Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Screen going blank - XP SP3


  • This topic is locked This topic is locked

#1
camerica

camerica

    Member

  • Member
  • PipPip
  • 10 posts
I'm trying to help my neighbors with their computer, and I'd appreciate any help you could give me. I don't have as much information about when it happens as I would if it were my computer, but I gathered some information. They're not very technical, so they didn't think about writing down what triggered it, etc.

The computer starts normally, but the screen will go blank at seemingly random times. Apparently it is frequently triggered by one of the kids trying to access his Yahoo mail. Sometimes clicking the mail link, sometimes after mail comes up. I also noticed it when accessing data off of a thumb drive I was using. The screen goes blank with different screen colors. I've seen green, yellow, orange, blue, and black. I'm not sure if it's important but it seems like it's worth mentioning.

I went through the recommended virus/malware removal steps recommended on the site, and the Anti-Malware (MBAM) identified and removed 22 infections. The results of the MBAM, Rootkit Scanner (GMER), and OTL scan follow. I'd appreciate any help you could give me. I've also attached the files in case that's easier.

Thanks!

______________________________________________________________________________________________________________
**MBAM LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4531

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/2/2010 11:13:39 AM
mbam-log-2010-09-02 (11-13-39).txt

Scan type: Quick scan
Objects scanned: 152418
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
___________________________________________________________________________________________________________

**GMER LOG

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-02 14:12:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\VETERAN\LOCALS~1\Temp\pwtdypow.sys


---- System - GMER 1.0.15 ----

SSDT 86F65F30 ZwAllocateVirtualMemory
SSDT 86FE17E8 ZwCreateKey
SSDT 86F7FA08 ZwCreateProcess
SSDT 86F7F990 ZwCreateProcessEx
SSDT 86FD65B0 ZwCreateThread
SSDT 86F91198 ZwDeleteKey
SSDT 86FDC158 ZwDeleteValueKey
SSDT 86F65FA8 ZwQueueApcThread
SSDT 86F65E40 ZwReadVirtualMemory
SSDT 86F2F160 ZwRenameKey
SSDT 86FD6448 ZwSetContextThread
SSDT 86FE05D8 ZwSetInformationKey
SSDT 86FD66A0 ZwSetInformationProcess
SSDT 86FD64C0 ZwSetInformationThread
SSDT 86FDC1D0 ZwSetValueKey
SSDT 86FD6628 ZwSuspendProcess
SSDT 86F65020 ZwSuspendThread
SSDT 86FD6718 ZwTerminateProcess
SSDT 86FD6538 ZwTerminateThread
SSDT 86F65EB8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes CALL 12D74340
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA9E54A00]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[2036] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 869D3448
Device \Driver\Tcpip \Device\Ip 86A1F020
Device \Driver\Tcpip \Device\Tcp 869D3448
Device \Driver\Tcpip \Device\Tcp 86A1F020

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp 869D3448
Device \Driver\Tcpip \Device\Udp 86A1F020
Device \Driver\Tcpip \Device\RawIp 869D3448
Device \Driver\Tcpip \Device\RawIp 86A1F020
Device \Driver\Tcpip \Device\IPMULTICAST 869D3448
Device \Driver\Tcpip \Device\IPMULTICAST 86A1F020

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
_____________________________________________________________________________________________________________________

OTL LOG

OTL logfile created on: 9/2/2010 2:37:39 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\VETERAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.46 Gb Total Space | 52.72 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JGN0ZC1
Current User Name: VETERAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\VETERAN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
PRC - C:\WINDOWS\system32\mrtmngr.exe (Marimba Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\VETERAN\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.)
MOD - C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll (SOS Online Backup)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Ai2sXP) -- C:\WINDOWS\System32\drivers\Ai2sXP.sys (Ai Squared )
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1


[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Extensions
[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions
[2008/12/02 06:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/01/07 13:53:51 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AhIeBho Class) - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\ahoi\ah_ie_bho.dll (Ai Squared )
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdateMgr.exe] C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([profile] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mg4.mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159902408703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159902991781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell - "" = AutoRun
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/02 14:26:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe
[2010/09/02 11:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\Malwarebytes
[2010/09/02 11:06:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/02 11:06:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/02 11:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/02 11:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/02 10:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Desktop\Malware removal
[2010/08/31 13:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/31 12:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\U3
[2010/07/13 16:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Temp
[2010/07/06 22:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/07/04 20:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/04 19:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/03 23:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple
[2010/07/03 23:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/03 23:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/07/03 23:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple Computer
[2010/06/18 22:49:49 | 000,000,000 | ---D | C] -- C:\3f7fbbd9b12a51b4a70acc5371fedbdd
[2010/06/18 21:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/18 20:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/02 14:36:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/02 14:34:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/02 14:34:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/02 14:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/02 11:51:58 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/09/02 11:49:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe
[2010/09/02 11:15:53 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\VETERAN\ntuser.dat
[2010/09/02 11:15:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\VETERAN\ntuser.ini
[2010/09/02 11:15:28 | 006,347,184 | -H-- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\IconCache.db
[2010/09/02 11:06:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 11:04:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/02 11:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/09/02 10:28:55 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover2.doc
[2010/09/02 10:26:41 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_modssup.doc
[2010/08/31 22:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/31 12:10:49 | 000,001,650 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/08/25 12:16:16 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/25 12:02:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/24 13:58:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:57:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:36:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 21:49:01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_mods.doc
[2010/08/23 21:02:31 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 17:34:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/12 03:25:25 | 000,414,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:09:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:07:26 | 000,552,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:07:26 | 000,476,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:07:26 | 000,085,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 10:08:15 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover.doc
[2010/06/30 10:32:35 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:09 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/02 11:06:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 12:16:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/24 13:58:36 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:53:04 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:35:55 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 22:12:10 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/23 17:34:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/22 19:24:57 | 000,001,650 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/07/04 19:59:36 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 19:59:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:20:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/30 10:32:31 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:06 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[2010/06/09 18:04:07 | 005,505,024 | ---- | C] () -- C:\Documents and Settings\VETERAN\ntuser.dat
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 06:36:43 | 000,000,039 | ---- | C] () -- C:\WINDOWS\updatemgr.INI
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/11/22 20:50:01 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\keyfile3.drm
[2008/07/05 08:26:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 12:48:04 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/10/12 02:11:58 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/02 11:12:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Earthlink.INI
[2007/10/02 10:48:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2007/09/28 10:50:30 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/02/09 20:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/25 14:25:07 | 000,000,379 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/01/25 14:25:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2006/12/19 12:26:50 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/18 15:49:21 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/12/18 15:49:18 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2006/12/18 15:49:18 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2006/12/18 15:49:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2006/12/18 15:39:22 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
[2006/11/29 13:16:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/28 09:51:43 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/11/28 09:51:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006/11/28 09:51:30 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/11/28 09:51:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006/11/28 09:51:24 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006/11/28 09:51:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/11/27 12:49:10 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/14 09:15:36 | 000,001,004 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/09/25 22:19:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/25 22:17:24 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/25 21:55:20 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/25 21:55:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/05/31 17:06:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LDWaveIO.dll
[2006/05/31 17:06:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IsatITC.dll
[2006/05/16 02:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/06/21 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/04 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/12/19 12:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/09/13 18:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Ai Squared
[2006/11/27 16:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Canon
[2008/11/29 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/06/21 13:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Leadertech
[2006/11/09 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Nvu
[2007/06/21 14:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\OfficeUpdate12
[2006/12/19 12:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\ScanSoft
[2009/12/21 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\W Photo Studio Viewer
[2010/09/02 11:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/09/02 11:51:58 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/08/31 12:10:49 | 000,001,650 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/05 03:53:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/05/16 20:21:36 | 000,000,206 | ---- | M] () -- C:\CKINFO.TXT
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/09/25 21:56:16 | 000,005,241 | RH-- | M] () -- C:\dell.sdr
[2010/01/05 03:39:26 | 000,001,396 | ---- | M] () -- C:\detestfrag.txt
[2006/10/30 16:20:31 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/27 10:36:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/08/03 21:36:10 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/08/03 21:36:10 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/09/02 14:34:39 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2008/09/12 17:18:55 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/06/03 22:29:06 | 000,076,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/27 10:44:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/06/21 13:33:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\VETERAN\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 18:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\VETERAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/02 11:49:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/07/05 16:12:47 | 000,449,888 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\VETERAN\My Documents\msgr8us.exe
[2008/11/28 20:28:16 | 000,436,800 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\VETERAN\My Documents\msgr9us.exe
[2008/09/19 21:03:07 | 016,302,636 | ---- | M] (PC Camera ) -- C:\Documents and Settings\VETERAN\My Documents\PC_Camera_1043W_070328.exe
[2004/09/22 18:46:04 | 000,819,200 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\VETERAN\My Documents\setup_wm.exe
[2008/08/18 11:52:47 | 164,668,752 | ---- | M] (Ai Squared ) -- C:\Documents and Settings\VETERAN\My Documents\ZT914_KPTV.exe
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/06/21 13:33:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\VETERAN\Favorites\Desktop.ini
[2010/01/02 18:14:52 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\VETERAN\Favorites\FriendFinder Messenger v4.1.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/02 14:34:43 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\VETERAN\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %USERPROFILE%\Templates\*.* >
[2004/08/04 06:00:00 | 000,004,570 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\amipro.sam
[2004/08/04 06:00:00 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\excel.xls
[2004/08/04 06:00:00 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\excel4.xls
[2004/08/04 06:00:00 | 000,002,448 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\lotus.wk4
[2004/08/04 06:00:00 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\powerpnt.ppt
[2004/08/04 06:00:00 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\presenta.shw
[2004/08/04 06:00:00 | 000,004,017 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\quattro.wb2
[2004/08/04 06:00:00 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\sndrec.wav
[2004/08/04 06:00:00 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\winword.doc
[2004/08/04 06:00:00 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\winword2.doc
[2004/08/04 06:00:00 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\wordpfct.wpd
[2004/08/04 06:00:00 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\wordpfct.wpg

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 07:09:24
< End of report >
______________________________________________________________________________________________________________________

OTL EXTRAS

OTL Extras logfile created on: 9/2/2010 2:37:39 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\VETERAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.46 Gb Total Space | 52.72 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JGN0ZC1
Current User Name: VETERAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12BE3579-A34B-47BD-A65C-82B1754E71E1}" = D4100
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{27BC537B-086D-42E1-9CB3-9D115FA043BF}" = ScanSoft OmniPage 15.0
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{393711FE-64EB-4DC7-909E-5FB26D1270AA}" = Microsoft Sapi 5.1
"{3972C18C-688F-4312-BE9A-3E065204C33D}" = IBM ViaVoice TTS Runtime v6.610 - UK English
"{3C97C9C5-1AF3-41B0-B61C-185C06C75EE6}" = D4100_Help
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{62AD5F7F-9CFC-4523-AF83-C58F02836635}" = Geek Squad 24 Hour Computer Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8194FEA4-99B6-4CC9-8880-8888FBAB7EA6}" = ZoomText Keyboard
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}" = Manual CanoScan LiDE 25
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{942DF6BD-E4F2-4915-B4FB-09C02B71284F}" = NeoSpeech Paul
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9CA018F2-1E0D-4041-9258-6EFBFEF671BF}" = ZoomText 9.1
"{9FAD67A7-3A4E-4754-AAC4-0397F370611D}" = NeoSpeech Kate
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A6B23C-438E-4D08-B508-4E830CA8F335}" = IBM ViaVoice TTS Runtime v6.610 - US English
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C82E335E-2D1A-49B4-814B-0C60769F0C2A}" = ArcSoft VideoImpression 2
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3E7955D-696A-423C-8D38-FCA8A3094F05}" = Microsoft Sapi5 voices for XP
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DolphinSAM" = Synthesiser Access Manager
"EarthLink 5.0" = EarthLink 5.0
"Earthlink Instant Messenger" = Earthlink Instant Messenger
"EaseReader" = EaseReader
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"RealPlayer 6.0" = RealPlayer Basic
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2009 7:01:01 PM | Computer Name = JGN0ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 11/15/2009 1:22:44 AM | Computer Name = JGN0ZC1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 11/15/2009 1:23:08 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x67922d28.

Error - 11/15/2009 1:23:23 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 11/16/2009 5:25:32 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/16/2009 5:48:50 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/17/2009 7:24:57 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/17/2009 7:50:54 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/18/2009 7:00:39 PM | Computer Name = JGN0ZC1 | Source = Application Hang | ID = 1002
Description = Hanging application Nss.exe, version 2.6.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2009 8:47:53 PM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application fulltiltpoker.exe, version 0.0.0.0, faulting
module qtwebkit4.dll, version 4.5.2.0, fault address 0x0002426d.

[ System Events ]
Error - 9/2/2010 11:45:16 AM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 9/2/2010 11:46:40 AM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.

Error - 9/2/2010 2:16:23 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 9/2/2010 2:17:46 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.

Error - 9/2/2010 2:20:51 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 9/2/2010 2:22:15 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.

Error - 9/2/2010 2:24:06 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 9/2/2010 2:25:30 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.

Error - 9/2/2010 2:34:58 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 9/2/2010 2:36:22 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.


< End of report >
________________________________________________________________________________________________________________

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay - could I have a fresh look at your system and an update on your current problems
Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
camerica

camerica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for your reply. I re-ran both scans, and the text results from both are included below. I've also included the OTL file in case that's easier for you. I couldn't include both because the combined size exceeded 100K.

Also, as a note, when I ran OTL, no Extras log was produced. I'm not sure why. I'll be happy to re-run it if you think that I did something incorrectly.

If you need additional information, please let me know. Thanks again for your help!

___________________________________________________________________________________________________________

**GMER Log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-11 17:24:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\VETERAN\LOCALS~1\Temp\pwtdypow.sys


---- System - GMER 1.0.15 ----

SSDT 86F7AF30 ZwAllocateVirtualMemory
SSDT 86FE17E8 ZwCreateKey
SSDT 86FE0610 ZwCreateProcess
SSDT 86FE0598 ZwCreateProcessEx
SSDT 86F65180 ZwCreateThread
SSDT 86FBA148 ZwDeleteKey
SSDT 86F7F020 ZwDeleteValueKey
SSDT 86F7AFA8 ZwQueueApcThread
SSDT 86F7AE40 ZwReadVirtualMemory
SSDT 86F66638 ZwRenameKey
SSDT 86FD6498 ZwSetContextThread
SSDT 86FE15D8 ZwSetInformationKey
SSDT 86FA7210 ZwSetInformationProcess
SSDT 86FD6510 ZwSetInformationThread
SSDT 86FE7310 ZwSetValueKey
SSDT 86F651F8 ZwSuspendProcess
SSDT 86F7A020 ZwSuspendThread
SSDT 86FA7288 ZwTerminateProcess
SSDT 86FD6588 ZwTerminateThread
SSDT 86F7AEB8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes CALL 12D74340
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA9E54A00]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[240] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 86999CD8
Device \Driver\Tcpip \Device\Tcp 86999CD8

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

___________________________________________________________________________________________________________________

**OTL Log

OTL logfile created on: 9/11/2010 7:36:05 PM - Run 8
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\VETERAN\Desktop\Malware removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.46 Gb Total Space | 52.55 Gb Free Space | 76.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JGN0ZC1
Current User Name: VETERAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\VETERAN\Desktop\Malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
PRC - C:\WINDOWS\system32\mrtmngr.exe (Marimba Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\VETERAN\Desktop\Malware removal\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll (SOS Online Backup)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Ai2sXP) -- C:\WINDOWS\System32\drivers\Ai2sXP.sys (Ai Squared )
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1


[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Extensions
[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions
[2008/12/02 06:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/01/07 13:53:51 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AhIeBho Class) - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\ahoi\ah_ie_bho.dll (Ai Squared )
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdateMgr.exe] C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([profile] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mg4.mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159902408703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159902991781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell - "" = AutoRun
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/02 14:26:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe
[2010/09/02 11:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\Malwarebytes
[2010/09/02 11:06:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/02 11:06:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/02 11:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/02 11:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/02 10:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Desktop\Malware removal
[2010/08/31 13:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/31 12:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\U3
[2010/07/13 16:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Temp
[2010/07/06 22:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/07/04 20:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/04 19:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/03 23:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple
[2010/07/03 23:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/03 23:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/07/03 23:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple Computer
[2010/06/18 22:49:49 | 000,000,000 | ---D | C] -- C:\3f7fbbd9b12a51b4a70acc5371fedbdd
[2010/06/18 21:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/18 20:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/11 19:34:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/11 19:33:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 19:33:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 19:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 19:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 19:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/09/11 17:24:27 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\VETERAN\ntuser.dat
[2010/09/11 17:22:28 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/09/04 00:42:44 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\SalesRecapReport(1).xls
[2010/09/03 01:45:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\VETERAN\ntuser.ini
[2010/09/03 01:45:25 | 009,488,930 | -H-- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\IconCache.db
[2010/09/03 01:00:03 | 000,001,648 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/09/02 11:49:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe
[2010/09/02 11:06:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 10:28:55 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover2.doc
[2010/09/02 10:26:41 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_modssup.doc
[2010/08/31 22:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/25 12:16:16 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/25 12:02:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/24 13:58:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:57:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:36:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 21:49:01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_mods.doc
[2010/08/23 21:02:31 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 17:34:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/12 03:25:25 | 000,414,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:09:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:07:26 | 000,552,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:07:26 | 000,476,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:07:26 | 000,085,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 10:08:15 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover.doc
[2010/06/30 10:32:35 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:09 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/04 00:42:44 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\SalesRecapReport(1).xls
[2010/09/02 11:06:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 12:16:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/24 13:58:36 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:53:04 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:35:55 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 22:12:10 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/23 17:34:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/22 19:24:57 | 000,001,648 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/07/04 19:59:36 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 19:59:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:20:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/30 10:32:31 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:06 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 06:36:43 | 000,000,039 | ---- | C] () -- C:\WINDOWS\updatemgr.INI
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/11/22 20:50:01 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\keyfile3.drm
[2008/07/05 08:26:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 12:48:04 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/10/12 02:11:58 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/02 11:12:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Earthlink.INI
[2007/10/02 10:48:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2007/09/28 10:50:30 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/02/09 20:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/25 14:25:07 | 000,000,379 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/01/25 14:25:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2006/12/19 12:26:50 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/18 15:49:21 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/12/18 15:49:18 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2006/12/18 15:49:18 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2006/12/18 15:49:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2006/12/18 15:39:22 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
[2006/11/29 13:16:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/28 09:51:43 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/11/28 09:51:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006/11/28 09:51:30 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/11/28 09:51:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006/11/28 09:51:24 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006/11/28 09:51:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/11/27 12:49:10 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/14 09:15:36 | 000,001,004 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/09/25 22:19:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/25 22:17:24 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/25 21:55:20 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/25 21:55:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/05/31 17:06:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LDWaveIO.dll
[2006/05/31 17:06:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IsatITC.dll
[2006/05/16 02:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/06/21 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/04 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/12/19 12:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/09/13 18:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Ai Squared
[2006/11/27 16:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Canon
[2008/11/29 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/06/21 13:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Leadertech
[2006/11/09 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Nvu
[2007/06/21 14:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\OfficeUpdate12
[2006/12/19 12:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\ScanSoft
[2009/12/21 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\W Photo Studio Viewer
[2010/09/11 19:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/09/11 17:22:28 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/09/03 01:00:03 | 000,001,648 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/05 03:53:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/05/16 20:21:36 | 000,000,206 | ---- | M] () -- C:\CKINFO.TXT
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/09/25 21:56:16 | 000,005,241 | RH-- | M] () -- C:\dell.sdr
[2010/01/05 03:39:26 | 000,001,396 | ---- | M] () -- C:\detestfrag.txt
[2006/10/30 16:20:31 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/27 10:36:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/08/03 21:36:10 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/08/03 21:36:10 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/09/11 19:33:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2008/09/12 17:18:55 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/06/03 22:29:06 | 000,076,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/27 10:44:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/06/21 13:33:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\VETERAN\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 18:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\VETERAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/02 11:49:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/07/05 16:12:47 | 000,449,888 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\VETERAN\My Documents\msgr8us.exe
[2008/11/28 20:28:16 | 000,436,800 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\VETERAN\My Documents\msgr9us.exe
[2008/09/19 21:03:07 | 016,302,636 | ---- | M] (PC Camera ) -- C:\Documents and Settings\VETERAN\My Documents\PC_Camera_1043W_070328.exe
[2004/09/22 18:46:04 | 000,819,200 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\VETERAN\My Documents\setup_wm.exe
[2008/08/18 11:52:47 | 164,668,752 | ---- | M] (Ai Squared ) -- C:\Documents and Settings\VETERAN\My Documents\ZT914_KPTV.exe
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/06/21 13:33:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\VETERAN\Favorites\Desktop.ini
[2010/01/02 18:14:52 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\VETERAN\Favorites\FriendFinder Messenger v4.1.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/11 19:33:17 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\VETERAN\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2008/05/06 12:17:29 | 000,003,262 | ---- | M] () -- C:\WINDOWS\system32\dating123456789101112.ico
[2008/05/06 12:17:29 | 000,002,238 | ---- | M] () -- C:\WINDOWS\system32\doll61234567891011121314.ico
[2008/05/05 06:59:28 | 000,002,238 | ---- | M] () -- C:\WINDOWS\system32\livegirls1234567891011121314151617181920212223242526272829303132333435363738394041.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 07:09:24
< End of report >

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OKey dokey two programmes to run now, one an analysis programme the other a cleaner

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    [2008/05/06 12:17:29 | 000,003,262 | ---- | M] () -- C:\WINDOWS\system32\dating123456789101112.ico
    [2008/05/06 12:17:29 | 000,002,238 | ---- | M] () -- C:\WINDOWS\system32\doll61234567891011121314.ico
    [2008/05/05 06:59:28 | 000,002,238 | ---- | M] () -- C:\WINDOWS\system32\livegirls1234567891011121314151617181920212223242526272829303132333435363738394041.ico

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window similar to this should open on your desktop:

    Posted Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

FINALY FOR NOW

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
camerica

camerica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks again for your suggestions! I ran OTL, MBRCheck, and ComboFix. The resulting logs are included below.

I've also included the files in case you want them.

Were you expecting the steps I just took to fix the problem, or is this still the diagnosis phase? If it should be fixed now, I'll ask my neighbor to start working on the computer to see if the problem comes up again.

Thanks again for your help!
________________________________________________________________________________________________________________________
**OTL**

OTL logfile created on: 9/12/2010 6:47:13 PM - Run 9
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\VETERAN\Desktop\Malware removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 618.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.46 Gb Total Space | 52.54 Gb Free Space | 76.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JGN0ZC1
Current User Name: VETERAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\VETERAN\Desktop\Malware removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\system32\net1.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\net.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
PRC - C:\WINDOWS\system32\mrtmngr.exe (Marimba Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\VETERAN\Desktop\Malware removal\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Ai2sXP) -- C:\WINDOWS\System32\drivers\Ai2sXP.sys (Ai Squared )
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1


[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Extensions
[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions
[2008/12/02 06:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/09/12 18:44:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AhIeBho Class) - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\ahoi\ah_ie_bho.dll (Ai Squared )
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdateMgr.exe] C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([profile] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mg4.mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159902408703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159902991781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/12 18:43:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/02 11:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\Malwarebytes
[2010/09/02 11:06:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/02 11:06:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/02 11:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/02 11:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/02 10:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Desktop\Malware removal
[2010/08/31 13:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/31 12:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\U3
[2010/07/13 16:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Temp
[2010/07/06 22:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/07/04 20:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/04 19:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/03 23:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple
[2010/07/03 23:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/03 23:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/07/03 23:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple Computer
[2010/06/18 22:49:49 | 000,000,000 | ---D | C] -- C:\3f7fbbd9b12a51b4a70acc5371fedbdd
[2010/06/18 21:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/18 20:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/12 18:47:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 18:45:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 18:45:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 18:45:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 18:45:03 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\VETERAN\ntuser.dat
[2010/09/12 18:45:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\VETERAN\ntuser.ini
[2010/09/12 18:44:36 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/12 18:33:45 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/09/11 19:48:28 | 009,489,688 | -H-- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\IconCache.db
[2010/09/11 19:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 19:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/09/04 00:42:44 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\SalesRecapReport(1).xls
[2010/09/03 01:00:03 | 000,001,648 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/09/02 11:06:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 10:28:55 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover2.doc
[2010/09/02 10:26:41 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_modssup.doc
[2010/08/31 22:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/25 12:16:16 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/25 12:02:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/24 13:58:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:57:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:36:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 21:49:01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_mods.doc
[2010/08/23 21:02:31 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 17:34:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/12 03:25:25 | 000,414,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:09:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:07:26 | 000,552,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:07:26 | 000,476,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:07:26 | 000,085,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 10:08:15 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover.doc
[2010/06/30 10:32:35 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:09 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/04 00:42:44 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\SalesRecapReport(1).xls
[2010/09/02 11:06:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 12:16:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/24 13:58:36 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:53:04 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:35:55 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 22:12:10 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/23 17:34:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/22 19:24:57 | 000,001,648 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/07/04 19:59:36 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 19:59:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:20:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/30 10:32:31 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:06 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 06:36:43 | 000,000,039 | ---- | C] () -- C:\WINDOWS\updatemgr.INI
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/11/22 20:50:01 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\keyfile3.drm
[2008/07/05 08:26:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 12:48:04 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/10/12 02:11:58 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/02 11:12:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Earthlink.INI
[2007/10/02 10:48:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2007/09/28 10:50:30 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/02/09 20:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/25 14:25:07 | 000,000,379 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/01/25 14:25:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2006/12/19 12:26:50 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/18 15:49:21 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/12/18 15:49:18 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2006/12/18 15:49:18 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2006/12/18 15:49:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2006/12/18 15:39:22 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
[2006/11/29 13:16:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/28 09:51:43 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/11/28 09:51:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006/11/28 09:51:30 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/11/28 09:51:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006/11/28 09:51:24 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006/11/28 09:51:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/11/27 12:49:10 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/14 09:15:36 | 000,001,004 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/09/25 22:19:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/25 22:17:24 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/25 21:55:20 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/25 21:55:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/05/31 17:06:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LDWaveIO.dll
[2006/05/31 17:06:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IsatITC.dll
[2006/05/16 02:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/06/21 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/04 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/12/19 12:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/09/13 18:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Ai Squared
[2006/11/27 16:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Canon
[2008/11/29 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/06/21 13:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Leadertech
[2006/11/09 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Nvu
[2007/06/21 14:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\OfficeUpdate12
[2006/12/19 12:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\ScanSoft
[2009/12/21 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\W Photo Studio Viewer
[2010/09/11 19:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/09/12 18:33:45 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/09/03 01:00:03 | 000,001,648 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job

========== Purity Check ==========


< End of report >

____________________________________________________________________________________________________________________

**MBRCheck**

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7AB2000 \WINDOWS\system32\KDCOM.DLL
0xF79C2000 \WINDOWS\system32\BOOTVID.dll
0xF7483000 ACPI.sys
0xF7AB4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7472000 pci.sys
0xF75B2000 isapnp.sys
0xF75C2000 sshrmd.sys
0xF75D2000 ssfs0bbc.sys
0xF7444000 ssidrv.sys
0xF7417000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xF7832000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xF7B7A000 pciide.sys
0xF783A000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75E2000 MountMgr.sys
0xF73F8000 ftdisk.sys
0xF7AB6000 dmload.sys
0xF73D2000 dmio.sys
0xF7842000 PartMgr.sys
0xF75F2000 VolSnap.sys
0xF73BA000 atapi.sys
0xF7602000 disk.sys
0xF7612000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF739A000 fltmgr.sys
0xF7388000 sr.sys
0xF784A000 PxHelp20.sys
0xF7371000 KSecDD.sys
0xF72E4000 Ntfs.sys
0xF72CA000 Mup.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7165000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF7151000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78F2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF712D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78FA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7105000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF70DB000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF70A7000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF7084000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6F85000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6EDE000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7902000 \SystemRoot\System32\Drivers\Modem.SYS
0xF790A000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6ECA000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A72000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF77E2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7912000 \SystemRoot\system32\drivers\pfc.sys
0xF77F2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7802000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BA2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7672000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A7A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E22000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7682000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7692000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6E11000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7922000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF792A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6DE1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76C2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7932000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF793A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AD8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6D5B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A92000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76F2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7ADE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA9E80000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA9E5C000 \SystemRoot\system32\drivers\portcls.sys
0xF7722000 \SystemRoot\system32\drivers\drmk.sys
0xA9DFC000 \SystemRoot\system32\drivers\Senfilt.sys
0xF7A56000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF795A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7A66000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7AE6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA1000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF796A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7972000 \SystemRoot\System32\drivers\vga.sys
0xF7AEA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF797A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7982000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A6E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9C84000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9C2B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9C03000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9BDD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9BBB000 \SystemRoot\System32\drivers\afd.sys
0xF7AEE000 \SystemRoot\System32\drivers\Ai2sXP.sys
0xF798A000 \SystemRoot\system32\ckldrv.sys
0xF7822000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6DC9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7632000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF799A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6DC5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6DB9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9F6F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9BA3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9DF0000 \SystemRoot\System32\drivers\Dxapi.sys
0xF787A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF026000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\Ai2Ldr.dll
0xBF016000 \SystemRoot\System32\dcmc0d0.dll
0xBF04D000 \SystemRoot\System32\dcmkrnl.dll
0xBF05F000 \SystemRoot\System32\Ai2d91.dll
0xBF06E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1AB000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9F4F000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA9B2B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9806000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9689000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9F5F000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79AA000 \SystemRoot\System32\drivers\BrPar.sys
0xF7B00000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
0xA9234000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA901D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8C9D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7882000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA87FD000 \SystemRoot\System32\Drivers\HTTP.sys
0xF78C2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA867E000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
632 csrss.exe
656 C:\WINDOWS\system32\winlogon.exe
700 C:\WINDOWS\system32\services.exe
712 C:\WINDOWS\system32\lsass.exe
896 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
944 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1160 C:\WINDOWS\system32\svchost.exe
1228 svchost.exe
1304 svchost.exe
1532 C:\WINDOWS\system32\spoolsv.exe
1608 svchost.exe
1748 C:\WINDOWS\explorer.exe
2036 C:\WINDOWS\system32\hkcmd.exe
120 C:\WINDOWS\system32\igfxpers.exe
152 C:\Program Files\Analog Devices\Core\smax4pnp.exe
192 C:\Program Files\EarthLink 5.0\updatemgr.exe
244 C:\Program Files\Real\RealPlayer\realplay.exe
252 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
268 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
308 C:\WINDOWS\system32\mrtmngr.exe
452 C:\WINDOWS\system32\ctfmon.exe
468 C:\Program Files\Logitech\Logitech Vid\Vid.exe
536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
548 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
608 C:\Program Files\Bonjour\mDNSResponder.exe
780 C:\WINDOWS\system32\Crypserv.exe
1236 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
996 C:\WINDOWS\system32\HPZipm12.exe
1600 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2028 C:\WINDOWS\system32\svchost.exe
1084 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
1248 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
2460 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3936 alg.exe
4072 C:\Documents and Settings\VETERAN\Application Data\U3\02206170433038D4\Launchpad.exe
3692 C:\Documents and Settings\VETERAN\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 22FBECB087B0FF9ED17D568A6E9A53A43DC46F02


Done!

___________________________________________________________________________________________________________________

**ComboFix**

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7AB2000 \WINDOWS\system32\KDCOM.DLL
0xF79C2000 \WINDOWS\system32\BOOTVID.dll
0xF7483000 ACPI.sys
0xF7AB4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7472000 pci.sys
0xF75B2000 isapnp.sys
0xF75C2000 sshrmd.sys
0xF75D2000 ssfs0bbc.sys
0xF7444000 ssidrv.sys
0xF7417000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xF7832000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xF7B7A000 pciide.sys
0xF783A000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75E2000 MountMgr.sys
0xF73F8000 ftdisk.sys
0xF7AB6000 dmload.sys
0xF73D2000 dmio.sys
0xF7842000 PartMgr.sys
0xF75F2000 VolSnap.sys
0xF73BA000 atapi.sys
0xF7602000 disk.sys
0xF7612000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF739A000 fltmgr.sys
0xF7388000 sr.sys
0xF784A000 PxHelp20.sys
0xF7371000 KSecDD.sys
0xF72E4000 Ntfs.sys
0xF72CA000 Mup.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7165000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF7151000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78F2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF712D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78FA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7105000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF70DB000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF70A7000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF7084000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6F85000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6EDE000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7902000 \SystemRoot\System32\Drivers\Modem.SYS
0xF790A000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6ECA000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A72000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF77E2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7912000 \SystemRoot\system32\drivers\pfc.sys
0xF77F2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7802000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BA2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7672000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A7A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E22000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7682000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7692000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6E11000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7922000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF792A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6DE1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76C2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7932000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF793A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AD8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6D5B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A92000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76F2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7ADE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA9E80000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA9E5C000 \SystemRoot\system32\drivers\portcls.sys
0xF7722000 \SystemRoot\system32\drivers\drmk.sys
0xA9DFC000 \SystemRoot\system32\drivers\Senfilt.sys
0xF7A56000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF795A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7A66000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7AE6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA1000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF796A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7972000 \SystemRoot\System32\drivers\vga.sys
0xF7AEA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF797A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7982000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A6E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9C84000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9C2B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9C03000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA9BDD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9BBB000 \SystemRoot\System32\drivers\afd.sys
0xF7AEE000 \SystemRoot\System32\drivers\Ai2sXP.sys
0xF798A000 \SystemRoot\system32\ckldrv.sys
0xF7822000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6DC9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7632000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF799A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6DC5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6DB9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9F6F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9BA3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9DF0000 \SystemRoot\System32\drivers\Dxapi.sys
0xF787A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF026000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\Ai2Ldr.dll
0xBF016000 \SystemRoot\System32\dcmc0d0.dll
0xBF04D000 \SystemRoot\System32\dcmkrnl.dll
0xBF05F000 \SystemRoot\System32\Ai2d91.dll
0xBF06E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1AB000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9F4F000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA9B2B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9806000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9689000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9F5F000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79AA000 \SystemRoot\System32\drivers\BrPar.sys
0xF7B00000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
0xA9234000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA901D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8C9D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7882000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA87FD000 \SystemRoot\System32\Drivers\HTTP.sys
0xF78C2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA867E000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
632 csrss.exe
656 C:\WINDOWS\system32\winlogon.exe
700 C:\WINDOWS\system32\services.exe
712 C:\WINDOWS\system32\lsass.exe
896 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
944 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1160 C:\WINDOWS\system32\svchost.exe
1228 svchost.exe
1304 svchost.exe
1532 C:\WINDOWS\system32\spoolsv.exe
1608 svchost.exe
1748 C:\WINDOWS\explorer.exe
2036 C:\WINDOWS\system32\hkcmd.exe
120 C:\WINDOWS\system32\igfxpers.exe
152 C:\Program Files\Analog Devices\Core\smax4pnp.exe
192 C:\Program Files\EarthLink 5.0\updatemgr.exe
244 C:\Program Files\Real\RealPlayer\realplay.exe
252 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
268 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
308 C:\WINDOWS\system32\mrtmngr.exe
452 C:\WINDOWS\system32\ctfmon.exe
468 C:\Program Files\Logitech\Logitech Vid\Vid.exe
536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
548 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
608 C:\Program Files\Bonjour\mDNSResponder.exe
780 C:\WINDOWS\system32\Crypserv.exe
1236 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
996 C:\WINDOWS\system32\HPZipm12.exe
1600 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2028 C:\WINDOWS\system32\svchost.exe
1084 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
1248 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
2460 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3936 alg.exe
4072 C:\Documents and Settings\VETERAN\Application Data\U3\02206170433038D4\Launchpad.exe
3692 C:\Documents and Settings\VETERAN\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 22FBECB087B0FF9ED17D568A6E9A53A43DC46F02


Done!

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you use the computer now and let me know what problems are experienced
  • 0

#7
camerica

camerica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I checked the computer, and the screen is still going blank. It occurred right after the Windows XP screen when the system starts up. The XP screen with the scrolling bar towards the bottom appears to progress normally, and then the screen goes blank with a blue color - lighter than the blue screen of death.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you start the computer in safe mode and let me know if the same problem occurs - at the moment I am thinking of a video card error
  • 0

#9
camerica

camerica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Will do. As a note, I checked the monitor connection yesterday, and it was like he'd used a wrench to tighten it. It seems like that could damage the card somewhat, but I'm not sure.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does not sound too good as the card may be distorted and not making a proper connection
  • 0

Advertisements


#11
camerica

camerica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry for the delay. I tried running in safe mode, and there wasn't a problem. I'm not sure that this is related, but I downloaded Firefox from Mozilla.com (not .org, as I should have), and the screen went blank when I tried to install it. I tried it again with a file from mozilla.org, and it ran normally. I'm not sure that it matters, but seemed worth mentioning.

Would it make sense to re-seat the video card?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes reseat the card and also download the latest drivers, as in safe mode generic windows drivers are used

What is the video card and I will hunt out the driver
  • 0

#13
camerica

camerica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry for the delay. I was booked over the weekend. I checked, and I think it's an Intel Q965/Q963 express chipset. Does that sound right?
I'll try reseating the board tomorrow and let you know how it goes. Thanks!
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry I meant the make and model of the Video card :D
  • 0

#15
camerica

camerica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I checked in the computer, but it appears to be built into the motherboard. I'm not too familiar with things from a hardware standpoint. I'll call the company that provided them the computer tomorrow morning. Their support line should be able to provide the specs. Thanks for your patience!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP