My task bar in XP changed color to a pale green and the font size changed (I am paritally color blind, so color is a guess to a degree) from the normal blue. When that happens, the wireless internet won't work either. I have run all the programs that you suggest prior to posting and they are below. Before I ran those, I restored the PC (Dell) from a previous date which worked. However, on a new start up the color changed again and internet won't work. Now, if you use that same date for the restore point, it now restores to the pale color and internet won't work. I am getting close to deciding that I need to reload windows, but I would rather avoid that if possible. Additionally, I have run SpyBot set to run prior to other programs initialization, Spyware Doctor, CC Cleaner, ATF Cleaner, MalwareBytes, GMER and DDS. Please help.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4162

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2010 1:20:52 AM
MalWare Log.txt

Scan type: Quick scan
Objects scanned: 123293
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

Folders Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-02 17:42:12
Windows 5.1.2600 Service Pack 3
Running: mj3ogrgo.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\ffdirpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8AEECAC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 21:38:19.65 on Wed 06/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2624 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206658226343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\5koa8rr6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-2 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-6 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-4-23 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-4-23 59664]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-15 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-15 242896]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-10-17 148496]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-6 233136]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-6 353680]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-6 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-27 29584]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-4-23 63360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-23 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-23 1142224]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-4-23 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-06-02 18:02:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-02 17:56:19 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-02 17:45:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-02 17:39:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-02 17:38:34 0 d-----w- c:\program files\Lavasoft
2010-06-02 06:13:32 0 d-----w- c:\docume~1\john\applic~1\Malwarebytes
2010-06-02 06:13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 06:13:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 06:13:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-02 06:13:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 02:15:56 36352 ----a-w- c:\windows\system32\drivers\bzmfeolo.sys
2010-06-02 00:32:21 0 d-----w- c:\windows\system32\MpEngineStore

==================== Find3M ====================

2010-06-02 22:17:14 2018940960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-02 18:04:16 23650196 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-02 17:11:54 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-30 07:21:50 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-15 02:32:50 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-05-01 17:41:03 147603 ----a-w- c:\windows\hpoins21.dat
2010-04-13 14:46:10 112 ----a-w- c:\docume~1\alluse~1\applic~1\T0IPiByb0.dat
2010-04-08 19:29:32 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-16 17:24:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 23:21:38 31826 ----a-w- c:\windows\system32\nvModes.dat
2008-10-17 20:45:52 52423056 -c--a-w- c:\program files\zaSuiteSetup_80_059_000_en.exe
2008-08-17 05:03:18 1495112 -c--a-w- c:\program files\install_flash_player.exe
2008-08-05 21:31:01 35124856 -c--a-w- c:\program files\AdbeRdr90_en_US.exe
2008-07-12 15:51:08 46033808 -c--a-w- c:\program files\zaSuiteSetup_70_483_000_en.exe
2008-06-09 03:44:43 1305088 -c--a-w- c:\program files\NF_Movie_Player_211.msi
2008-04-06 15:44:49 46008720 -c--a-w- c:\program files\zaSuiteSetup_70_470_000_en.exe
2008-03-29 03:21:50 6021960 -c--a-w- c:\program files\Firefox Setup 2.0.0.9.exe
2008-03-28 01:16:39 22685480 -c--a-w- c:\program files\SkypeSetup.exe
2008-03-27 21:22:37 6039144 -c--a-w- c:\program files\Firefox Setup 2.0.0.13.exe

============= FINISH: 21:39:28.98 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/27/2008 4:29:08 PM
System Uptime: 6/2/2010 9:26:21 PM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1995/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 192.003 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP543: 3/5/2010 5:50:19 PM - System Checkpoint
RP544: 3/6/2010 7:23:03 PM - System Checkpoint
RP545: 3/7/2010 7:36:20 PM - System Checkpoint
RP546: 3/8/2010 8:33:22 PM - System Checkpoint
RP547: 3/10/2010 2:16:00 PM - System Checkpoint
RP548: 3/11/2010 12:31:26 AM - Software Distribution Service 3.0
RP549: 3/12/2010 1:38:26 AM - System Checkpoint
RP550: 3/13/2010 3:03:28 PM - System Checkpoint
RP551: 3/14/2010 4:23:33 PM - System Checkpoint
RP552: 3/15/2010 10:47:46 PM - System Checkpoint
RP553: 3/16/2010 12:22:34 PM - Avg8 Update
RP554: 3/16/2010 12:24:54 PM - Avg Update
RP555: 3/17/2010 12:39:06 PM - System Checkpoint
RP556: 3/18/2010 7:25:47 PM - System Checkpoint
RP557: 3/19/2010 9:31:00 PM - System Checkpoint
RP558: 3/20/2010 10:32:27 PM - System Checkpoint
RP559: 3/21/2010 11:06:02 PM - System Checkpoint
RP560: 3/23/2010 9:11:11 AM - System Checkpoint
RP561: 3/24/2010 2:09:00 PM - System Checkpoint
RP562: 3/25/2010 7:48:35 PM - System Checkpoint
RP563: 3/26/2010 8:58:46 PM - System Checkpoint
RP564: 3/27/2010 9:20:07 PM - System Checkpoint
RP565: 3/28/2010 10:13:04 PM - System Checkpoint
RP566: 3/29/2010 10:42:45 PM - System Checkpoint
RP567: 3/31/2010 3:00:17 AM - Software Distribution Service 3.0
RP568: 4/1/2010 2:45:02 PM - Avg Update
RP569: 4/1/2010 2:47:22 PM - Avg Update
RP570: 4/2/2010 11:16:30 PM - System Checkpoint
RP571: 4/4/2010 8:05:39 AM - System Checkpoint
RP572: 4/5/2010 11:45:23 AM - System Checkpoint
RP573: 4/6/2010 7:36:22 PM - System Checkpoint
RP574: 4/7/2010 5:28:34 PM - Avg Update
RP575: 4/8/2010 5:35:31 PM - System Checkpoint
RP576: 4/9/2010 6:36:45 PM - System Checkpoint
RP577: 4/11/2010 6:48:48 PM - System Checkpoint
RP578: 4/12/2010 7:04:59 PM - System Checkpoint
RP579: 4/13/2010 3:41:21 PM - Removed Bonjour
RP580: 4/14/2010 4:58:51 PM - System Checkpoint
RP581: 4/15/2010 11:45:48 AM - Software Distribution Service 3.0
RP582: 4/15/2010 4:24:04 PM - Software Distribution Service 3.0
RP583: 4/16/2010 3:00:17 AM - Software Distribution Service 3.0
RP584: 4/16/2010 11:50:54 PM - Removed Sonic Update Manager
RP585: 4/18/2010 12:42:10 AM - System Checkpoint
RP586: 4/19/2010 7:59:14 AM - System Checkpoint
RP587: 4/20/2010 9:05:34 AM - System Checkpoint
RP588: 4/21/2010 10:35:59 AM - Avg Update
RP589: 4/21/2010 10:37:16 AM - Avg Update
RP590: 4/22/2010 11:48:56 AM - System Checkpoint
RP591: 4/23/2010 1:17:25 PM - System Checkpoint
RP592: 4/25/2010 12:19:07 AM - System Checkpoint
RP593: 4/26/2010 6:45:09 PM - System Checkpoint
RP594: 4/27/2010 8:05:50 PM - System Checkpoint
RP595: 4/29/2010 2:08:20 AM - System Checkpoint
RP596: 4/30/2010 3:12:40 AM - System Checkpoint
RP597: 5/1/2010 12:30:59 PM - Installed HPSU306Stub
RP598: 5/1/2010 12:39:20 PM - Printer Driver HP Photosmart C7200 series fax Installed
RP599: 5/2/2010 1:15:00 PM - System Checkpoint
RP600: 5/3/2010 4:26:20 PM - Removed HPSU306Stub
RP601: 5/4/2010 7:41:22 PM - System Checkpoint
RP602: 5/5/2010 9:32:40 AM - Avg Update
RP603: 5/7/2010 3:10:00 AM - System Checkpoint
RP604: 5/8/2010 3:12:06 AM - System Checkpoint
RP605: 5/10/2010 8:44:08 AM - System Checkpoint
RP606: 5/11/2010 10:09:02 AM - System Checkpoint
RP607: 5/12/2010 1:20:01 PM - System Checkpoint
RP608: 5/13/2010 1:41:59 PM - System Checkpoint
RP609: 5/15/2010 7:40:49 PM - System Checkpoint
RP610: 5/16/2010 10:14:15 PM - System Checkpoint
RP611: 5/18/2010 8:07:58 PM - System Checkpoint
RP612: 5/20/2010 1:29:27 AM - System Checkpoint
RP613: 5/23/2010 6:21:43 PM - System Checkpoint
RP614: 5/24/2010 11:40:48 AM - Removed Adobe Reader 8.1.2
RP615: 5/24/2010 11:42:24 AM - Installed Adobe Reader 9.3.
RP616: 5/25/2010 4:30:17 PM - System Checkpoint
RP617: 5/28/2010 12:17:28 AM - System Checkpoint
RP618: 5/29/2010 1:59:44 AM - System Checkpoint
RP619: 5/31/2010 11:59:28 AM - System Checkpoint
RP620: 5/31/2010 7:59:17 PM - Restore Operation
RP621: 6/1/2010 12:44:23 AM - Restore Operation
RP622: 6/1/2010 3:48:41 AM - Restore Operation
RP623: 6/1/2010 10:00:49 AM - Restore Operation
RP624: 6/1/2010 4:11:38 PM - Post Spybot June 1
RP625: 6/2/2010 12:12:07 PM - Avg Update

==== Installed Programs ======================

32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.1 Decoder (remove only)
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AIO_Scan
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite
Browser Defender 2.0.6.15
BufferChm
C7200
C7200_doccd
c7200_Help
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 8
Conexant HDA D110 MDC V.92 Modem
Copy
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.11
CustomerResearchQFolder
Dell Resource CD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Fax
Fences
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing 4.60
HP Solution Center 9.0
HP Update
HP_Network_UserGuide
HPProductAssistant
HPSSupply
Intel(R) PROSet/Wireless Software
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MarketResearch
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Mozilla Firefox (3.6)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
mWlsSafe
mWMI
mXML
mZConfig
NetDeviceManager
Netflix Movie Viewer
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
OZ776 SCR CardBus Windows Driver
Pandora's Jar (standalone) 8.1.1
PanoStandAlone
PowerDVD 5.7
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
Remote Control USB Driver
Rhapsody
Rhapsody Player Engine
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Skype™ 3.6
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Spyware Doctor 7.0
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WDCSAM Driver
WebFldrs XP
WebReg
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm Security Suite

==== Event Viewer Messages From Past Week ========

6/2/2010 4:04:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
6/2/2010 4:03:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgMfx86
6/2/2010 2:58:36 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ThreatFire service.
6/1/2010 3:05:19 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
6/1/2010 12:58:31 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
5/31/2010 9:51:34 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
5/31/2010 9:49:56 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Cryptographic Services service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:56 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 9:49:40 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/31/2010 9:49:40 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/31/2010 6:07:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HID Input Service service to connect.
5/31/2010 6:07:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
5/31/2010 6:07:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
5/31/2010 6:07:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ Event System service to connect.
5/31/2010 6:07:03 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 6:07:03 PM, error: Service Control Manager [7000] - The HID Input Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 6:07:03 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 6:07:03 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2010 3:29:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
5/31/2010 2:29:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
5/31/2010 2:29:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
5/31/2010 12:29:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
5/31/2010 12:29:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
5/31/2010 1:29:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
5/31/2010 1:29:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
5/30/2010 11:29:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
5/29/2010 9:29:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
5/29/2010 8:29:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
5/29/2010 7:29:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
5/29/2010 10:29:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
5/29/2010 10:14:08 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D27BEF65. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/28/2010 11:29:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
5/28/2010 10:32:23 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D27BEF65. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2010 6:29:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
5/27/2010 5:29:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
5/27/2010 4:29:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
5/27/2010 3:29:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
5/26/2010 12:53:20 AM, error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


Thanks a million,

John

Recommended Answers

All 12 Replies

Hello, John.
The Malwarebytes run.... you must do it this way [atm no deletion/removal of threats has occurred, at least as far as the information in your post tells me...]:
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].


File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification. To deal with this navigate to system32\drivers, find atapi.sys and rename to atapi.sys.bak. Lclick anther folder in system32, and then after 10secs or so go back into \drivers. Check that another atapi.sys has been copied there. Yes? Good, delete atapi.sys.bak. NO? Then Immediately RENAME atapi.sys.bak to atapi.sys, and tell me.

Delete these two files [check they stay deleted]:
c:\windows\system32\drivers\bzmfeolo.sys
c:\docume~1\alluse~1\applic~1\T0IPiByb0.dat

From http://free.antivirus.com/hijackthis/ dl Hijackthis v2.04 [the executable]. Copy to its own folder and dclick to run. Close all other applications, and press Scan. Save and post the log.

I hope that you are running only the Firewall component of the ZA Security Suite? You do not want conflicts with AVG9.
Adaware. My opinion is that in the past it has not been a great performer. It may have improved....
Spyware doctor. Tou have Spybot installed, so you could remove the former. Too much is too much.
That pale green taskbar colour is one of 3 standard windows skins.... Anyway, tell if internet now works.

gerbil,

Many thanks for your reponse. I understand that one of the color options for the task bar, but it changes color and font size by its own accord and that is also when internet disconnected, so I think they are related somehow.

The log from malwarebytes is below.

The removal of atapi.sys worked with the renaming and creation of another atapi.sys file.

I deleted the bzmfeolo.sys file and it remains deleted. I could not find the reference .dat file through several searches using windows explorer.

Hijackthis will only allow saving to a local hard drive, as the computer we are discussing can't access the internet, I cannot download Hijackthis.

I rebooted my computer after the above. Task bar remains the green color and internet access remains unavailable.

Thanks again for your help.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4164

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2010 3:04:44 PM
mbam-log-2010-06-13 (15-04-44).txt

Scan type: Quick scan
Objects scanned: 128533
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gerbil,

Subsequent to the above post I found the c:\docume~1\alluse~1\applic~1\T0IPiByb0.dat file and deleted it.

After reboot, there is no change to the taskbar or internet access.

Thanks again.

John, just in case.... open a cmd window, and enter..
ipconfig /renew
Close the window.

If you go to that link I gave above you can dl the EXECUTABLE to any drive. You can copy it [or even dl directly] to a floppy or flashdrive, even run it from that medium... it does not have to be on any hdd to run successfully. Scan, then Save the log file and a notepad of it will pop. Post that.

gerbil,

You are correct. There is the Hijackthis log.

Thanks again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:28 PM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\LaunchU3.exe
F:\HijackThis(3).exe
C:\Documents and Settings\John\Application Data\U3\35505211D95390A3\Intro\U3Introduction.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206658226343
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10127 bytes

Nothing there... although you should use Hijackthis to fix this entry:
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
It is most likely an uninstalled remnant from AVG8...?
Repeat the Scan, check the above entry and press Fix Checked button.
I have to ask.... your ZA firewall is not set to turn off all net access [for temporary total protection]? There is a setting, prob on the taskbar rclick popup....
If you enter your router/modem setup GUI page and check its statistics, does it show as connected to your ISP?
If the problem persists we can take the next step.

Ran Hijackthis again and delected the file you indicated. I turned Zone Alarm off completely, to the best of my knowledge it was only running the firewall.

My wireless router is AT&T supplied, I don't know how to look at that information you suggest.

Note that the computer I am corresponding to you with and my daughter's computer are both connect wirelessly to the system we are trying to connect to.

Ah, noted.... so the router is fine. No chance that the failing sys has lost the router configuration data for a wireless connection? ie the router's SSID and encryption key for that computer's Network no.?

The router IP address would likely be something like 192.168.0.1
To find it exactly, open a cmd window, enter..
ipconfig
The router address will be shown at Default Gateway. Type it into a browser address line on the failing computer. Ensure that the router is set to allow Active Scanning [unhide its Access Point].

gerbil,

I did as you suggested.

On the computer that doesn't connect the response is:

Ethernet adapter Local Area Connection 3:

Media State................Media disconnected

Ethernet adapter Wireless Network Connection:

Media State................Media disconnected

On the computer that works that command yields the following:

Ethernet adapter Local Area Connection 2:

Media State...............Media disconnected
Connection-specific DNS Suffix.:

Wireless LAN adapter Wireless Network Connection:

Under this heading it has the information for the following:

Connection-specific DNS Suffix
Link-local IPv6 Address
Subnet Mask
Default Gateway

Tunnel adapter Local Area Connection* 6:

Under this heading is the following information.

Connection-specific DNS Suffix.: This is blank
IPv6 Address..: It has this information
Link-local IPv6 Address..: It has this information
Default Gateway..: This is blank

Tunnel adapter Local Area Connection* 11:

Media State.: Media disconnected
Connection-specific DNS Suffix': It has this information

Tunnel adapter Local Area Connection* 12

Media State.: Media disconnected
Connection-specific DNS Suffix.: This is blank

I hope this helps.

Nice threads going on ... Keep it up guys. I have found similar discussion in ForexTradingEVO .com

Your discussion is really knowledgeable for me and i solve my problem through your discussion.

Thank You

For a start, Media Disconnected stops most things. On the failing sys neither LAN not Wireless are connected. It could be hardware, or... rclick your connection icon in the task bar on the failing sys, and uninstall it. Or do it via Network Connections in CP. Then either restart the sys and let Windows detect and auto-install the drivers or go to Add New Hardware in CP.
Good. Now this time, enter...
ipconfig /all
Do you now have a Def Gateway address? If not, try connecting to your router with a LAN cable, run ipconfig /all again.
-to save you typing what is in the cmd window, rclick in the top border, go Edit, Select all. Rclick again in border, go Edit, Copy. And paste here.
You should not consider the info as sensitive. It makes thing difficult for me if you don't show it, and your router firewall will prevent hacking.
I cannot see how you do not have a Default Gateway IP for even the working computer.!!??

Who set in the IPV6 addressing protocol? And why the Tunnel Adapter connections? Just wondering.

I know this discussion has been dead for a long time, but I've been having a similar problem for at least two years without any idea as to cause. Perhaps someone will see this are have an idea.

On what seems like random occassions, perhaps once or twice per month, the color of my task bar changes from its normal color to a light grey. After that happens, I can no longer access the shared directories of other computers on my network. Likewise, the other computers on the network cannot access files on my computer. The computers are linked through hardwired connections to Link DI-524 router. All machines still have acces to the Internet.

The problem can be completely cured by rebooting my computer. Hence more of annoyance than work stopper. Computer is WinXP pro w/ SR3 and all updates. Norton Internet Security, Firefox browser, Thunderbird mail. Hardware 3.0 GHZ Intel dual processor + 3 GB RAM.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.