Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple problems - unknown cause


  • This topic is locked This topic is locked
11 replies to this topic

#1 dommi

dommi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 21 April 2010 - 09:13 PM

The problems are as follows:

1) If I have a screen saver on (I use the blank screen saver) and I move the mouse or click keyboard key to get it out of screensaver mode, I see a flash of the screen, then the screen goes black again. Nothing gets the screen back to normal. I have tried clicking, moving the mouse, clicking keys, even the keyboard short cut to switch users doesn't work. It is just a blank screen. I have to restart the computer to get anything working.

2) Recently I went into msconfig to take out some unneeded start up files, so that my computer isn't so bogged down. Though today I looked at it and found that it only shows checked items. There are no unchecked items showing at all. Meaning, if say I had unchecked yahoo messanger startup, it isn't even showing up as an item to be checked or unchecked. I have no clue why.

3) I tried running gmer.exe and afer a while it just bogs down my processing so much that very little can be done. I eventually got the blue screen of death. But I don't have the setting that keeps the screen up so that I can write everything down. I had it before, but I recently reinstalled windows on my "D" drive, my system drive. (I have partitioned my system on my "D" drive and everything else is on the "E" drive.) So I need to fix that some how I am sure.

4) This may have started when my mother was using the computer three weeks ago and was searching google and got one of those fake anti-virus things came up. it was "Click to Find and Fix Errors.lnk". But malwarebytes, quarinteened it and removed it. However, I was paranoid that I might have gotten that malware bug whose only cure is reformat windows. So I went to another forum (I can't rememer which one, but i know now that I should have come here) and saw someone that had the same problem. I have the instructions that I used that was on the forum. I will attach it as instructions.txt. I downloaded and ran everything and got everything and even a log of everything except for the drweb-cureit.exe didn't run correctly.

I have coppied the DDS.txt in the post after this message, and the attachments "attach.txt" and "instructions.txt" (which includes the instructions I copied from the other forum and to which I followed). Also remember that I don't have the txt file from gmer.exe because I got BSOD.

--------------------------------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by David at 17:27:00.09 on Wed 04/21/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2826 [GMT -4:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Analog Devices\SoundMAX\smax4.exe
D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
D:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Logitech\ImageStudio\LowLight.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Trillian\trillian.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
E:\Program Files\Winamp\winamp.exe
D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
D:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.neopets.com/portal
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] e:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [SoundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe
mRun: [JMB36X IDE Setup] d:\windows\jm\JMInsIDE.exe
mRun: [36X Raid Configurer] d:\windows\system32\JMRaidSetup.exe boot
mRun: [AsusStartupHelp] d:\program files\asus\aasp\1.00.15\AsRunHelp.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avp] "d:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "e:\program files\winamp\winampa.exe"
mRun: [SoundMAX] "d:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [LVCOMS] d:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechImageStudioTray] d:\program files\logitech\imagestudio\LogiTray.exe
mRun: [LogitechGalleryRepair] d:\program files\logitech\imagestudio\ISStart.exe
mRun: [HPDJ Taskbar Utility] d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "d:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "d:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] d:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: d:\docume~1\david\startm~1\programs\startup\trillian.lnk - e:\program files\trillian\trillian.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - e:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - e:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoTrayItemsDisplay = 00000000
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - d:\program files\java\jre6\bin\jp2iexp.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - e:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - d:\windows\system32\klogon.dll
AppInit_DLLs: d:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\david\applic~1\mozilla\firefox\profiles\zmummq91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: e:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: d:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\divx\divx web player\npdivx32.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-1-29 36880]
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2010-2-20 64288]
R1 kl1;Kl1;d:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2009-2-22 315408]
R2 AVP;Kaspersky Anti-Virus;d:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2008-4-30 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\gamemon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 rak;rak;d:\windows\system32\rakion.sys [2010-1-28 60928]

=============== Created Last 30 ================

2010-04-17 22:15:15 2463976 ----a-w- d:\windows\system32\NPSWF32.dll
2010-04-17 22:15:15 190696 ----a-w- d:\windows\system32\NPSWF32_FlashUtil.exe
2010-04-17 22:14:23 0 d-----w- d:\program files\Bonjour
2010-04-17 22:07:05 0 d-----w- d:\program files\common files\Macrovision Shared
2010-04-17 00:38:26 0 d-----w- d:\docume~1\david\applic~1\SUPERAntiSpyware.com
2010-04-16 22:23:37 0 d-----w- d:\windows\SxsCaPendDel
2010-04-15 22:17:50 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-04-05 02:24:09 0 d-----w- d:\program files\GRETECH
2010-04-03 18:41:33 0 d-----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-03 18:41:20 0 d-----w- d:\program files\SUPERAntiSpyware
2010-04-03 18:09:16 0 d-----w- D:\lspfix
2010-04-03 03:41:26 0 d-----w- d:\program files\ffdshow
2010-04-03 03:33:01 50688 ----a-w- d:\windows\system32\ff_acm.acm
2010-04-03 03:22:36 0 d-----w- d:\program files\Free Offers from Freeze.com

==================== Find3M ====================

2010-03-30 04:46:30 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-02-26 06:12:23 662016 ----a-w- d:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- d:\windows\system32\ieencode.dll
2010-02-21 00:33:51 95024 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-02-21 00:33:50 15880 ----a-w- d:\windows\system32\lsdelete.exe
2010-02-07 17:13:50 86016 ----a-w- d:\windows\system32\frapsvid.dll
2010-01-29 03:40:06 60928 ----a-w- d:\windows\system32\rakion.sys
2009-12-12 02:48:41 28589600 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-12-12 02:48:41 1597472 --sha-w- d:\windows\system32\drivers\fidbox2.dat

============= FINISH: 17:27:27.98 ===============

DDS (Ver_10-03-17.01) - NTFSx86
Run by David at 17:27:00.09 on Wed 04/21/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2826 [GMT -4:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Analog Devices\SoundMAX\smax4.exe
D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
D:\Program Files\Logitech\ImageStudio\LogiTray.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Logitech\ImageStudio\LowLight.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Trillian\trillian.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
E:\Program Files\Winamp\winamp.exe
D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
D:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.neopets.com/portal
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] e:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [SoundMAXPnP] d:\program files\analog devices\core\smax4pnp.exe
mRun: [JMB36X IDE Setup] d:\windows\jm\JMInsIDE.exe
mRun: [36X Raid Configurer] d:\windows\system32\JMRaidSetup.exe boot
mRun: [AsusStartupHelp] d:\program files\asus\aasp\1.00.15\AsRunHelp.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avp] "d:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "e:\program files\winamp\winampa.exe"
mRun: [SoundMAX] "d:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [LVCOMS] d:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechImageStudioTray] d:\program files\logitech\imagestudio\LogiTray.exe
mRun: [LogitechGalleryRepair] d:\program files\logitech\imagestudio\ISStart.exe
mRun: [HPDJ Taskbar Utility] d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] "d:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "d:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] d:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: d:\docume~1\david\startm~1\programs\startup\trillian.lnk - e:\program files\trillian\trillian.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - e:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - e:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoTrayItemsDisplay = 00000000
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - d:\program files\java\jre6\bin\jp2iexp.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - e:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - d:\windows\system32\klogon.dll
AppInit_DLLs: d:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\david\applic~1\mozilla\firefox\profiles\zmummq91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: d:\documents and settings\david\application data\mozilla\firefox\profiles\zmummq91.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: e:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: d:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\divx\divx web player\npdivx32.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-1-29 36880]
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2010-2-20 64288]
R1 kl1;Kl1;d:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2009-2-22 315408]
R2 AVP;Kaspersky Anti-Virus;d:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2008-4-30 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\gamemon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 rak;rak;d:\windows\system32\rakion.sys [2010-1-28 60928]

=============== Created Last 30 ================

2010-04-17 22:15:15 2463976 ----a-w- d:\windows\system32\NPSWF32.dll
2010-04-17 22:15:15 190696 ----a-w- d:\windows\system32\NPSWF32_FlashUtil.exe
2010-04-17 22:14:23 0 d-----w- d:\program files\Bonjour
2010-04-17 22:07:05 0 d-----w- d:\program files\common files\Macrovision Shared
2010-04-17 00:38:26 0 d-----w- d:\docume~1\david\applic~1\SUPERAntiSpyware.com
2010-04-16 22:23:37 0 d-----w- d:\windows\SxsCaPendDel
2010-04-15 22:17:50 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-04-05 02:24:09 0 d-----w- d:\program files\GRETECH
2010-04-03 18:41:33 0 d-----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-03 18:41:20 0 d-----w- d:\program files\SUPERAntiSpyware
2010-04-03 18:09:16 0 d-----w- D:\lspfix
2010-04-03 03:41:26 0 d-----w- d:\program files\ffdshow
2010-04-03 03:33:01 50688 ----a-w- d:\windows\system32\ff_acm.acm
2010-04-03 03:22:36 0 d-----w- d:\program files\Free Offers from Freeze.com

==================== Find3M ====================

2010-03-30 04:46:30 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-02-26 06:12:23 662016 ----a-w- d:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- d:\windows\system32\ieencode.dll
2010-02-21 00:33:51 95024 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-02-21 00:33:50 15880 ----a-w- d:\windows\system32\lsdelete.exe
2010-02-07 17:13:50 86016 ----a-w- d:\windows\system32\frapsvid.dll
2010-01-29 03:40:06 60928 ----a-w- d:\windows\system32\rakion.sys
2009-12-12 02:48:41 28589600 --sha-w- d:\windows\system32\drivers\fidbox.dat
2009-12-12 02:48:41 1597472 --sha-w- d:\windows\system32\drivers\fidbox2.dat

============= FINISH: 17:27:27.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 dommi

dommi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 22 April 2010 - 11:23 AM

If anyone can help, it would be greatly appreciated.

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 22 April 2010 - 06:03 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 AM

Posted 27 April 2010 - 08:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 dommi

dommi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 27 April 2010 - 11:36 AM

Thank you for responding.

Before I post the requested TXT files, I have an update: I have found that the problem indicated in #1 of my first post with the screen saver has its roots in the monitor power. In the screen saver properties I had the power settings to turn off the monitor after 20 min. The black out problem happened when I manually turned off the monitor and tried turning it back on. So, for right now, I have the power settings on the screen saver set to not turn off the monitor until the problem is solved.

Other wise, I have not done any updates to my computer except for the ones requested by Firefox and maybe java or adobe if it was requested (though, I don't think so). Also, I haven't ran any tools other than the OTL that you have requested.

I also want to note that my knowledge of computers is high.

---------------

OTL logfile created on: 4/27/2010 12:11:15 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = E:\downloads\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 465.75 Gb Total Space | 43.69 Gb Free Space | 9.38% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 6.44 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive E: | 278.08 Gb Total Space | 27.46 Gb Free Space | 9.88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID-1A806DD3A
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 12:10:05 | 000,563,712 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL\OTL.exe
PRC - [2010/04/25 01:20:40 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/06 19:33:28 | 001,265,264 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 22:33:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 19:33:44 | 000,885,736 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\threatwork.exe
PRC - [2010/02/20 19:28:36 | 001,217,872 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe
PRC - [2010/02/10 01:00:00 | 001,930,592 | ---- | M] (Cerulean Studios) -- E:\Program Files\Trillian\trillian.exe
PRC - [2010/01/13 18:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) -- e:\Program Files\Winamp\winamp.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/01/09 21:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- E:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 20:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- E:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2006/12/18 09:34:36 | 000,868,352 | R--- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 08:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2005/08/04 03:42:00 | 000,528,384 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/08/04 03:42:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2003/09/01 08:42:50 | 000,176,128 | ---- | M] (HP) -- D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- D:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2003/05/21 18:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/11 15:25:50 | 000,126,976 | ---- | M] (Hewlett-Packard Company) -- D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2002/12/10 18:33:42 | 000,053,248 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\ImageStudio\LowLight.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 12:10:05 | 000,563,712 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/08/04 03:42:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcp71.dll
MOD - [2005/08/04 03:42:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll
MOD - [2005/08/04 03:42:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2005/08/04 03:42:00 | 000,036,352 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint\gamehook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (hpdj)
SRV - [2010/04/17 18:07:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/06 19:33:28 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Running] -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/02 17:51:00 | 003,341,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/28 23:40:06 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\rakion.sys -- (rak)
DRV - [2009/11/11 17:35:34 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/04/30 22:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/01/15 21:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/12/06 07:41:16 | 000,044,416 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/09/11 07:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 07:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 06:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 07:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/07/23 00:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/23 00:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/27 16:21:36 | 000,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/06/10 14:20:50 | 000,039,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57989841-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/portal
IE - HKU\S-1-5-21-57989841-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-57989841-1677128483-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-57989841-1677128483-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.69
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: savefileto@mozdev.org:2.0.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: snaplinks@snaplinks.mozdev.org:1.0.8
FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.5.14
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: tinyurl.addon@fast-chat.co.uk:2.0.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/04/17 20:16:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/04/18 12:45:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: e:\Program Files\Mozilla Sunbird\components [2009/05/17 17:55:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: e:\Program Files\Mozilla Sunbird\plugins

[2009/02/23 18:34:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2010/04/27 12:06:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions
[2010/03/27 20:53:30 | 000,000,000 | ---D | M] (Screengrab) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/10 00:39:19 | 000,000,000 | ---D | M] (Forecastfox) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/24 17:31:34 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/02/13 06:07:26 | 000,000,000 | ---D | M] (Image Zoom) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/02/24 02:23:32 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{2c5693fc-cbf5-4310-8c58-fa879d4cc644}
[2010/04/16 18:28:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/16 02:11:39 | 000,000,000 | ---D | M] (PDF Download) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/24 17:31:40 | 000,000,000 | ---D | M] (FoxyTunes) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/04/21 21:15:07 | 000,000,000 | ---D | M] (NoScript) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/05 23:41:33 | 000,000,000 | ---D | M] (IE Tab) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/02/08 17:07:00 | 000,000,000 | ---D | M] (Zynga Toolbar) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/01/07 21:44:33 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/16 18:28:15 | 000,000,000 | ---D | M] (Download Statusbar) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/10/15 22:21:43 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/08/10 18:49:54 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{e682a138-7f80-4cb2-94fa-731efe0823c3}
[2010/01/07 21:44:33 | 000,000,000 | ---D | M] (QuickRestart) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2009/02/23 20:15:04 | 000,000,000 | ---D | M] (CustomizeGoogle) -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/08/10 18:49:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\MetatronPlus@thedragonportal.net
[2009/02/23 20:15:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\ntaddon@swordfire.net
[2010/03/27 20:53:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\savefileto@mozdev.org
[2010/01/26 21:37:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\snaplinks@snaplinks.mozdev.org
[2010/04/27 12:06:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\SQLiteManager@mrinalkant.blogspot.com
[2010/03/17 01:31:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\zmummq91.default\extensions\tinyurl.addon@fast-chat.co.uk
[2009/11/12 20:04:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\David\Application Data\Mozilla\Sunbird\Profiles\na01fq86.default\extensions
[2009/06/02 13:09:37 | 000,000,000 | ---D | M] (MinimizeToTray) -- D:\Documents and Settings\David\Application Data\Mozilla\Sunbird\Profiles\na01fq86.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [36X Raid Configurer] D:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AsusStartupHelp] D:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe ()
O4 - HKLM..\Run: [avp] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechGalleryRepair] D:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAX] D:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] e:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1003..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1004..\Run: [Aim6] D:\Program Files\AIM6\aim6.exe File not found
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1004..\Run: [igndlm.exe] e:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1004..\Run: [LDM] e:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1004..\Run: [Messenger (Yahoo!)] E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1004..\Run: [MsnMsgr] D:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1004..\Run: [Steam] E:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-57989841-1677128483-839522115-1004..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: D:\Documents and Settings\David\Start Menu\Programs\Startup\Trillian.lnk = E:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: D:\Documents and Settings\Kathy\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data]
O7 - HKU\S-1-5-21-57989841-1677128483-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - D:\WINDOWS\system32\klogon.dll - D:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: D:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/04 12:45:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/18 20:50:30 | 000,000,041 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{665dbcbb-00e4-11de-895f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{665dbcbb-00e4-11de-895f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{665dbcbb-00e4-11de-895f-806d6172696f}\Shell\AutoRun\command - "" = G:\start.exe -- [2007/01/31 22:48:00 | 027,417,279 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.avis - D:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - D:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - D:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - D:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - D:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - D:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - D:\WINDOWS\system32\ias [2009/02/22 09:38:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/19 17:57:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\David\My Documents\My resumes
[2010/04/17 20:16:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/17 19:10:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/04/17 18:15:35 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2010/04/17 18:15:15 | 000,190,696 | ---- | C] (Adobe Systems, Inc.) -- D:\WINDOWS\System32\NPSWF32_FlashUtil.exe
[2010/04/17 18:14:23 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2010/04/17 18:07:05 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Macrovision Shared
[2010/04/16 20:38:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
[2010/04/16 20:38:25 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2010/04/16 18:23:37 | 000,000,000 | ---D | C] -- D:\WINDOWS\SxsCaPendDel
[2010/04/15 18:18:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/04/15 18:17:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010/04/15 18:17:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2010/04/15 18:17:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2010/04/15 18:17:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2010/04/05 00:37:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\David\Application Data\GRETECH
[2010/04/04 22:24:09 | 000,000,000 | ---D | C] -- D:\Program Files\GRETECH
[2010/04/03 14:41:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/03 14:41:20 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware
[2010/04/03 14:09:16 | 000,000,000 | ---D | C] -- D:\lspfix
[2010/04/02 23:41:26 | 000,000,000 | ---D | C] -- D:\Program Files\ffdshow
[2010/04/02 23:22:36 | 000,000,000 | ---D | C] -- D:\Program Files\Free Offers from Freeze.com
[2010/03/30 22:25:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\David\My Documents\Downloads
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\Documents and Settings\David\My Documents\*.tmp files -> D:\Documents and Settings\David\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/25 14:59:10 | 000,178,305 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2010/04/25 14:59:06 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/04/25 01:47:38 | 000,051,712 | ---- | M] () -- D:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 01:47:38 | 000,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010/04/25 01:47:33 | 005,767,168 | -H-- | M] () -- D:\Documents and Settings\David\NTUSER.DAT
[2010/04/24 19:35:13 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/24 14:15:44 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/04/24 14:15:43 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/04/22 18:39:00 | 000,049,152 | ---- | M] () -- D:\Documents and Settings\David\My Documents\Thrower.fla
[2010/04/22 03:36:45 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/04/21 17:33:09 | 000,284,915 | ---- | M] () -- D:\Documents and Settings\David\Desktop\gmer.zip
[2010/04/20 15:15:50 | 000,000,640 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/04/20 15:15:50 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/04/20 00:51:51 | 000,130,048 | ---- | M] () -- D:\Documents and Settings\David\My Documents\Untitled-1.fla
[2010/04/20 00:26:41 | 000,062,976 | ---- | M] () -- D:\Documents and Settings\David\My Documents\Untitled-4.fla
[2010/04/20 00:26:38 | 000,041,984 | ---- | M] () -- D:\Documents and Settings\David\My Documents\Untitled-3.fla
[2010/04/19 17:59:49 | 000,000,162 | -H-- | M] () -- D:\Documents and Settings\David\My Documents\~$sume7d.doc
[2010/04/17 19:58:19 | 000,048,128 | ---- | M] () -- D:\Documents and Settings\David\My Documents\ball move2.fla
[2010/04/17 19:32:53 | 000,025,088 | ---- | M] () -- D:\Documents and Settings\David\My Documents\ball move.swf
[2010/04/17 18:24:49 | 000,000,278 | -HS- | M] () -- D:\Documents and Settings\David\ntuser.ini
[2010/04/16 19:29:44 | 000,001,729 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javacpl.cpl
[2010/04/09 16:06:34 | 000,025,088 | ---- | M] () -- D:\Documents and Settings\David\My Documents\Residence Inn cover letter.doc
[2010/04/08 19:55:44 | 000,049,664 | ---- | M] () -- D:\Documents and Settings\David\My Documents\resume7d.doc
[2010/04/08 15:43:01 | 000,048,640 | ---- | M] () -- D:\Documents and Settings\David\My Documents\resume7c.doc
[2010/04/08 15:42:28 | 000,047,104 | ---- | M] () -- D:\Documents and Settings\David\My Documents\resume7b.doc
[2010/04/08 15:38:50 | 000,038,400 | ---- | M] () -- D:\Documents and Settings\David\My Documents\Places of work addresses and other info.doc
[2010/04/04 23:23:40 | 000,014,505 | ---- | M] () -- D:\Documents and Settings\David\Desktop\gas_mask-1.jpg
[2010/04/03 14:28:25 | 000,001,355 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/04/02 23:22:36 | 000,001,621 | ---- | M] () -- D:\Documents and Settings\David\Desktop\1000 Free Songs!.lnk
[2010/04/02 23:22:36 | 000,001,603 | ---- | M] () -- D:\Documents and Settings\David\Desktop\Free Games!!.lnk
[2010/04/01 15:13:06 | 000,000,328 | ---- | M] () -- D:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet3600#LPDT L7.job
[2010/03/30 22:44:24 | 000,196,697 | ---- | M] () -- D:\Documents and Settings\David\Desktop\mwahh2.gif
[2010/03/30 22:43:41 | 000,289,097 | ---- | M] () -- D:\Documents and Settings\David\Desktop\Mwahh1.gif
[2010/03/30 22:25:42 | 000,024,195 | ---- | M] () -- D:\Documents and Settings\David\Desktop\yr001.jpg
[2010/03/30 22:09:22 | 000,360,124 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 22:09:22 | 000,314,508 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/03/30 22:09:22 | 000,040,836 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\Documents and Settings\David\My Documents\*.tmp files -> D:\Documents and Settings\David\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/22 18:39:00 | 000,049,152 | ---- | C] () -- D:\Documents and Settings\David\My Documents\Thrower.fla
[2010/04/21 17:34:00 | 000,293,376 | ---- | C] () -- D:\Documents and Settings\David\Desktop\gmer.exe
[2010/04/21 17:32:42 | 000,284,915 | ---- | C] () -- D:\Documents and Settings\David\Desktop\gmer.zip
[2010/04/20 15:15:47 | 000,000,913 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk
[2010/04/20 15:15:47 | 000,000,578 | ---- | C] () -- D:\Documents and Settings\David\Start Menu\Programs\Startup\Trillian.lnk
[2010/04/20 00:51:51 | 000,130,048 | ---- | C] () -- D:\Documents and Settings\David\My Documents\Untitled-1.fla
[2010/04/20 00:26:38 | 000,041,984 | ---- | C] () -- D:\Documents and Settings\David\My Documents\Untitled-3.fla
[2010/04/19 17:59:49 | 000,000,162 | -H-- | C] () -- D:\Documents and Settings\David\My Documents\~$sume7d.doc
[2010/04/18 22:22:09 | 000,062,976 | ---- | C] () -- D:\Documents and Settings\David\My Documents\Untitled-4.fla
[2010/04/17 19:39:33 | 000,048,128 | ---- | C] () -- D:\Documents and Settings\David\My Documents\ball move2.fla
[2010/04/17 19:27:17 | 000,025,088 | ---- | C] () -- D:\Documents and Settings\David\My Documents\ball move.swf
[2010/04/17 18:15:15 | 002,463,976 | ---- | C] () -- D:\WINDOWS\System32\NPSWF32.dll
[2010/04/08 20:43:34 | 000,025,088 | ---- | C] () -- D:\Documents and Settings\David\My Documents\Residence Inn cover letter.doc
[2010/04/08 15:43:21 | 000,049,664 | ---- | C] () -- D:\Documents and Settings\David\My Documents\resume7d.doc
[2010/04/08 15:39:53 | 000,047,104 | ---- | C] () -- D:\Documents and Settings\David\My Documents\resume7b.doc
[2010/04/08 15:39:37 | 000,048,640 | ---- | C] () -- D:\Documents and Settings\David\My Documents\resume7c.doc
[2010/04/04 23:23:40 | 000,014,505 | ---- | C] () -- D:\Documents and Settings\David\Desktop\gas_mask-1.jpg
[2010/04/02 23:33:01 | 000,050,688 | ---- | C] () -- D:\WINDOWS\System32\ff_acm.acm
[2010/04/02 23:22:36 | 000,001,621 | ---- | C] () -- D:\Documents and Settings\David\Desktop\1000 Free Songs!.lnk
[2010/04/02 23:22:36 | 000,001,603 | ---- | C] () -- D:\Documents and Settings\David\Desktop\Free Games!!.lnk
[2010/03/30 22:44:24 | 000,196,697 | ---- | C] () -- D:\Documents and Settings\David\Desktop\mwahh2.gif
[2010/03/30 22:43:41 | 000,289,097 | ---- | C] () -- D:\Documents and Settings\David\Desktop\Mwahh1.gif
[2010/03/30 22:25:42 | 000,024,195 | ---- | C] () -- D:\Documents and Settings\David\Desktop\yr001.jpg
[2010/01/28 23:40:06 | 000,060,928 | ---- | C] () -- D:\WINDOWS\System32\rakion.sys
[2009/06/15 16:28:32 | 000,000,241 | ---- | C] () -- D:\WINDOWS\QSync.INI
[2009/06/15 16:27:38 | 000,005,187 | ---- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2009/06/15 16:27:36 | 000,000,780 | ---- | C] () -- D:\WINDOWS\_delis32.ini
[2009/06/15 16:25:16 | 000,000,031 | ---- | C] () -- D:\WINDOWS\warhead.ini
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2009/04/29 17:19:22 | 000,041,808 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2009/03/31 14:44:47 | 000,010,456 | ---- | C] () -- D:\WINDOWS\hpdj3600.ini
[2009/03/13 20:16:31 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009/03/11 11:50:10 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009/02/25 20:39:37 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/02/25 20:39:36 | 000,085,504 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2009/02/22 18:10:51 | 000,024,576 | R--- | C] () -- D:\WINDOWS\System32\AsIO.dll
[2009/02/22 18:10:51 | 000,012,664 | R--- | C] () -- D:\WINDOWS\System32\drivers\AsIO.sys
[2009/02/22 18:10:49 | 000,012,096 | ---- | C] () -- D:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/02/22 18:10:49 | 000,010,304 | ---- | C] () -- D:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/02/22 17:58:59 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2009/02/22 17:23:01 | 000,000,804 | R--- | C] () -- D:\WINDOWS\System32\AsusSetup.ini
[2009/02/22 17:23:01 | 000,000,396 | R--- | C] () -- D:\WINDOWS\System32\raidmgmt.ini
[2009/02/22 17:20:37 | 000,033,860 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2009/02/22 17:20:37 | 000,005,810 | R--- | C] () -- D:\WINDOWS\System32\drivers\ASACPI.sys
[2009/02/22 17:20:25 | 000,010,288 | ---- | C] () -- D:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- D:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 000,000,416 | ---- | C] () -- D:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- D:\WINDOWS\System32\DivXWMPExtType.dll
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- D:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- D:\WINDOWS\System32\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- D:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\OggDS.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\system32\dllcache\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- D:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- D:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/08/21 06:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- D:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\WINDOWS\system32\dllcache\scecli.dll
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/26 02:12:16 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2010/02/26 02:12:17 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[2010/02/26 02:12:17 | 000,251,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\iepeers.dll
[2004/02/24 00:42:40 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\msvbvm60.dll
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/22 09:41:58 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009/02/22 09:41:58 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009/02/22 09:41:58 | 000,921,600 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- D:\WINDOWS\system32\drivers\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/20 20:33:51 | 000,095,024 | ---- | M] (Sunbelt Software) -- D:\WINDOWS\system32\drivers\SBREDrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 110 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:270A3983
@Alternate Data Stream - 108 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 100 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:260575F1
< End of report >


OTL Extras logfile created on: 4/27/2010 12:11:15 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = E:\downloads\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 465.75 Gb Total Space | 43.69 Gb Free Space | 9.38% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 6.44 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive E: | 278.08 Gb Total Space | 27.46 Gb Free Space | 9.88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID-1A806DD3A
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-57989841-1677128483-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "E:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58276:TCP" = 58276:TCP:*:Enabled:Pando Media Booster
"58276:UDP" = 58276:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\MSN Messenger\msnmsgr.exe" = D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"D:\Program Files\MSN Messenger\livecall.exe" = D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"E:\Program Files\Combat Arms\CombatArms.exe" = E:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"E:\Program Files\Combat Arms\Engine.exe" = E:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Miranda IM\miranda32.exe" = E:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- File not found
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"E:\Program Files\Trillian\trillian.exe" = E:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Valve\Steam\SteamApps\yodaman132\half-life\hl.exe" = E:\Program Files\Valve\Steam\SteamApps\yodaman132\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Program Files\MSN Messenger\msnmsgr.exe" = D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"D:\Program Files\MSN Messenger\livecall.exe" = D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"D:\Program Files\Persona\Persona.exe" = D:\Program Files\Persona\Persona.exe:*:Enabled:Persona -- (CDNetworks Co.,Ltd)
"D:\Program Files\Common Files\AOL\Loader\aolload.exe" = D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"D:\Program Files\AIM6\aim6.exe" = D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"E:\Program Files\Steam\Steam.exe" = E:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Program Files\Pando Networks\Media Booster\PMB.exe" = D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"E:\Program Files\Combat Arms\CombatArms.exe" = E:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"E:\Program Files\Combat Arms\Engine.exe" = E:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic ™
"BFG-Magic Academy" = Magic Academy
"BFG-Murder She Wrote" = Murder, She Wrote
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ™
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"Download Manager" = Download Manager 2.3.10
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Elementals The Magic Key Free Trial_is1" = Elementals The Magic Key Free Trial
"Estate Planning Simplified" = Estate Planning Simplified
"FastStone Image Viewer" = FastStone Image Viewer 3.7
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps
"GOM Player" = GOM Player
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"hp print screen utility" = hp print screen utility
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska" = Matroska (remove only)
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Neopets" = Neopets
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Out Of Order" = Out Of Order
"Persona" = Hybrid Downloader 1,0,2,6
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SystemRequirementsLab" = System Requirements Lab
"The Core Media Player" = The Core Media Player 4.0
"the white chamber: international edition" = the white chamber: international edition 1.3
"Trillian" = Trillian
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"UP286_is1" = Ultimate Paint 2.88 Freeware Edition
"UT2004" = Unreal Tournament 2004
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WolfTeam" = WolfTeam
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2010 9:42:03 PM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application wolfteam.bin, version 1.0.0.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 2/4/2010 4:46:11 PM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application wolfteam.bin, version 1.0.0.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 2/5/2010 10:50:33 PM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application wolfteam.bin, version 1.0.0.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 2/6/2010 3:49:27 AM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application trillian.exe, version 4.1.0.23, faulting module
msvcr90.dll, version 9.0.21022.8, fault address 0x00058c45.

Error - 2/9/2010 12:21:09 AM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application trillian.exe, version 4.1.0.23, faulting module
talk.dll, version 4.1.0.23, fault address 0x00087090.

Error - 2/11/2010 11:22:36 PM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application trillian.exe, version 4.1.0.23, faulting module
msvcr90.dll, version 9.0.21022.8, fault address 0x00058c54.

Error - 2/20/2010 8:33:14 PM | Computer Name = DAVID-1A806DD3A | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/20/2010 8:50:34 PM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.7.2830, faulting module
msvcr90.dll, version 9.0.30729.4148, fault address 0x00059e59.

Error - 3/6/2010 8:33:38 PM | Computer Name = DAVID-1A806DD3A | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/8/2010 2:25:35 AM | Computer Name = DAVID-1A806DD3A | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3685, faulting module
foxytunes.dll, version 0.0.0.0, fault address 0x00031dc6.

[ System Events ]
Error - 8/24/2009 7:50:58 PM | Computer Name = DAVID-1A806DD3A | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 AM

Posted 28 April 2010 - 08:43 AM

Hi,

regardings your problems:

1)This sounds a lot like a software/Hardware issue. I would try reinstalling whatever power management app you may be using.

2)MSConfig automatically reverts changed settings if you do not explicitly say you want to keep them. Can you reproduce the behaviour MSConfig, is this reverted everytime or was it only once?

3) gmer is an awesome program, sadly it does not work on all hardware and blocks on certain software too. Could you please try to uncheck the devices option and try to run another scan.

To disable automatic restart please do the following:
Please disable automatic restart:
  • Right-click My Computer, and then click Properties.
  • Click the Advanced tab.
  • Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
  • Uncheck the Automatically restart check box, and click OK the necessary number of times.
  • Restart your computer for the settings to take effect.

4) Right now most of the problems look more like software than malware issue. Your log is looking clean. Let's see if we can get a gmer log and we'll know more.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 dommi

dommi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 29 April 2010 - 12:37 PM

QUOTE(myrti @ Apr 28 2010, 09:43 AM) View Post
Hi,

regardings your problems:

1)This sounds a lot like a software/Hardware issue. I would try reinstalling whatever power management app you may be using.

2)MSConfig automatically reverts changed settings if you do not explicitly say you want to keep them. Can you reproduce the behaviour MSConfig, is this reverted everytime or was it only once?

3) gmer is an awesome program, sadly it does not work on all hardware and blocks on certain software too. Could you please try to uncheck the devices option and try to run another scan.

To disable automatic restart please do the following:
Please disable automatic restart:
  • Right-click My Computer, and then click Properties.
  • Click the Advanced tab.
  • Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.
  • Uncheck the Automatically restart check box, and click OK the necessary number of times.
  • Restart your computer for the settings to take effect.
4) Right now most of the problems look more like software than malware issue. Your log is looking clean. Let's see if we can get a gmer log and we'll know more.

regards myrti


I was thinking that it would be a software problem, but I wasn't sure. Anything is possible at this point.

1) What I use for power management is right click desktop/properties/screensaver/power settings. The monitor that I have is a Samsung SyncMaster 216BW. I am unsure if there are any additional programs that I have for it, but I can check.

2) The MSconfig problem occurs everytime, the computer is reset or what not. Also what it has done that I haven't mentioned is that, on my mother's side Yahoo messanger starts up where I checked it not to come up on her side, though on my side it correctly doesn't come up, though the unchecked box is not in MSconfig on my side. I believe that she has all the programs listed on her side and they are all checked. This includes the things that I unchecked on her side. I remember checking out the java quick start file and one or two other files right before this happened. I remember unchecking the java quickstart, I don't remember the other files.

3) I will try the gmer thing with devices unchecked. I remember it having the main probem on the FFDshow stuff. Maybe that will work

Also I am going to disable automatic restart as well.

Thanks again.

~dommi

#7 dommi

dommi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 29 April 2010 - 05:21 PM

Here is the thing from GMER. I pushed the copy button when it was done instead of the save button. But I copied and pasted it in notepad. I will rerun it if necessary, if the save button needs to be pressed if that adds more info or whatever.

I found out why there was so much of the processor being taken up. It was because I had Kaspersky running in the background. I unplugged the internet and turned off Kaspersky and everything went fine.

Attached Files

  • Attached File  ark.txt   10.69KB   3 downloads


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 AM

Posted 30 April 2010 - 08:30 AM

Hi,

so everytime you configure something in MSConfig and reboot it is reset. Do you see a message about system modification showing on boot after modifying things with MSConfig?

The gmer log is clean as well. Just to be safe please run a scan with Malwarebytes as well:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 dommi

dommi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 01 May 2010 - 11:45 PM

I just got the time to look at what you just said. It is 12:44am now where I am at, so I will try tommorrow.

#10 dommi

dommi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 02 May 2010 - 10:10 PM

Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4060

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/2/2010 9:50:52 PM
mbam-log-2010-05-02 (21-50-52).txt

Scan type: Quick scan
Objects scanned: 142631
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 AM

Posted 07 May 2010 - 07:29 AM

Hi,

your logs are looking clean. I would suggest that you create a topic in the windows forums in order to trouble shoot your current problems. They don't seem to be related to malware.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 AM

Posted 12 May 2010 - 03:10 PM

Since the issue has been transfered to a different forum, this topic is now closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users