Some Sort Of Computer Black Magic

gymboy07 · May 28, 2011

After a few instances where my more tech savvy friend had to save my computer, something new has occurred.

Now, when i turn on the computer it is very loud, and it continues to make this noise except a little quieter for the rest of the time. It is very slow, and I have been having a lot of issues with my internet browser.

My Symantec scan came back clean.

I'm not sure if this helps, but i did a Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:28:07 PM, on 5/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:jon@joncomics.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8187 bytes

DSTM (Dougie) · May 29, 2011

Hi cruddycomputers4life Welcome to CHF.

Ask you to be patient, as our Malware Expert may be away for the weekend.

KenB · May 29, 2011

Hi,

computer it is very loud, and it continues to make this noise except a little quieter ....
Click to expand...

This doesn't sound like malware ( if you will excuse the pun )

If this is a desktop - have you taken the side panel off and checked for dust?
In particular, take a close look at the fans.
If they are clogged up you will get problems.

If there is dust use a soft brush or can of compressed air to clean.

The only moving parts that can produce a mechanical noise are the fans and the drives.

BeeCeeBee · May 29, 2011

I am assuming that you are talking about the fans being loud in which case I agree with Ken. However I don't recall your actually describing the sound.

KlickKatt · May 29, 2011

One at a time, touch the hubs of the Fans and verify that the fans are running and that the sound doesn't change when you stop a fan's rotation. (Especially the Video Card.)

Kindly keep your fingers out of the fan blades - that can be rather startling. :snckr:

DSTM (Dougie) · May 29, 2011

I don't think it's really smart putting your fingers anywhere inside a case when the power is on.

Unless you know what your doing.

KlickKatt · May 29, 2011

DSTM said: ↑

I don't think it's really smart putting your fingers anywhere inside a case when the power is on.

Unless you know what your doing.
Click to expand...

Good point, Dougie. On the other hand, you probably shouldn't take the covers off the case if you don't know what you're doing. :snckr:

But, the technique has worked well for me and quickly solved a machine that kept rebooting ... turned out a cable had caught a CPU fan blade and it wasn't turning. Another time the fan on a video card died - fairly common, I think. Touching the fan hub quickly told the story - where it was hard to actually see the fan blades.

I think I'm correct in saying that no computer is likely to have dangerous voltages present - except inside the PS enclosure. Zapping a component is another story - at a minimum - always touch/hold the metal chassis.

gymboy07 · May 29, 2011

KenB said: ↑

Hi,

This doesn't sound like malware ( if you will excuse the pun )

If this is a desktop - have you taken the side panel off and checked for dust?
In particular, take a close look at the fans.
If they are clogged up you will get problems.

If there is dust use a soft brush or can of compressed air to clean.

The only moving parts that can produce a mechanical noise are the fans and the drives.
Click to expand...

Thanks, but the noise isn't really what is worrying me the most. It is mainly the fact that it is very slow and the problems I've been having with my browser.

BeeCeeBee · May 29, 2011

Will you please describe the noise. Is it a fan noise or a clicking or grating sound? There are only very few moving parts in a computer and problems with any of them will create any number of other issues particularly slowdowns and freezes.

PseFrank · May 29, 2011

For the original poster and other CHF members following/reading this thread I would advise against handling or touching component parts unless like KlickKatt you are very experienced in working with computers and know just what the component parts do.

If you really do have to go inside the case to try and diagnose possible heat problems then a method that works for me is to first of all shut the computer down and disconnect from the power socket.

Put the computer on it's side up on your desk or table and remove the side panel. Now you can look carefully to see both how much dirt and dust has built up in the case and also check out the fan connections, etc. Also, just as KlickKatt has stated you can safely check to make sure that none of the cables are stopping a fan blade from spinning freely.

When you are happy that all is well visually, leave the computer on it's side in the same position and reconnect the power. Boot the computer normally, but don't put your hands or fingers inside the case. This way a visual check can be made of the individual fans to see if they are spinning correctly. Also this gives you the opportunity to listen for any unusual noise coming from the fans.

Note: A failing hard drive can make a ticking or clicking sound.

Others here will almost certainly have their own methods of checking things out. The choice is yours, but do please keep yourself safe.

DSTM (Dougie) · May 30, 2011

It still wouldn't hurt for Starbuck to check your log which I am sure he will. cruddycomputers4life.

Adding to KlicKKat and PSE Frank's posts, I had an instance also where wiring prevented a fan from spinning up.

Often wiring can impede air flow so it's important to cable tie the harness out of the way.

Adding to PSEFranks post once the power cable is removed, hold the start button on for 5 seconds and that gets rid of any static build up.Often when pressing the start button there is enough static to flash the lights for a millisecond.

Another method I use to isolate noises I have a 15" piece of plastic tube which I hold to my ear and the other end close to components.This acts like a Doctors stethoscope and increases any noise many fold.

Contrary to advice given on many sites, I have never had any issue using a soft brush and a Vacuum cleaner to remove dust buildup. The important thing is to never let the vacuum nozzle touch any component.

Like PSEFrank I always lay the tower on it's side as well to investigate any issues.

I only once accidently put 2 cd's in at once. Now there is an unusual noise. :snckr:

BeeCeeBee · May 30, 2011

BeeCeeBee said: ↑

I am assuming that you are talking about the fans being loud in which case I agree with Ken. However I don't recall your actually describing the sound.
Click to expand...

We seem to be talking to ourselves here. I don't like working with assumptions for obvious reasons. What is this sound you are hearing?

gymboy07 · May 30, 2011

I believe it is a whirring sound, but I really have no clue how to describe it in words, perhaps i'll try and find a youtube video that sounds like it.

EDIT: I guess it's kind of like a loud obnoxious buzzing, sort of like a car engine stalling.

I suppose it could be the fan...

DSTM (Dougie) · May 30, 2011

Quick way to see if it's the CPU fan that is noisy is to disconnect power to the fan for a very short time and Boot.

Don't leave disconnected for very long as the processor will get hot quickly.

Only for test.

OS should still boot.

I have a very noisy CPU FAN in one of my Computers.Very annoying.

starbuck · Feb 4, 2014

Hi cruddycomputers4life

There's nothing in the report to suggest the problems you are experiencing.
But a few things i should point out.
We don't rely on HijackThis anymore to give us enough information about your system.
As far as the slowness is concerned.....
System is XP.... but how old is it?
How much Ram is installed?
How much hard drive space do you have available?
When was the last time the temp files etc were cleaned out?

We can find all this out in 2 simple steps, it would make things easier to sort out the slowness but i have to agree with everyone else .... i can't see the noise being malware related.

Step 1
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

It will close all programs when run, so make sure you have saved all your work before you begin.

Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.

Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check

.

.
.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.
.

Click the Run Scan button.

Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
Both reports from OTL
Also let me know how many Mb TFC removes.

Thanks.

gymboy07 · May 31, 2011

488 mb was removed... ?_? wow.

OTL logfile created on: 5/31/2011 5:39:54 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\David Plaks\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.48 Mb Total Physical Memory | 306.66 Mb Available Physical Memory | 41.75% Memory free
1.76 Gb Paging File | 1.36 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.67 Gb Total Space | 16.01 Gb Free Space | 21.44% Space Free | Partition Type: NTFS
Drive E: | 5.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.94 Gb Total Space | 1.94 Gb Free Space | 99.80% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Plaks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David Plaks\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\slserv.exe ( )

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David Plaks\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (ACT! Scheduler) -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe ( )

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110502.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110502.002\NAVENG.SYS (Symantec Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc.)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys ( )
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys ( )
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys ( )
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 12:04:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/21 12:04:39 | 000,000,000 | ---D | M]

[2010/10/23 16:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Plaks\Application Data\Mozilla\Extensions
[2011/05/28 17:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Plaks\Application Data\Mozilla\Firefox\Profiles\ketqv0f2.default\extensions
[2010/10/23 17:18:02 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\David Plaks\Application Data\Mozilla\Firefox\Profiles\ketqv0f2.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/05/28 17:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 02:31:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/11 23:45:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 14:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/20 14:41:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/20 14:41:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David Plaks\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Plaks\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/17 08:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/22 21:33:52 | 000,000,146 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/09/28 00:27:00 | 000,023,040 | R--- | M] () - E:\autorunner.exe -- [ CDFS ]
O33 - MountPoints2\{0fd08050-1f61-11e0-b292-0016ec2dd397}\Shell - "" = AutoRun
O33 - MountPoints2\{0fd08050-1f61-11e0-b292-0016ec2dd397}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fd08050-1f61-11e0-b292-0016ec2dd397}\Shell\AutoRun\command - "" = E:\autorunner.exe "ColumbiaCollegeViewbook.pdf"
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorunner.exe "ColumbiaCollegeViewbook.pdf"
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 17:36:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Plaks\Desktop\OTL.exe
[2011/05/31 17:25:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Plaks\Desktop\TFC.exe
[2011/05/28 17:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Plaks\Start Menu\Programs\HiJackThis
[2011/05/28 17:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/03 14:46:28 | 021,046,160 | ---- | C] (Sage Software ) -- C:\Documents and Settings\David Plaks\Application Data\ACT1200HotFix_SS.exe
[2005/09/19 20:34:44 | 000,014,992 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/09/17 01:35:31 | 000,013,232 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2005/09/17 01:35:30 | 001,395,296 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005/09/17 01:35:30 | 000,652,360 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005/09/17 01:35:30 | 000,231,224 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005/09/17 01:35:30 | 000,100,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2005/09/17 01:35:30 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2005/09/17 01:35:30 | 000,014,408 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys

========== Files - Modified Within 30 Days ==========

[2011/05/31 17:36:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Plaks\Desktop\OTL.exe
[2011/05/31 17:36:28 | 000,000,848 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/05/31 17:31:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/31 17:31:37 | 770,232,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 17:25:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Plaks\Desktop\TFC.exe
[2011/05/31 17:20:21 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/28 23:05:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1753942526-3274005699-3231573712-1006UA.job
[2011/05/28 17:26:37 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\David Plaks\Desktop\HiJackThis.lnk
[2011/05/28 17:14:06 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\David Plaks\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/28 17:14:04 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\David Plaks\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/05/28 17:20:52 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\David Plaks\Desktop\HiJackThis.lnk
[2011/01/05 21:41:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\David Plaks\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/14 02:32:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/03 16:55:28 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David Plaks\Local Settings\Application Data\fusioncache.dat
[2010/11/03 15:05:17 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/03 15:05:17 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A292217C2E.sys
[2010/10/23 16:32:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/22 04:03:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/10/19 19:56:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/19 19:52:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2005/09/19 21:02:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/19 20:34:44 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/09/19 20:34:44 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2005/09/19 20:34:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/09/19 20:34:44 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2005/09/19 20:34:44 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/09/19 20:34:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2005/09/19 15:14:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/09/19 15:13:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/09/19 15:13:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/09/19 15:13:39 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/09/19 15:13:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/09/19 15:13:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/09/19 15:12:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/09/19 15:12:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/09/19 15:09:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/09/19 15:08:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/09/17 09:58:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/09/17 09:58:53 | 000,001,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/09/17 09:51:53 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2005/09/17 08:50:13 | 000,000,773 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/17 08:45:10 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/09/17 08:43:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/17 08:39:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/09/17 08:26:34 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2005/09/17 08:26:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2005/09/17 08:26:00 | 000,079,320 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/09/17 08:24:35 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/09/17 08:24:17 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/17 08:23:50 | 000,448,102 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/09/17 08:23:50 | 000,079,830 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/09/17 01:35:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/09/17 01:35:30 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/09/17 01:33:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/17 01:33:11 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/17 15:00:55 | 000,266,327 | ---- | C] () -- C:\WINDOWS\System32\ADErrorHandling.dll

========== LOP Check ==========

[2010/11/03 15:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Act
[2010/11/03 14:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage Software, Inc
[2010/11/03 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/19 23:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Plaks\Application Data\.minecraft
[2010/11/03 14:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Plaks\Application Data\ACT
[2010/11/03 15:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Plaks\Application Data\IsolatedStorage
[2005/09/17 11:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Plaks\Application Data\SampleView
[2010/11/26 18:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Plaks\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/09/17 08:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/19 00:39:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/09/17 08:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/31 17:31:37 | 770,232,320 | -HS- | M] () -- C:\hiberfil.sys
[2005/09/17 08:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/19 00:16:04 | 000,000,088 | ---- | M] () -- C:\MOVE_RECOVERY
[2005/09/17 08:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/10/23 02:50:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/31 17:31:35 | 1157,627,904 | -HS- | M] () -- C:\pagefile.sys
[2010/10/22 00:47:37 | 000,033,612 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_22.10.2010_00.47.02_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/09/17 01:32:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/09/17 01:32:27 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/09/17 01:32:27 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/21 12:04:35 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/21 12:04:35 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/21 12:04:35 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/21 12:04:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/21 12:04:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/21 12:04:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 08:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 08:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 08:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/12/21 12:04:35 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/12/21 12:04:35 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/12/21 12:04:35 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/12/21 12:04:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/12/21 12:04:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/12/21 12:04:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\David Plaks\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/20 00:54:14 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 08:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 08:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 08:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

Extras:

OTL Extras logfile created on: 5/31/2011 5:39:54 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\David Plaks\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

734.48 Mb Total Physical Memory | 306.66 Mb Available Physical Memory | 41.75% Memory free
1.76 Gb Paging File | 1.36 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.67 Gb Total Space | 16.01 Gb Free Space | 21.44% Space Free | Partition Type: NTFS
Drive E: | 5.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.94 Gb Total Space | 1.94 Gb Free Space | 99.80% Space Free | Partition Type: FAT

Computer Name: DAVID | User Name: David Plaks | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9F147E79-45EB-489C-A45A-F7D889CEB86F}_is1" = Advanced Mouse Auto Clicker 3.2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"SLAMRNTV" = Smart Link 56K Voice Modem
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2010 8:52:23 AM | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 428: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/8/2010 8:52:23 AM | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/14/2010 11:17:09 PM | Computer Name = DAVID | Source = MsiInstaller | ID = 11706
Description = Product: ACT! by Sage 2010 -- Error 1706.No valid source could be
found for product ACT! by Sage 2010. The Windows Installer cannot continue.

Error - 11/16/2010 8:46:50 AM | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/17/2010 9:07:32 PM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2010 12:57:31 AM | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/19/2010 9:02:56 AM | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/26/2010 2:07:22 AM | Computer Name = DAVID | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80004002 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/26/2010 2:07:22 AM | Computer Name = DAVID | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80004002 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/26/2010 5:51:56 PM | Computer Name = DAVID | Source = MsiInstaller | ID = 10005
Description = Product: Skype Toolbars -- A later version of Skype Toolbars is already
installed.

[ System Events ]
Error - 5/31/2011 6:29:31 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/31/2011 6:29:31 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/31/2011 6:29:31 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/31/2011 6:29:31 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/31/2011 6:29:31 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/31/2011 6:29:31 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The SQL Server (ACT7) service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/31/2011 6:32:03 PM | Computer Name = DAVID | Source = SAVRT | ID = 458772
Description = Unable to initialize the virus scanning engine database files.

Error - 5/31/2011 6:33:19 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ACT! Scheduler service
to connect.

Error - 5/31/2011 6:33:19 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The ACT! Scheduler service failed to start due to the following error:
%%1053

Error - 5/31/2011 6:34:10 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT

< End of report >

gymboy07 · May 31, 2011

Update: I took the cover off and turned on the computer and found the source of the noise: inside fan (CPU fan?). I don't know why it is making noise though, perhaps dust.....

*sorry for the double post, couldn't find the edit button

starbuck · Feb 4, 2014

Hi cruddycomputers4life

Thanks for letting us know about the fan.

734.48 Mb Total Physical Memory | 306.66 Mb Available Physical Memory | 41.75% Memory free

Drive C: | 74.67 Gb Total Space | 16.01 Gb Free Space | 21.44% Space Free | Partition Type: NTFS
Click to expand...

With these specs, this m/c will never be the fastest off the starting blocks.
The Ram is about the bare minimum to run SP3.

We may as well clean up a few items in your report whilst you are here.

Step 1
Double click on OTL to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

tl
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O33 - MountPoints2\{0fd08050-1f61-11e0-b292-0016ec2dd397}\Shell - "" = AutoRun
O33 - MountPoints2\{0fd08050-1f61-11e0-b292-0016ec2dd397}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fd08050-1f61-11e0-b292-0016ec2dd397}\Shell\AutoRun\command - "" = E:\autorunner.exe "ColumbiaCollegeViewbook.pdf"
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorunner.exe "ColumbiaCollegeViewbook.pdf"
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

OTL will reboot your system once the fix has completed.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 6 Update 25 and save it to your desktop.

Scroll down to where it says "Java SE 6 Update 25".

Click the "Download JRE" button to the right.

Accept the license agreement.

select 'Windows x86'offline from the list.

Save the file to your desktop.

Close any programs you may have running - especially your web browser.

Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version.

In your next reply, please submit:
Otl fix report

Thanks.

gymboy07 · Jun 1, 2011

Right now my computer is disconnected awaiting the ol' can of compressed air, so it'll take me a couple days or so before I can do that ^ , but I just wanted to say I appreciate all the help guys. If i had called a person to do it it probably would have cost me a hundred bucks or so.

Also, I'm not so sure what this means, could you translate it to "knows how to work Microsoft Word" :

"With these specs, this m/c will never be the fastest off the starting blocks.
The Ram is about the bare minimum to run SP3."

DSTM (Dougie) · Jun 1, 2011

cruddycomputers4life said: ↑

Also, I'm not so sure what this means, could you translate it to "knows how to work Microsoft Word" : Not sure.

"With these specs, this m/c will never be the fastest off the starting blocks. Means with what hardware you have, your computer will never be a rocket ship. (Very Fast)
The Ram is about the bare minimum to run SP3." You need to buy more RAM if you want increased performance.
Click to expand...

Log in or Sign up

Some Sort Of Computer Black Magic

gymboy07 Registered Members

DSTM (Dougie) Registered Members

KenB Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

KlickKatt Inactive Staff Member

DSTM (Dougie) Registered Members

KlickKatt Inactive Staff Member

gymboy07 Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

PseFrank Registered Members

DSTM (Dougie) Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

gymboy07 Registered Members

DSTM (Dougie) Registered Members

starbuck Rest In Peace Pete Administrator

gymboy07 Registered Members

gymboy07 Registered Members

starbuck Rest In Peace Pete Administrator

gymboy07 Registered Members

DSTM (Dougie) Registered Members

Share This Page

Log in or Sign up

Some Sort Of Computer Black Magic

gymboy07 Registered Members

DSTM (Dougie) Registered Members

KenB Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

KlickKatt Inactive Staff Member

DSTM (Dougie) Registered Members

KlickKatt Inactive Staff Member

gymboy07 Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

PseFrank Registered Members

DSTM (Dougie) Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

gymboy07 Registered Members

DSTM (Dougie) Registered Members

starbuck Rest In Peace Pete Administrator

gymboy07 Registered Members

gymboy07 Registered Members

starbuck Rest In Peace Pete Administrator

gymboy07 Registered Members

DSTM (Dougie) Registered Members

Share This Page

Useful Searches