:40 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 13:35 on 19/01/2011 by Jim Cargill
Administrator - Elevation successful

========== filefind ==========

Searching for "ZSHP1020.EXE"
C:\hp_LJ1020-1022_Full_Solution\zshp1020.exe -r---c- 442368 bytes [08:00 19/07/2006] [08:00 19/07/2006] 96E45AB81A9E8DA835009D0650996401
C:\hp_LJ1020-1022_Full_Solution\Copy of Polski\Driver\zshp1020.exe -r----- 442368 bytes [18:42 14/10/2009] [08:00 21/07/2006] C024D931A043B42F26917AAB6B2FA758
C:\hp_LJ1020-1022_Full_Solution\Copy of Portuguese\Driver\zshp1020.exe -r---c- 442368 bytes [18:42 14/10/2009] [08:00 21/07/2006] 4C5637EA9330482DE34B212F5555B71F
C:\hp_LJ1020-1022_Full_Solution\Copy of Russian\Driver\zshp1020.exe -r----- 442368 bytes [18:42 14/10/2009] [08:00 21/07/2006] 60FC65A4251C6D435AD895EC6FDCCC28
C:\hp_LJ1020-1022_Full_Solution\Copy of Suomi\Driver\zshp1020.exe -r---c- 442368 bytes [18:42 14/10/2009] [08:00 21/07/2006] 67C55140D38682BC44180641BE3AA6FA
C:\hp_LJ1020-1022_Full_Solution\English\Driver\zshp1020.exe -r---c- 442368 bytes [08:00 21/07/2006] [08:00 21/07/2006] 96E45AB81A9E8DA835009D0650996401
C:\Program Files\Hewlett-Packard\LaserJet 1020_1022 Drivers\zshp1020.exe ------- 430080 bytes [13:00 10/12/2007] [13:00 10/12/2007] 6E0AB2BBFF15C7C826B896777397EF0D
C:\WINDOWS\system32\ZSHP1020.EXE ------- 442368 bytes [00:02 15/08/2008] [09:00 21/07/2006] 96E45AB81A9E8DA835009D0650996401
C:\WINDOWS\system32\DRVSTORE\hplj1020_9CB8F48E2539F550EA3FD1EBE77C17A6CC172623\ZSHP1020.EXE -----c- 430080 bytes [03:18 04/03/2010] [13:00 10/12/2007] 6E0AB2BBFF15C7C826B896777397EF0D
C:\WINDOWS\system32\spool\drivers\w32x86\zshp1020.exe -r---c- 442368 bytes [16:50 04/03/2010] [09:00 21/07/2006] 96E45AB81A9E8DA835009D0650996401
C:\WINDOWS\system32\spool\drivers\w32x86\3\zshp1020.exe -----c- 442368 bytes [00:02 15/08/2008] [09:00 21/07/2006] 96E45AB81A9E8DA835009D0650996401
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_la26dd\ZSHP1020.EXE -----c- 442368 bytes [00:02 15/08/2008] [08:00 21/07/2006] 96E45AB81A9E8DA835009D0650996401

-= EOF =-

by **deltalima** » January 19th, 2011, 2:53 pm

Hi Oceana,

It looks like there are multiple copies of two versions of the file on the computer.

Please submit the following two files to VirusTotal using the earlier instructions and then reply with the two reports.

C:\WINDOWS\system32\ZSHP1020.EXE

C:\Program Files\Hewlett-Packard\LaserJet 1020_1022 Drivers\zshp1020.exe

by **Oceana** » January 20th, 2011, 11:50 am

C:WINDOWS\system32\ZSHP1020.EXE:

TableTabulatedCSVHTMLBBCodeShow positives only.Antivirus Version Last update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.197 2011.01.20 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.20 -
Avast5 5.0.677.0 2011.01.20 -
AVG 10.0.0.1190 2011.01.20 -
BitDefender 7.2 2011.01.20 -
CAT-QuickHeal 11.00 2011.01.20 -
ClamAV 0.96.4.0 2011.01.20 -
Commtouch 5.2.11.5 2011.01.20 -
Comodo 7451 2011.01.20 -
DrWeb 5.0.2.03300 2011.01.20 -
Emsisoft 5.1.0.1 2011.01.20 -
eSafe 7.0.17.0 2011.01.20 -
eTrust-Vet 36.1.8109 2011.01.19 -
F-Prot 4.6.2.117 2011.01.19 -
F-Secure 9.0.16160.0 2011.01.20 -
Fortinet 4.2.254.0 2011.01.20 -
GData 21 2011.01.20 -
Ikarus T3.1.1.97.0 2011.01.20 -
Jiangmin 13.0.900 2011.01.20 -
K7AntiVirus 9.77.3570 2011.01.18 -
Kaspersky 7.0.0.125 2011.01.20 -
McAfee 5.400.0.1158 2011.01.20 -
McAfee-GW-Edition 2010.1C 2011.01.20 -
Microsoft 1.6402 2011.01.20 -
NOD32 5803 2011.01.20 -
Norman 6.06.12 2011.01.20 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.20 -
PCTools 7.0.3.5 2011.01.20 -
Prevx 3.0 2011.01.20 -
Rising 23.41.03.06 2011.01.20 -
Sophos 4.61.0 2011.01.20 -
SUPERAntiSpyware 4.40.0.1006 2011.01.20 -
Symantec 20101.3.0.103 2011.01.20 -
TheHacker 6.7.0.1.116 2011.01.18 -
TrendMicro 9.120.0.1004 2011.01.20 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.20 -
VBA32 3.12.14.3 2011.01.20 -
VIPRE 8131 2011.01.20 -
ViRobot 2011.1.20.4265 2011.01.20 -
VirusBuster 13.6.155.0 2011.01.20 -
MD5: 96e45ab81a9e8da835009d0650996401
SHA1: 137eb149a1e437c14a01be49ed9936ed6a91bcb7
SHA256: d36a99ffcf55361e86627b22b6a802da35b41271e8e0d48f22cd04d5c883d8f3
File size: 442368 bytes
Scan date: 2011-01-20 15:41:59 (UTC)
Antivirus Version Last update ResultAhnLab-V3 2011.01.18.00 2011.01.17 -AntiVir 7.11.1.197 2011.01.20 -Antiy-AVL 2.0.3.7 2011.01.18 -Avast 4.8.1351.0 2011.01.20 -Avast5 5.0.677.0 2011.01.20 -AVG 10.0.0.1190 2011.01.20 -BitDefender 7.2 2011.01.20 -CAT-QuickHeal 11.00 2011.01.20 -ClamAV 0.96.4.0 2011.01.20 -Commtouch 5.2.11.5 2011.01.20 -Comodo 7451 2011.01.20 -DrWeb 5.0.2.03300 2011.01.20 -Emsisoft 5.1.0.1 2011.01.20 -eSafe 7.0.17.0 2011.01.20 -eTrust-Vet 36.1.8109 2011.01.19 -F-Prot 4.6.2.117 2011.01.19 -F-Secure 9.0.16160.0 2011.01.20 -Fortinet 4.2.254.0 2011.01.20 -GData 21 2011.01.20 -Ikarus T3.1.1.97.0 2011.01.20 -Jiangmin 13.0.900 2011.01.20 -K7AntiVirus 9.77.3570 2011.01.18 -Kaspersky 7.0.0.125 2011.01.20 -McAfee 5.400.0.1158 2011.01.20 -McAfee-GW-Edition 2010.1C 2011.01.20 -Microsoft 1.6402 2011.01.20 -NOD32 5803 2011.01.20 -Norman 6.06.12 2011.01.20 -nProtect 2011-01-18.01 2011.01.18 -Panda 10.0.2.7 2011.01.20 -PCTools 7.0.3.5 2011.01.20 -Prevx 3.0 2011.01.20 -Rising 23.41.03.06 2011.01.20 -Sophos 4.61.0 2011.01.20 -SUPERAntiSpyware 4.40.0.1006 2011.01.20 -Symantec 20101.3.0.103 2011.01.20 -TheHacker 6.7.0.1.116 2011.01.18 -TrendMicro 9.120.0.1004 2011.01.20 -TrendMicro-HouseCall 9.120.0.1004 2011.01.20 -VBA32 3.12.14.3 2011.01.20 -VIPRE 8131 2011.01.20 -ViRobot 2011.1.20.4265 2011.01.20 -VirusBuster 13.6.155.0 2011.01.20 -MD5: 96e45ab81a9e8da835009d0650996401SHA1: 137eb149a1e437c14a01be49ed9936ed6a91bcb7SHA256: d36a99ffcf55361e86627b22b6a802da35b41271e8e0d48f22cd04d5c883d8f3File size: 442368 bytesScan date: 2011-01-20 15:41:59 (UTC)
"Antivirus", "Version", "Last update", "Result"
"AhnLab-V3", "2011.01.18.00", "2011.01.17", "-"
"AntiVir", "7.11.1.197", "2011.01.20", "-"
"Antiy-AVL", "2.0.3.7", "2011.01.18", "-"
"Avast", "4.8.1351.0", "2011.01.20", "-"
"Avast5", "5.0.677.0", "2011.01.20", "-"
"AVG", "10.0.0.1190", "2011.01.20", "-"
"BitDefender", "7.2", "2011.01.20", "-"
"CAT-QuickHeal", "11.00", "2011.01.20", "-"
"ClamAV", "0.96.4.0", "2011.01.20", "-"
"Commtouch", "5.2.11.5", "2011.01.20", "-"
"Comodo", "7451", "2011.01.20", "-"
"DrWeb", "5.0.2.03300", "2011.01.20", "-"
"Emsisoft", "5.1.0.1", "2011.01.20", "-"
"eSafe", "7.0.17.0", "2011.01.20", "-"
"eTrust-Vet", "36.1.8109", "2011.01.19", "-"
"F-Prot", "4.6.2.117", "2011.01.19", "-"
"F-Secure", "9.0.16160.0", "2011.01.20", "-"
"Fortinet", "4.2.254.0", "2011.01.20", "-"
"GData", "21", "2011.01.20", "-"
"Ikarus", "T3.1.1.97.0", "2011.01.20", "-"
"Jiangmin", "13.0.900", "2011.01.20", "-"
"K7AntiVirus", "9.77.3570", "2011.01.18", "-"
"Kaspersky", "7.0.0.125", "2011.01.20", "-"
"McAfee", "5.400.0.1158", "2011.01.20", "-"
"McAfee-GW-Edition", "2010.1C", "2011.01.20", "-"
"Microsoft", "1.6402", "2011.01.20", "-"
"NOD32", "5803", "2011.01.20", "-"
"Norman", "6.06.12", "2011.01.20", "-"
"nProtect", "2011-01-18.01", "2011.01.18", "-"
"Panda", "10.0.2.7", "2011.01.20", "-"
"PCTools", "7.0.3.5", "2011.01.20", "-"
"Prevx", "3.0", "2011.01.20", "-"
"Rising", "23.41.03.06", "2011.01.20", "-"
"Sophos", "4.61.0", "2011.01.20", "-"
"SUPERAntiSpyware", "4.40.0.1006", "2011.01.20", "-"
"Symantec", "20101.3.0.103", "2011.01.20", "-"
"TheHacker", "6.7.0.1.116", "2011.01.18", "-"
"TrendMicro", "9.120.0.1004", "2011.01.20", "-"
"TrendMicro-HouseCall", "9.120.0.1004", "2011.01.20", "-"
"VBA32", "3.12.14.3", "2011.01.20", "-"
"VIPRE", "8131", "2011.01.20", "-"
"ViRobot", "2011.1.20.4265", "2011.01.20", "-"
"VirusBuster", "13.6.155.0", "2011.01.20", "-"
"MD5", "96e45ab81a9e8da835009d0650996401"
"SHA1", "137eb149a1e437c14a01be49ed9936ed6a91bcb7"
"SHA256", "d36a99ffcf55361e86627b22b6a802da35b41271e8e0d48f22cd04d5c883d8f3"
"File size", "442368 bytes"
"Scan date", "2011-01-20 15:41:59 (UTC)"

<table id="filescan">
<tr>
<th>Antivirus</th>
<th>Version</th>
<th>Last update</th>
<th>Result</th>
</tr>
<tr>
<td>AhnLab-V3</td>
<td>2011.01.18.00</td>
<td>2011.01.17</td>
<td>-</td>
</tr>
<tr>
<td>AntiVir</td>
<td>7.11.1.197</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Antiy-AVL</td>
<td>2.0.3.7</td>
<td>2011.01.18</td>
<td>-</td>
</tr>
<tr>
<td>Avast</td>
<td>4.8.1351.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Avast5</td>
<td>5.0.677.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>AVG</td>
<td>10.0.0.1190</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>BitDefender</td>
<td>7.2</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>CAT-QuickHeal</td>
<td>11.00</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>ClamAV</td>
<td>0.96.4.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Commtouch</td>
<td>5.2.11.5</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Comodo</td>
<td>7451</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>DrWeb</td>
<td>5.0.2.03300</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Emsisoft</td>
<td>5.1.0.1</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>eSafe</td>
<td>7.0.17.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>eTrust-Vet</td>
<td>36.1.8109</td>
<td>2011.01.19</td>
<td>-</td>
</tr>
<tr>
<td>F-Prot</td>
<td>4.6.2.117</td>
<td>2011.01.19</td>
<td>-</td>
</tr>
<tr>
<td>F-Secure</td>
<td>9.0.16160.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Fortinet</td>
<td>4.2.254.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>GData</td>
<td>21</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Ikarus</td>
<td>T3.1.1.97.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Jiangmin</td>
<td>13.0.900</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>K7AntiVirus</td>
<td>9.77.3570</td>
<td>2011.01.18</td>
<td>-</td>
</tr>
<tr>
<td>Kaspersky</td>
<td>7.0.0.125</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>McAfee</td>
<td>5.400.0.1158</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>McAfee-GW-Edition</td>
<td>2010.1C</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Microsoft</td>
<td>1.6402</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>NOD32</td>
<td>5803</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Norman</td>
<td>6.06.12</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>nProtect</td>
<td>2011-01-18.01</td>
<td>2011.01.18</td>
<td>-</td>
</tr>
<tr>
<td>Panda</td>
<td>10.0.2.7</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>PCTools</td>
<td>7.0.3.5</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Prevx</td>
<td>3.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Rising</td>
<td>23.41.03.06</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Sophos</td>
<td>4.61.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>SUPERAntiSpyware</td>
<td>4.40.0.1006</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>Symantec</td>
<td>20101.3.0.103</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>TheHacker</td>
<td>6.7.0.1.116</td>
<td>2011.01.18</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro</td>
<td>9.120.0.1004</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro-HouseCall</td>
<td>9.120.0.1004</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>VBA32</td>
<td>3.12.14.3</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>VIPRE</td>
<td>8131</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>ViRobot</td>
<td>2011.1.20.4265</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<tr>
<td>VirusBuster</td>
<td>13.6.155.0</td>
<td>2011.01.20</td>
<td>-</td>
</tr>
<table>

<table id="fileinfo">
<tr>
<th>Additional information</th>
</tr>
<tr>
<td><strong>MD5:</strong> 96e45ab81a9e8da835009d0650996401</td>
</tr>
<tr>
<td><strong>SHA1:</strong> 137eb149a1e437c14a01be49ed9936ed6a91bcb7</td>
</tr>
<tr>
<td><strong>SHA256:</strong> d36a99ffcf55361e86627b22b6a802da35b41271e8e0d48f22cd04d5c883d8f3</td>
</tr>
<tr>
<td><strong>File size:</strong> 442368 bytes</td>
</tr>
<tr>
<td><strong>Scan date:</strong> 2011-01-20 15:41:59 (UTC)</td>
</tr>
</table>

Antivirus results
AhnLab-V3 - 2011.01.18.00 - 2011.01.17 - -
AntiVir - 7.11.1.197 - 2011.01.20 - -
Antiy-AVL - 2.0.3.7 - 2011.01.18 - -
Avast - 4.8.1351.0 - 2011.01.20 - -
Avast5 - 5.0.677.0 - 2011.01.20 - -
AVG - 10.0.0.1190 - 2011.01.20 - -
BitDefender - 7.2 - 2011.01.20 - -
CAT-QuickHeal - 11.00 - 2011.01.20 - -
ClamAV - 0.96.4.0 - 2011.01.20 - -
Commtouch - 5.2.11.5 - 2011.01.20 - -
Comodo - 7451 - 2011.01.20 - -
DrWeb - 5.0.2.03300 - 2011.01.20 - -
Emsisoft - 5.1.0.1 - 2011.01.20 - -
eSafe - 7.0.17.0 - 2011.01.20 - -
eTrust-Vet - 36.1.8109 - 2011.01.19 - -
F-Prot - 4.6.2.117 - 2011.01.19 - -
F-Secure - 9.0.16160.0 - 2011.01.20 - -
Fortinet - 4.2.254.0 - 2011.01.20 - -
GData - 21 - 2011.01.20 - -
Ikarus - T3.1.1.97.0 - 2011.01.20 - -
Jiangmin - 13.0.900 - 2011.01.20 - -
K7AntiVirus - 9.77.3570 - 2011.01.18 - -
Kaspersky - 7.0.0.125 - 2011.01.20 - -
McAfee - 5.400.0.1158 - 2011.01.20 - -
McAfee-GW-Edition - 2010.1C - 2011.01.20 - -
Microsoft - 1.6402 - 2011.01.20 - -
NOD32 - 5803 - 2011.01.20 - -
Norman - 6.06.12 - 2011.01.20 - -
nProtect - 2011-01-18.01 - 2011.01.18 - -
Panda - 10.0.2.7 - 2011.01.20 - -
PCTools - 7.0.3.5 - 2011.01.20 - -
Prevx - 3.0 - 2011.01.20 - -
Rising - 23.41.03.06 - 2011.01.20 - -
Sophos - 4.61.0 - 2011.01.20 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.01.20 - -
Symantec - 20101.3.0.103 - 2011.01.20 - -
TheHacker - 6.7.0.1.116 - 2011.01.18 - -
TrendMicro - 9.120.0.1004 - 2011.01.20 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2011.01.20 - -
VBA32 - 3.12.14.3 - 2011.01.20 - -
VIPRE - 8131 - 2011.01.20 - -
ViRobot - 2011.1.20.4265 - 2011.01.20 - -
VirusBuster - 13.6.155.0 - 2011.01.20 - -
File info:
MD5: 96e45ab81a9e8da835009d0650996401
SHA1: 137eb149a1e437c14a01be49ed9936ed6a91bcb7
SHA256: d36a99ffcf55361e86627b22b6a802da35b41271e8e0d48f22cd04d5c883d8f3
File size: 442368 bytes
Scan date: 2011-01-20 15:41:59 (UTC)

C:\Program Files\Hewlett-Packard\LaserJet 1020_1022 Drivers\zshp1020.exe :

TableTabulatedCSVHTMLBBCodeShow positives only.Antivirus Version Last update Result
a-squared 4.5.0.50 2010.03.28 -
AhnLab-V3 5.0.0.2 2010.03.27 -
AntiVir 7.10.5.241 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.28 -
Avast 4.8.1351.0 2010.03.28 -
Avast5 5.0.332.0 2010.03.28 -
AVG 9.0.0.787 2010.03.28 -
BitDefender 7.2 2010.03.28 -
CAT-QuickHeal 10.00 2010.03.27 -
ClamAV 0.96.0.0-git 2010.03.28 -
Comodo 4417 2010.03.28 -
DrWeb 5.0.1.12222 2010.03.28 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7391 2010.03.26 -
F-Prot 4.5.1.85 2010.03.27 -
F-Secure 9.0.15370.0 2010.03.28 -
Fortinet 4.0.14.0 2010.03.27 -
GData 19 2010.03.28 -
Ikarus T3.1.1.80.0 2010.03.28 -
Jiangmin 13.0.900 2010.03.28 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.28 -
McAfee 5934 2010.03.28 -
McAfee+Artemis 5934 2010.03.28 -
McAfee-GW-Edition 6.8.5 2010.03.27 -
Microsoft 1.5605 2010.03.28 -
NOD32 4980 2010.03.28 -
Norman 6.04.10 2010.03.28 -
nProtect 2009.1.8.0 2010.03.28 -
Panda 10.0.2.2 2010.03.28 -
PCTools 7.0.3.5 2010.03.28 -
Prevx 3.0 2010.03.28 -
Rising 22.40.06.04 2010.03.28 -
Sophos 4.52.0 2010.03.28 -
Sunbelt 6101 2010.03.26 -
Symantec 20091.2.0.41 2010.03.28 -
TheHacker 6.5.2.0.246 2010.03.28 -
TrendMicro 9.120.0.1004 2010.03.28 -
VBA32 3.12.12.2 2010.03.27 -
ViRobot 2010.3.27.2248 2010.03.27 -
VirusBuster 5.0.27.0 2010.03.28 -
MD5: 6e0ab2bbff15c7c826b896777397ef0d
SHA1: 473d69bc03eb8e32f21d16d4f794afb6a07eb379
SHA256: f453a6aaa132b5f5b4367796a0485791a32dbf83cffb29e3e43899547d068490
File size: 430080 bytes
Scan date: 2010-03-28 20:48:59 (UTC)
Antivirus Version Last update Resulta-squared 4.5.0.50 2010.03.28 -AhnLab-V3 5.0.0.2 2010.03.27 -AntiVir 7.10.5.241 2010.03.26 -Antiy-AVL 2.0.3.7 2010.03.26 -Authentium 5.2.0.5 2010.03.28 -Avast 4.8.1351.0 2010.03.28 -Avast5 5.0.332.0 2010.03.28 -AVG 9.0.0.787 2010.03.28 -BitDefender 7.2 2010.03.28 -CAT-QuickHeal 10.00 2010.03.27 -ClamAV 0.96.0.0-git 2010.03.28 -Comodo 4417 2010.03.28 -DrWeb 5.0.1.12222 2010.03.28 -eSafe 7.0.17.0 2010.03.28 -eTrust-Vet 35.2.7391 2010.03.26 -F-Prot 4.5.1.85 2010.03.27 -F-Secure 9.0.15370.0 2010.03.28 -Fortinet 4.0.14.0 2010.03.27 -GData 19 2010.03.28 -Ikarus T3.1.1.80.0 2010.03.28 -Jiangmin 13.0.900 2010.03.28 -K7AntiVirus 7.10.1004 2010.03.22 -Kaspersky 7.0.0.125 2010.03.28 -McAfee 5934 2010.03.28 -McAfee+Artemis 5934 2010.03.28 -McAfee-GW-Edition 6.8.5 2010.03.27 -Microsoft 1.5605 2010.03.28 -NOD32 4980 2010.03.28 -Norman 6.04.10 2010.03.28 -nProtect 2009.1.8.0 2010.03.28 -Panda 10.0.2.2 2010.03.28 -PCTools 7.0.3.5 2010.03.28 -Prevx 3.0 2010.03.28 -Rising 22.40.06.04 2010.03.28 -Sophos 4.52.0 2010.03.28 -Sunbelt 6101 2010.03.26 -Symantec 20091.2.0.41 2010.03.28 -TheHacker 6.5.2.0.246 2010.03.28 -TrendMicro 9.120.0.1004 2010.03.28 -VBA32 3.12.12.2 2010.03.27 -ViRobot 2010.3.27.2248 2010.03.27 -VirusBuster 5.0.27.0 2010.03.28 -MD5: 6e0ab2bbff15c7c826b896777397ef0dSHA1: 473d69bc03eb8e32f21d16d4f794afb6a07eb379SHA256: f453a6aaa132b5f5b4367796a0485791a32dbf83cffb29e3e43899547d068490File size: 430080 bytesScan date: 2010-03-28 20:48:59 (UTC)
"Antivirus", "Version", "Last update", "Result"
"a-squared", "4.5.0.50", "2010.03.28", "-"
"AhnLab-V3", "5.0.0.2", "2010.03.27", "-"
"AntiVir", "7.10.5.241", "2010.03.26", "-"
"Antiy-AVL", "2.0.3.7", "2010.03.26", "-"
"Authentium", "5.2.0.5", "2010.03.28", "-"
"Avast", "4.8.1351.0", "2010.03.28", "-"
"Avast5", "5.0.332.0", "2010.03.28", "-"
"AVG", "9.0.0.787", "2010.03.28", "-"
"BitDefender", "7.2", "2010.03.28", "-"
"CAT-QuickHeal", "10.00", "2010.03.27", "-"
"ClamAV", "0.96.0.0-git", "2010.03.28", "-"
"Comodo", "4417", "2010.03.28", "-"
"DrWeb", "5.0.1.12222", "2010.03.28", "-"
"eSafe", "7.0.17.0", "2010.03.28", "-"
"eTrust-Vet", "35.2.7391", "2010.03.26", "-"
"F-Prot", "4.5.1.85", "2010.03.27", "-"
"F-Secure", "9.0.15370.0", "2010.03.28", "-"
"Fortinet", "4.0.14.0", "2010.03.27", "-"
"GData", "19", "2010.03.28", "-"
"Ikarus", "T3.1.1.80.0", "2010.03.28", "-"
"Jiangmin", "13.0.900", "2010.03.28", "-"
"K7AntiVirus", "7.10.1004", "2010.03.22", "-"
"Kaspersky", "7.0.0.125", "2010.03.28", "-"
"McAfee", "5934", "2010.03.28", "-"
"McAfee+Artemis", "5934", "2010.03.28", "-"
"McAfee-GW-Edition", "6.8.5", "2010.03.27", "-"
"Microsoft", "1.5605", "2010.03.28", "-"
"NOD32", "4980", "2010.03.28", "-"
"Norman", "6.04.10", "2010.03.28", "-"
"nProtect", "2009.1.8.0", "2010.03.28", "-"
"Panda", "10.0.2.2", "2010.03.28", "-"
"PCTools", "7.0.3.5", "2010.03.28", "-"
"Prevx", "3.0", "2010.03.28", "-"
"Rising", "22.40.06.04", "2010.03.28", "-"
"Sophos", "4.52.0", "2010.03.28", "-"
"Sunbelt", "6101", "2010.03.26", "-"
"Symantec", "20091.2.0.41", "2010.03.28", "-"
"TheHacker", "6.5.2.0.246", "2010.03.28", "-"
"TrendMicro", "9.120.0.1004", "2010.03.28", "-"
"VBA32", "3.12.12.2", "2010.03.27", "-"
"ViRobot", "2010.3.27.2248", "2010.03.27", "-"
"VirusBuster", "5.0.27.0", "2010.03.28", "-"
"MD5", "6e0ab2bbff15c7c826b896777397ef0d"
"SHA1", "473d69bc03eb8e32f21d16d4f794afb6a07eb379"
"SHA256", "f453a6aaa132b5f5b4367796a0485791a32dbf83cffb29e3e43899547d068490"
"File size", "430080 bytes"
"Scan date", "2010-03-28 20:48:59 (UTC)"

<table id="filescan">
<tr>
<th>Antivirus</th>
<th>Version</th>
<th>Last update</th>
<th>Result</th>
</tr>
<tr>
<td>a-squared</td>
<td>4.5.0.50</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>AhnLab-V3</td>
<td>5.0.0.2</td>
<td>2010.03.27</td>
<td>-</td>
</tr>
<tr>
<td>AntiVir</td>
<td>7.10.5.241</td>
<td>2010.03.26</td>
<td>-</td>
</tr>
<tr>
<td>Antiy-AVL</td>
<td>2.0.3.7</td>
<td>2010.03.26</td>
<td>-</td>
</tr>
<tr>
<td>Authentium</td>
<td>5.2.0.5</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Avast</td>
<td>4.8.1351.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Avast5</td>
<td>5.0.332.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>AVG</td>
<td>9.0.0.787</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>BitDefender</td>
<td>7.2</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>CAT-QuickHeal</td>
<td>10.00</td>
<td>2010.03.27</td>
<td>-</td>
</tr>
<tr>
<td>ClamAV</td>
<td>0.96.0.0-git</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Comodo</td>
<td>4417</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>DrWeb</td>
<td>5.0.1.12222</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>eSafe</td>
<td>7.0.17.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>eTrust-Vet</td>
<td>35.2.7391</td>
<td>2010.03.26</td>
<td>-</td>
</tr>
<tr>
<td>F-Prot</td>
<td>4.5.1.85</td>
<td>2010.03.27</td>
<td>-</td>
</tr>
<tr>
<td>F-Secure</td>
<td>9.0.15370.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Fortinet</td>
<td>4.0.14.0</td>
<td>2010.03.27</td>
<td>-</td>
</tr>
<tr>
<td>GData</td>
<td>19</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Ikarus</td>
<td>T3.1.1.80.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Jiangmin</td>
<td>13.0.900</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>K7AntiVirus</td>
<td>7.10.1004</td>
<td>2010.03.22</td>
<td>-</td>
</tr>
<tr>
<td>Kaspersky</td>
<td>7.0.0.125</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>McAfee</td>
<td>5934</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>McAfee+Artemis</td>
<td>5934</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>McAfee-GW-Edition</td>
<td>6.8.5</td>
<td>2010.03.27</td>
<td>-</td>
</tr>
<tr>
<td>Microsoft</td>
<td>1.5605</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>NOD32</td>
<td>4980</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Norman</td>
<td>6.04.10</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>nProtect</td>
<td>2009.1.8.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Panda</td>
<td>10.0.2.2</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>PCTools</td>
<td>7.0.3.5</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Prevx</td>
<td>3.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Rising</td>
<td>22.40.06.04</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Sophos</td>
<td>4.52.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>Sunbelt</td>
<td>6101</td>
<td>2010.03.26</td>
<td>-</td>
</tr>
<tr>
<td>Symantec</td>
<td>20091.2.0.41</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>TheHacker</td>
<td>6.5.2.0.246</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro</td>
<td>9.120.0.1004</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<tr>
<td>VBA32</td>
<td>3.12.12.2</td>
<td>2010.03.27</td>
<td>-</td>
</tr>
<tr>
<td>ViRobot</td>
<td>2010.3.27.2248</td>
<td>2010.03.27</td>
<td>-</td>
</tr>
<tr>
<td>VirusBuster</td>
<td>5.0.27.0</td>
<td>2010.03.28</td>
<td>-</td>
</tr>
<table>

<table id="fileinfo">
<tr>
<th>Additional information</th>
</tr>
<tr>
<td><strong>MD5:</strong> 6e0ab2bbff15c7c826b896777397ef0d</td>
</tr>
<tr>
<td><strong>SHA1:</strong> 473d69bc03eb8e32f21d16d4f794afb6a07eb379</td>
</tr>
<tr>
<td><strong>SHA256:</strong> f453a6aaa132b5f5b4367796a0485791a32dbf83cffb29e3e43899547d068490</td>
</tr>
<tr>
<td><strong>File size:</strong> 430080 bytes</td>
</tr>
<tr>
<td><strong>Scan date:</strong> 2010-03-28 20:48:59 (UTC)</td>
</tr>
</table>

Antivirus results
a-squared - 4.5.0.50 - 2010.03.28 - -
AhnLab-V3 - 5.0.0.2 - 2010.03.27 - -
AntiVir - 7.10.5.241 - 2010.03.26 - -
Antiy-AVL - 2.0.3.7 - 2010.03.26 - -
Authentium - 5.2.0.5 - 2010.03.28 - -
Avast - 4.8.1351.0 - 2010.03.28 - -
Avast5 - 5.0.332.0 - 2010.03.28 - -
AVG - 9.0.0.787 - 2010.03.28 - -
BitDefender - 7.2 - 2010.03.28 - -
CAT-QuickHeal - 10.00 - 2010.03.27 - -
ClamAV - 0.96.0.0-git - 2010.03.28 - -
Comodo - 4417 - 2010.03.28 - -
DrWeb - 5.0.1.12222 - 2010.03.28 - -
eSafe - 7.0.17.0 - 2010.03.28 - -
eTrust-Vet - 35.2.7391 - 2010.03.26 - -
F-Prot - 4.5.1.85 - 2010.03.27 - -
F-Secure - 9.0.15370.0 - 2010.03.28 - -
Fortinet - 4.0.14.0 - 2010.03.27 - -
GData - 19 - 2010.03.28 - -
Ikarus - T3.1.1.80.0 - 2010.03.28 - -
Jiangmin - 13.0.900 - 2010.03.28 - -
K7AntiVirus - 7.10.1004 - 2010.03.22 - -
Kaspersky - 7.0.0.125 - 2010.03.28 - -
McAfee - 5934 - 2010.03.28 - -
McAfee+Artemis - 5934 - 2010.03.28 - -
McAfee-GW-Edition - 6.8.5 - 2010.03.27 - -
Microsoft - 1.5605 - 2010.03.28 - -
NOD32 - 4980 - 2010.03.28 - -
Norman - 6.04.10 - 2010.03.28 - -
nProtect - 2009.1.8.0 - 2010.03.28 - -
Panda - 10.0.2.2 - 2010.03.28 - -
PCTools - 7.0.3.5 - 2010.03.28 - -
Prevx - 3.0 - 2010.03.28 - -
Rising - 22.40.06.04 - 2010.03.28 - -
Sophos - 4.52.0 - 2010.03.28 - -
Sunbelt - 6101 - 2010.03.26 - -
Symantec - 20091.2.0.41 - 2010.03.28 - -
TheHacker - 6.5.2.0.246 - 2010.03.28 - -
TrendMicro - 9.120.0.1004 - 2010.03.28 - -
VBA32 - 3.12.12.2 - 2010.03.27 - -
ViRobot - 2010.3.27.2248 - 2010.03.27 - -
VirusBuster - 5.0.27.0 - 2010.03.28 - -
File info:
MD5: 6e0ab2bbff15c7c826b896777397ef0d
SHA1: 473d69bc03eb8e32f21d16d4f794afb6a07eb379
SHA256: f453a6aaa132b5f5b4367796a0485791a32dbf83cffb29e3e43899547d068490
File size: 430080 bytes
Scan date: 2010-03-28 20:48:59 (UTC)

by **deltalima** » January 20th, 2011, 2:46 pm

Hi Oceana,

I think somewhere along the way (running ComboFix maybe?), at least some of the problem was taken care of.

We still have some minor issues to take care of.

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs,
highlight Java(TM) 6 Update 7
click Remove
Close the Add or Remove Programs and the Control Panel windows.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.

Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
After it completes the Installation, close the Download Manager.

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code: Select all

:otl
O2 - BHO: (no name) - {521E1B2B-0D05-4F9A-91EE-8FCDD4A28DCF} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {E43231E9-17C7-4336-BD4E-504D823D082D} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\urqQjhFx: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[REBOOT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

by **Oceana** » January 20th, 2011, 6:09 pm

Hi. Two things have crept in as we've been working together.
If I put a blank DVD in either of my drives, the machine reboots repeatedly until I remove it. There's threads on the Web about this and should be able to whip this myself.

The other thing is that now, whenever I reboot, all the Desktop icons come up as generic ones then s l o w l y fill in, like they're being recovered from disk or something. I usually only see that behavior if the machine wasn't shut down properly.

Here's the requested log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{521E1B2B-0D05-4F9A-91EE-8FCDD4A28DCF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521E1B2B-0D05-4F9A-91EE-8FCDD4A28DCF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E43231E9-17C7-4336-BD4E-504D823D082D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43231E9-17C7-4336-BD4E-504D823D082D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqQjhFx\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Jim Cargill
->Temp folder emptied: 256896 bytes
->Temporary Internet Files folder emptied: 43762094 bytes
->Java cache emptied: 37069396 bytes
->Flash cache emptied: 238036 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 407013 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 13833587 bytes

Total Files Cleaned = 91.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jim Cargill
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.2 log created on 01202011_163941

OTL by OldTimer - Version 3.2.20.2 log created on 01202011_163941

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jim Cargill\Local Settings\Temp\~DF9153.tmp not found!
File\Folder C:\Documents and Settings\Jim Cargill\Local Settings\Temp\~DF916E.tmp not found!
File\Folder C:\Documents and Settings\Jim Cargill\Local Settings\Temp\~DF91E7.tmp not found!
File\Folder C:\Documents and Settings\Jim Cargill\Local Settings\Temp\~DF9200.tmp not found!
C:\Documents and Settings\Jim Cargill\Local Settings\Temporary Internet Files\Content.IE5\Y7ISN6WR\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Jim Cargill\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1500.dat not found!

Registry entries deleted on Reboot...

by **deltalima** » January 20th, 2011, 6:36 pm

Hi Oceana,

whenever I reboot, all the Desktop icons come up as generic ones then s l o w l y fill in, like they're being recovered from disk or something

If possible please create another user account on the computer then log into that account and let me know if the same happens with that account.

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop.

Link1
Link2

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

by **Oceana** » January 22nd, 2011, 4:54 pm

Hi. I created a new account and when I logged off, then logged on again, all the desktop icons appeared just this side of instantly, like my main account ones used to. I then logged off the test account and back on to my main one and the icons were still coming up one at a time.

BTW, this morning when I booted the machine up from scratch, it couldn't seem to find a valid boot drive, so I had to go into the BIOS and tell it to boot from the C: drive. That's never happened before. It's booted ok in subsequent reboots.

DDS file:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jim Cargill at 15:47:11.26 on Sat 01/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1533.658 [GMT -5:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
D:\Program_Files\HP\Digital Imaging\bin\hpqSRMon.exe
D:\Program_Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program_Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Jim Cargill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\program_files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {521E1B2B-0D05-4F9A-91EE-8FCDD4A28DCF} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E43231E9-17C7-4336-BD4E-504D823D082D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\program_files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - d:\program_files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {E16DC1FE-7C34-43F2-B754-F3AD12DDF97C} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] d:\program_files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TPP Auto Loader] c:\windows\tppaldr.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IBM Warranty Notification] "c:\program files\ibm\acp\erts0749\ERTS0749.exe /nointro"
mRun: [hpqSRMon] d:\program_files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] d:\program_files\hp\hp software update\HPWuSchd2.exe
mRun: [EXSHOW95.EXE] EXSHOW95.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "d:\program_files\qttask.exe" -atboottime
mRun: [PCTVOICE] pctspk.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [GhostStartTrayApp] c:\program files\norton systemworks\norton ghost\GhostStartTrayApp.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\jimcar~1\startm~1\programs\startup\norton~1.lnk - c:\program files\norton systemworks\norton utilities\SYSDOC32.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program_files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCo ... taller.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} - hxxp://photos.msn.com/resources/neutral ... 10,0,910,0
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsup ... gctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 5441190031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - hxxps://brio.cit.cornell.edu/Brio/zeroa ... elp.en.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4 ... 42-win.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://boystomenccc.webex.com/client/T ... eatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral ... 10,0,910,0
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2006-8-21 6912]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-8-1 29239]
R1 GhPciScan;GhostPciScanner;c:\program files\norton systemworks\norton ghost\GhPciScan.sys [2002-8-14 5632]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2004-2-20 187392]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-29 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-29 108392]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton systemworks\norton utilities\NPROTECT.EXE [2008-11-4 135168]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-4-29 2234296]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2004-2-3 62976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-20 102448]
R3 KID_SYS;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\kid_sys.sys [2009-7-4 11616]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110121.034\NAVENG.SYS [2011-1-22 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110121.034\NAVEX15.SYS [2011-1-22 1360760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\amps2prt.sys --> c:\windows\system32\drivers\Amps2prt.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-29 23888]
S3 cpuz132;cpuz132; [x]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [1980-1-1 14336]
S3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\drivers\usbscan.sys [2009-4-29 15104]
S3 TPM12;NSC Integrated Trusted Platform Module 1.2;c:\windows\system32\drivers\nsctpm12.sys [1980-1-1 13056]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\TPP200.SYS [2002-6-24 36096]

=============== Created Last 30 ================

2011-01-20 21:39:41 -------- d-----w- C:\_OTL
2011-01-19 15:45:17 -------- d-----w- c:\documents and settings\all users\Application DataTechSmith
2011-01-19 15:36:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-01-18 02:31:45 -------- d-sha-r- C:\cmdcons
2011-01-18 02:27:27 98816 ----a-w- c:\windows\sed.exe
2011-01-18 02:27:27 89088 ----a-w- c:\windows\MBR.exe
2011-01-18 02:27:27 256512 ----a-w- c:\windows\PEV.exe
2011-01-18 02:27:27 161792 ----a-w- c:\windows\SWREG.exe
2011-01-13 21:53:40 -------- d-----w- c:\program files\trend micro
2011-01-13 21:41:54 388096 ----a-r- c:\docume~1\jimcar~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-03 13:37:54 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2011-01-03 13:37:48 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2011-01-03 13:37:48 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2011-01-03 13:37:48 401408 ----a-w- c:\windows\system32\lfcmp13n.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-14 20:24:03 348160 ------w- c:\windows\system32\msvcr71.dll
2010-11-12 23:53:06 472808 ------w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 16:11:14 2019 ------w- c:\windows\NewRecorder.reg
2010-11-09 16:11:14 1742626 ------w- c:\windows\Recorder.reg
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ------w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ------w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys

============= FINISH: 15:48:54.34 ===============

Attach.txt file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/8/2007 3:24:28 AM
System Uptime: 1/22/2011 2:04:11 PM (1 hours ago)

Motherboard: IBM | | IBM
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | LGA775/PSC/TJS | 2992/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 38.408 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 108.253 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
R: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1: 1/16/2011 7:34:59 PM - System Checkpoint
RP2: 1/19/2011 9:26:13 AM - System Checkpoint
RP3: 1/19/2011 10:38:32 AM - Installed SnagIt 7
RP4: 1/20/2011 11:32:01 AM - System Checkpoint
RP5: 1/20/2011 3:53:47 PM - Removed Java(TM) 6 Update 7
RP6: 1/20/2011 4:00:22 PM - Removed Adobe Reader 7.1.0
RP7: 1/20/2011 4:02:29 PM - Installed Adobe Reader X.
RP8: 1/22/2011 8:43:33 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Access Help
Acoustica CD/DVD Label Maker
Acoustica Photos Forever
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Photoshop v4.0
Adobe Reader X
Adobe Shockwave Player
AJB 6000 update
AML Free Registry Cleaner 4.21
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Atomic Clock Sync
BufferChm
C309a
Canon BJC-3000 (BJRSTR)
Canon BJC-3000 Printer
Canon SELPHY CP780
Canon Utilities SELPHY Photo Print
Canon Utilities SELPHY Print Contents 1.0.0
Cisco Systems VPN Client 5.0.01.0600
Compatibility Pack for the 2007 Office system
Complete CD Maker
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Data Lifeguard Tools
Dell Driver Download Manager
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Voice Editor 3
Diskeeper Lite
DocProc
DocProcQFolder
Driver Whiz
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Fax
File Uploader
FileZilla (remove only)
FullDPAppQFolder
Geekbench 2.1
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Help Center
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 12.0
HP Photo Creations
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential
HP Photosmart Essential 3.5
HP Photosmart Premier Software 6.5
HP Scanjet G4000 series 8.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
hpG4000
hpg4000QFolder
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HSP56 Modem Drivers
Hyperion Intelligence Client
IBM 32-bit Runtime Environment for Java 2, v1.4.2
InstantShareDevices
Intel(R) Network Connections 14.8.43.0
InterVideo Register Manager
InterVideo WinDVD
Java Auto Updater
Java(TM) 6 Update 23
Kensington MouseWorks
LaserJet 1020 series
Lenovo ThinkVantage Toolbox
LightScribe System Software
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Magic ISO Maker v5.5 (build 0261)
Maintenance Manager
Malwarebytes' Anti-Malware
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Mouse Suite
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
Nero PhotoShow Express
neroxml
Network
Nikon Message Center
Nikon Transfer
Norton Speed Disk 7.0 for Windows NT
Norton SystemWorks 2003
Norton Utilities 2003 for Windows
OCR Software by I.R.I.S. 12.0
PanoStandAlone
PhotoGallery
Pinnacle InstantCD/DVD Suite
Productivity Center Supplement for ThinkCentre
PS_AIO_05_C309_Software_Min
QuickTime
RandMap
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery - Client Security Solution
Scan
ScanModule V5.1
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SlideShow
SmartWebPrinting
SnagIt 7
SolutionCenter
Sonic DLA
Sonic Express Labeler
Sonic RecordNow!
Sonic_PrimoSDK
SoundMAX
Spybot - Search & Destroy
Status
Symantec Endpoint Protection
System Migration Assistant
System Update
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Toolbox
TPM Device Driver
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter V2 (TPP)
Verizon Help and Support Tool
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
Vz In Home Agent
Wallpapers
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Hewlett-Packard Image (12/14/2009 13.0.0.61)
Windows Driver Package - Winbond Electronics Corporation Winbond Trusted Platform Module (06/30/2005 5.1.47.2011)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WM Recorder + RM Recorder 10.21
XLink/Win Version 2.7b
XP Themes
Zaurus Application Partner

==== Event Viewer Messages From Past Week ========

1/22/2011 10:46:28 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 ac1c74b4, parameter4 00000000.
1/22/2011 10:44:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Update service to connect.
1/22/2011 10:44:20 AM, error: Service Control Manager [7000] - The System Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/20/2011 9:57:40 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 ad5e6d78, parameter4 00000000.
1/20/2011 7:29:07 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 abcaf4b4, parameter4 00000000.
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7034] - The GhostStartService service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:40:05 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/20/2011 4:39:58 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:39:43 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/20/2011 4:39:43 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
1/20/2011 4:39:42 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 4:39:42 PM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/20/2011 2:55:13 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 ad2f4d78, parameter4 00000000.
1/20/2011 2:03:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI
1/20/2011 2:03:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/20/2011 11:03:30 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 ae21fd78, parameter4 00000000.
1/18/2011 3:11:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
1/18/2011 2:59:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service NBService with arguments "-Service" in order to run the server: {81F9417F-B186-4BB0-AE2B-AB574859E5CC}
1/18/2011 2:50:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/18/2011 12:17:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/18/2011 12:17:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/18/2011 12:17:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip WPS
1/18/2011 12:17:26 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2011 12:17:26 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2011 12:17:26 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2011 12:17:26 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2011 10:27:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
1/17/2011 9:43:19 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
1/17/2011 9:43:19 PM, error: PlugPlayManager [11] - The device Root\LEGACY_GMER\0000 disappeared from the system without first being prepared for removal.
1/17/2011 9:30:19 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/17/2011 9:21:02 PM, error: Service Control Manager [7034] - The Speed Disk service service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 9:19:20 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
1/17/2011 9:19:20 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/17/2011 9:17:29 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 9:17:21 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
1/17/2011 9:16:06 PM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 8:09:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PCTEL Speaker Phone service to connect.
1/17/2011 8:09:07 AM, error: Service Control Manager [7000] - The PCTEL Speaker Phone service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/17/2011 7:00:24 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 aeb644c8, parameter4 00000000.
1/17/2011 6:58:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVT Backup Service service to connect.
1/17/2011 6:58:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection service to connect.
1/17/2011 5:03:55 PM, error: Print [6161] - The document viewtopic.php?f=11&t=55370 owned by Jim Cargill failed to print on printer Canon BJC-3000 (BJRSTR). Data type: NT EMF 1.008. Size of the spool file in bytes: 3407872. Number of bytes printed: 889736. Total number of pages in the document: 15. Number of pages printed: 3. Client machine: \\LENOVO-D031BFEE. Win32 error code returned by the print processor: 122 (0x7a).
1/17/2011 10:48:53 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 ad68f4b4, parameter4 00000000.
1/17/2011 10:08:47 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 acd714c8, parameter4 00000000.
1/16/2011 10:50:47 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
1/15/2011 9:52:52 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3 ad6ec4c8, parameter4 00000000.
1/15/2011 9:49:49 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
1/15/2011 9:47:50 AM, error: SRService [104] - The System Restore initialization process failed.
1/15/2011 8:10:15 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/15/2011 8:10:01 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================

by **deltalima** » January 22nd, 2011, 5:53 pm

Hi Oceana,

I created a new account and when I logged off, then logged on again, all the desktop icons appeared just this side of instantly, like my main account ones used to. I then logged off the test account and back on to my main one and the icons were still coming up one at a time.

That sounds like the icon cache may be corrupt.

Please visit the following web site

http://support.microsoft.com/kb/2396571

and click on Run Now then follow the instructions.

Please let me know if that fixes the icon issue.

this morning when I booted the machine up from scratch, it couldn't seem to find a valid boot drive, so I had to go into the BIOS and tell it to boot from the C: drive

That, plus this item from the event log

1/15/2011 8:10:15 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Suggests that there may be hardware problem with the hard disk or controller so make sure you backup any important data to another disk in case the disk fails.

by **Oceana** » January 25th, 2011, 11:44 am

BTW, I realized upon re-running the test account login, those icons also take their time populating the screen, too, changing from the generic to the specific icon. It was just that there was only 30 of them, a lot less than my original account, so they populated a lot faster.

I ran the suggested fix and it errored out with "Fix It troubleshooting cannot continue because an error occured. This troubleshooter does not apply to this machine." and didn't fix the problem.

by **deltalima** » January 25th, 2011, 2:57 pm

Hi Oceana,

The logs are clean of Malware, as you have a failing disk then this is the likely cause of the slow boot and the slow icons. At this point I can only recommend that you remove the tools that we have used and then arrange to have the hard disk replaced.

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:

Press Start >> All Programs >> Accessories >>System Tools >> System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start >> Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

by **Wingman** » January 26th, 2011, 4:40 pm

As your problems do not appear to be malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Free Malware Removal Forum

Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Re: Need help with ZSHP1020.EXE virus infestation

Who is online