Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Athrin

Pages: [1] 2 3 4
1
Tech Clinic / Random Crashes with Blue screen error
« on: March 25, 2011, 10:00:47 PM »
Finally it started happening again. I believe it has something to do with my disk drives. Here is a picture of the error message:

Problem signature
Problem Event Name:   BlueScreen
OS Version:   6.1.7601.2.1.0.768.3
Locale ID:   1033

Extra information about the problem
BCCode:   3b
BCP1:   00000000C0000005
BCP2:   FFFFF960001630AE
BCP3:   FFFFF88003EE90C0
BCP4:   0000000000000000
OS Version:   6_1_7601
Service Pack:   1_0
Product:   768_1

I also took a picture of it if you need to see that as well. It has its moments and idk why. I've scanned with my virus protector, scanned malware, did registry fixes, i still can't figure out a problem. But of course, it's not doing anything right now and it only took 5 days to finally do it again. =/ I dont think there's a fix to this. Updating my BIOS probably won't do much if anything at all.

Also, this is not supposed to be like this: http://i.imgur.com/ipEi2.jpg You see that orange light below the power light? Right below that orange light is a disc symbol. That light has never stayed on like that before. Any idea what the problem could be with that? Disc drive failure? (and yes, that's a n64 controller xD)

2
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 06:00:58 PM »
Yah, i'll post back next time it happens which probably wont be until tomorrow maybe. It only happens when it's been in sleep mode for 5+ hours it seems then i wake it up and there's a small chance it'll happen. Unsure what the cause may be though. At first i tried registry fixes and that fixed it A LOT. Then i thought it stopped until it happened again but took awhile. I read it and it had something to do with my DVD drive i believe and that was already confusing because under My computer, my DVD drive was not listed and also wouldn't open when i pressed the button on the tower. So in the end, i opened the tower up, was able to fix that, it now lists the DVD drive in my computer, i'm able to freely open/close it, and i havent had a blue screen since. The last one was early yesterday i believe. I'll keep my eyes open for signs and the next time it happens whether it be tomorrow or the next day after, i'll post back the messages that appear on the screen now that i've disabled Automatic Restart on Failure.

3
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 05:49:17 PM »
Mine is p6510f but it's the same model. Same exact tower, processor, motherboard, ram, etc. The only fix i could see me benefiting from this is resuming from sleep mode but that seems to be fixed already as it always comes out of sleep mode. It's the random blue screen crashes that happen when it wants to.

4
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 05:28:56 PM »
Yup thats it.

5
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 05:07:58 PM »
What of the model are you searching for? o.o

6
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 04:58:22 PM »
This is all i could find from that website.

http://h10025.www1.hp.com/ewfrf/wc/product?product=4215700&lc=en&cc=us&dlc=en&lang=en&cc=us&y=6&x=7

7
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 03:54:05 PM »
I deleted the network info at the very bottom. If i missed anything, do delete anything else that shouldn't be displayed.

Summary
      Operating System
         MS Windows 7 Home Premium 64-bit SP1
      CPU
         AMD Athlon II X4 630   16 °C
         Propus 45nm Technology
      RAM
         4.0GB Dual-Channel DDR3 @ 666MHz (9-9-9-24)
      Motherboard
         FOXCONN 2A92 (CPU 1)   30 °C
      Graphics
         MAW-SERIAL (1280x800@60Hz)
         NVIDIA GeForce GT 240
      Hard Drives
         733GB Hitachi Hitachi HDS721075CLA332 SCSI Disk Device (RAID)
      Optical Drives
         hp DVD A  DH16AAL SCSI CdRom Device
      Audio
         Realtek High Definition Audio
Operating System
   MS Windows 7 Home Premium 64-bit SP1
   Installation Date: 17 September 2010, 13:54
   Serial Number: 4FG99-BC3HD-73CQT-WMF7J-3Q6C9
      Windows Security Center
         User Account Control (UAC)   Disabled
         Firewall   Enabled
         Antivirus   Disabled
      Windows Update
         AutoUpdate   Download Automatically and Install at Set Scheduled time
         Schedule Frequency   Every day
         Schedule Time   0 am
      Windows Defender
         Windows Defender   Disabled
      TimeZone
         TimeZone   GMT -5 Hours
         Language   English
         Country   United States
         Currency   $
         Date Format   M/d/yyyy
         Time Format   h:mm:ss tt
      Power Profile
         Active power scheme   Always On
         Hibernation   Enabled
      Scheduler
         5/19/2011 12:55 AM   HPCeeScheduleForTrey
         2/28/2012 10:00 AM   PCDRScheduledMaintenance
         Disabled   Registration
         Disabled   ServicePlan
      Hotfixes
         3/17/2011   Windows 7 Service Pack 1 for x64-based Systems (KB976932)
         3/17/2011   Windows 7 Service Pack 1 for x64-based Systems (KB976932)
         3/12/2011   Windows Malicious Software Removal Tool x64 - March 2011 (KB890830)
         3/12/2011   Windows 7 Service Pack 1 for x64-based Systems (KB976932)
         3/10/2011   Update for Windows 7 for x64-based Systems (KB2505438)
         3/10/2011   Security Update for Windows 7 for x64-based Systems (KB2479943)
         3/10/2011   Security Update for Windows 7 for x64-based Systems (KB2483614)
      Services
         Running   AMD External Events Utility
         Running   Application Experience
         Running   Background Intelligent Transfer Service
         Running   Base Filtering Engine
         Running   CinemaNow Service
         Running   CNG Key Isolation
         Running   COM+ Event System
         Running   Computer Browser
         Running   Cryptographic Services
         Running   DCOM Server Process Launcher
         Running   Desktop Window Manager Session Manager
         Running   DHCP Client
         Running   Diagnostic Policy Service
         Running   Diagnostic Service Host
         Running   Distributed Link Tracking Client
         Running   DNS Client
         Running   Encrypting File System (EFS)
         Running   Extensible Authentication Protocol
         Running   Function Discovery Provider Host
         Running   Function Discovery Resource Publication
         Running   Group Policy Client
         Running   HomeGroup Listener
         Running   HomeGroup Provider
         Running   HP Health Check Service
         Running   HP Quick Synchronization Service
         Running   Human Interface Device Access
         Running   IP Helper
         Running   IPsec Policy Agent
         Running   LightScribeService Direct Disc Labeling Service
         Running   Multimedia Class Scheduler
         Running   Network Connections
         Running   Network List Service
         Running   Network Location Awareness
         Running   Network Store Interface Service
         Running   NVIDIA Display Driver Service
         Running   NVIDIA Stereoscopic 3D Driver Service
         Running   Peer Name Resolution Protocol
         Running   Peer Networking Grouping
         Running   Peer Networking Identity Manager
         Running   Plug and Play
         Running   Portable Device Enumerator Service
         Running   Power
         Running   Print Spooler
         Running   Program Compatibility Assistant Service
         Running   Remote Access Connection Manager
         Running   Remote Procedure Call (RPC)
         Running   RPC Endpoint Mapper
         Running   SB Recovery Service
         Running   Secure Socket Tunneling Protocol Service
         Running   Security Accounts Manager
         Running   Security Center
         Running   Server
         Running   Shell Hardware Detection
         Running   SSDP Discovery
         Running   Superfetch
         Running   System Event Notification Service
         Running   Task Scheduler
         Running   TCP/IP NetBIOS Helper
         Running   Telephony
         Running   Themes
         Running   UPnP Device Host
         Running   User Profile Service
         Running   VIPRE Antivirus
         Running   Windows Audio
         Running   Windows Audio Endpoint Builder
         Running   Windows Driver Foundation - User-mode Driver Framework
         Running   Windows Event Log
         Running   Windows Firewall
         Running   Windows Font Cache Service
         Running   Windows Image Acquisition (WIA)
         Running   Windows Live ID Sign-in Assistant
         Running   Windows Management Instrumentation
         Running   Windows Media Player Network Sharing Service
         Running   Windows Presentation Foundation Font Cache 3.0.0.0
         Running   Windows Search
         Running   Windows Update
         Running   WLAN AutoConfig
         Running   Workstation
         Stopped   ActiveX Installer (AxInstSV)
         Stopped   Adaptive Brightness
         Stopped   Application Identity
         Stopped   Application Information
         Stopped   Application Layer Gateway Service
         Stopped   BitLocker Drive Encryption Service
         Stopped   Block Level Backup Engine Service
         Stopped   Bluetooth Support Service
         Stopped   Certificate Propagation
         Stopped   COM+ System Application
         Stopped   Credential Manager
         Stopped   Diagnostic System Host
         Stopped   Disk Defragmenter
         Stopped   Distributed Transaction Coordinator
         Stopped   Fax
         Stopped   GameConsoleService
         Stopped   Health Key and Certificate Management
         Stopped   HP Software Framework Service
         Stopped   IKE and AuthIP IPsec Keying Modules
         Stopped   Interactive Services Detection
         Stopped   Internet Connection Sharing (ICS)
         Stopped   KtmRm for Distributed Transaction Coordinator
         Stopped   Link-Layer Topology Discovery Mapper
         Stopped   Media Center Extender Service
         Stopped   Microsoft .NET Framework NGEN v2.0.50727_X64
         Stopped   Microsoft .NET Framework NGEN v2.0.50727_X86
         Stopped   Microsoft .NET Framework NGEN v4.0.30319_X64
         Stopped   Microsoft .NET Framework NGEN v4.0.30319_X86
         Stopped   Microsoft iSCSI Initiator Service
         Stopped   Microsoft Software Shadow Copy Provider
         Stopped   Net.Tcp Port Sharing Service
         Stopped   Netlogon
         Stopped   Network Access Protection Agent
         Stopped   nProtect GameGuard Service
         Stopped   Parental Controls
         Stopped   Performance Counter DLL Host
         Stopped   Performance Logs & Alerts
         Stopped   PnP-X IP Bus Enumerator
         Stopped   PNRP Machine Name Publication Service
         Stopped   Problem Reports and Solutions Control Panel Support
         Stopped   Protected Storage
         Stopped   Quality Windows Audio Video Experience
         Stopped   Remote Access Auto Connection Manager
         Stopped   Remote Desktop Configuration
         Stopped   Remote Desktop Services
         Stopped   Remote Procedure Call (RPC) Locator
         Stopped   Remote Registry
         Stopped   Routing and Remote Access
         Stopped   Secondary Logon
         Stopped   Smart Card
         Stopped   Smart Card Removal Policy
         Stopped   SNMP Trap
         Stopped   Software Protection
         Stopped   SPP Notification Service
         Stopped   Tablet PC Input Service
         Stopped   Thread Ordering Server
         Stopped   TPM Base Services
         Stopped   Virtual Disk
         Stopped   Volume Shadow Copy
         Stopped   WebClient
         Stopped   Windows Activation Technologies Service
         Stopped   Windows Backup
         Stopped   Windows Biometric Service
         Stopped   Windows CardSpace
         Stopped   Windows Color System
         Stopped   Windows Connect Now - Config Registrar
         Stopped   Windows Defender
         Stopped   Windows Error Reporting Service
         Stopped   Windows Event Collector
         Stopped   Windows Installer
         Stopped   Windows Live Family Safety Service
         Stopped   Windows Live Mesh remote connections service
         Stopped   Windows Media Center Receiver Service
         Stopped   Windows Media Center Scheduler Service
         Stopped   Windows Modules Installer
         Stopped   Windows Remote Management (WS-Management)
         Stopped   Windows Time
         Stopped   WinHTTP Web Proxy Auto-Discovery Service
         Stopped   Wired AutoConfig
         Stopped   WMI Performance Adapter
         Stopped   WWAN AutoConfig
      Device Tree
            ACPI x64-based PC
                  Microsoft ACPI-Compliant System
                     AMD Athlon(tm) II X4 630 Processor
                     AMD Athlon(tm) II X4 630 Processor
                     AMD Athlon(tm) II X4 630 Processor
                     AMD Athlon(tm) II X4 630 Processor
                     System board
                     ACPI Power Button
                     Microsoft Windows Management Interface for ACPI
                     ACPI Fixed Feature Button
                        AMD PCI Express (3GIO) Filter Driver
                           ATI I/O Communications Processor SMBus Controller
                           PCI standard host CPU bridge
                           PCI standard host CPU bridge
                           PCI standard host CPU bridge
                           PCI standard host CPU bridge
                           PCI standard host CPU bridge
                           Motherboard resources
                              PCI standard host CPU bridge
                                 Motherboard resources
                              PCI standard PCI-to-PCI bridge
                                    NVIDIA GeForce GT 240
                                       Generic PnP Monitor
                                    High Definition Audio Controller
                                       NVIDIA High Definition Audio
                                       NVIDIA High Definition Audio
                                       NVIDIA High Definition Audio
                                       NVIDIA High Definition Audio
                              PCI standard PCI-to-PCI bridge
                                 802.11n Wireless LAN Card
                              PCI standard PCI-to-PCI bridge
                                 Realtek PCIe GBE Family Controller
                              AMD AHCI Compatible RAID Controller
                                 Hitachi HDS721075CLA332 SCSI Disk Device
                                 hp DVD A  DH16AAL SCSI CdRom Device
                                 AMD RAID Console
                              Standard OpenHCD USB Host Controller
                                    USB Root Hub
                                          USB Input Device
                                             HID-compliant game controller
                                             HID-compliant game controller
                                          USB Input Device
                                             HID-compliant mouse
                                          USB Composite Device
                                                USB Input Device
                                                   Logitech HID-Compliant Keyboard
                                                USB Input Device
                                                   HID-compliant consumer control device
                                                   HID-compliant device
                                                   HID-compliant device
                                                   HID-compliant device
                                                      Logitech HID-compliant Cordless Mouse
                                                         Logitech Pointing Device
                                                         Logitech HID Device
                              Standard OpenHCD USB Host Controller
                                 USB Root Hub
                              Standard Enhanced PCI to USB Host Controller
                                 USB Root Hub
                              Standard OpenHCD USB Host Controller
                                 USB Root Hub
                              Standard OpenHCD USB Host Controller
                                 USB Root Hub
                              Standard Enhanced PCI to USB Host Controller
                                    USB Root Hub
                                          USB Mass Storage Device
                                             Generic- SD/MMC USB Device
                                             Generic- Compact Flash USB Device
                                             Generic- SM/xD-Picture USB Device
                                             Generic- MS/MS-Pro USB Device
                              High Definition Audio Controller
                                 Realtek High Definition Audio
                              PCI standard ISA bridge
                                 Programmable interrupt controller
                                 Direct memory access controller
                                 System timer
                                 System CMOS/real time clock
                                 System speaker
                                 Numeric data processor
                                 High precision event timer
                                 Motherboard resources
                                 Motherboard resources
                                 Motherboard resources
                              ATI I/O Communications Processor PCI Bus Controller
                                 VIA 1394 OHCI Compliant Host Controller
                              Standard OpenHCD USB Host Controller
                                 USB Root Hub
CPU
      AMD Athlon II X4 630
         Cores   4
         Threads   4
         Name   AMD Athlon II X4 630
         Code Name   Propus
         Package   Socket AM3 (938)
         Technology   45nm
         Specification   AMD Athlon(tm) II X4 630 Processor
         Family   F
         Extended Family   10
         Model   5
         Extended Model   5
         Stepping   3
         Revision   BL-C3
         Instructions   MMX (+), 3DNow! (+), SSE, SSE2, SSE3, SSE4A, AMD 64
         Virtualization   Supported, Enabled
         Hyperthreading   Not supported
         Fan Speed   1814 RPM
         Bus Speed   200.0 MHz
         Rated Bus Speed   2000.1 MHz
         Stock Core Speed   2800 MHz
         Stock Bus Speed   200 MHz
         Average Temperature   16 °C
            Caches
               L1 Data Cache Size   4 x 64 KBytes
               L1 Instructions Cache Size   4 x 64 KBytes
               L2 Unified Cache Size   4 x 512 KBytes
            Core 0
               Core Speed   2800.4 MHz
               Multiplier   x 4.0
               Bus Speed   200.0 MHz
               Rated Bus Speed   2000.1 MHz
               Temperature   16 °C
                  Thread 1
                     APIC ID   0
            Core 1
               Core Speed   2800.4 MHz
               Multiplier   x 4.0
               Bus Speed   200.0 MHz
               Rated Bus Speed   2000.1 MHz
               Temperature   16 °C
                  Thread 1
                     APIC ID   1
            Core 2
               Core Speed   2800.4 MHz
               Multiplier   x 4.0
               Bus Speed   200.0 MHz
               Rated Bus Speed   2000.1 MHz
               Temperature   16 °C
                  Thread 1
                     APIC ID   2
            Core 3
               Core Speed   2800.4 MHz
               Multiplier   x 4.0
               Bus Speed   200.0 MHz
               Rated Bus Speed   2000.1 MHz
               Temperature   16 °C
                  Thread 1
                     APIC ID   3
RAM
      Memory slots
         Total memory slots   4
         Used memory slots   2
         Free memory slots   2
      Memory
         Type   DDR3
         Size   4096 MBytes
         Channels #   Dual
         DRAM Frequency   666.7 MHz
         CAS# Latency (CL)   9 clocks
         RAS# to CAS# Delay (tRCD)   9 clocks
         RAS# Precharge (tRP)   9 clocks
         Cycle Time (tRAS)   24 clocks
         Bank Cycle Time (tRC)   33 clocks
         Command Rate (CR)   1T
      Physical Memory
         Memory Usage   29 %
         Total Physical   3.99 GB
         Available Physical   2.79 GB
         Total Virtual   7.99 TB
         Available Virtual   7.99 TB
      SPD
         Number Of SPD Modules   2
            Slot #1
               Type   DDR3
               Size   2048 MBytes
               Manufacturer   Samsung
               Max Bandwidth   PC3-10700 (667 MHz)
               Part Number   M378B5673FH0-CH9  
               Serial Number   6365A2BA
               Week/year   32 / 10
               SPD Ext.   EPP
                  JEDEC #4
                     Frequency   685.7 MHz
                     CAS# Latency   9.0
                     RAS# To CAS#   9
                     RAS# Precharge   9
                     tRAS   25
                     tRC   34
                     Voltage   1.500 V
                  JEDEC #3
                     Frequency   609.5 MHz
                     CAS# Latency   8.0
                     RAS# To CAS#   8
                     RAS# Precharge   8
                     tRAS   22
                     tRC   30
                     Voltage   1.500 V
                  JEDEC #2
                     Frequency   533.3 MHz
                     CAS# Latency   7.0
                     RAS# To CAS#   7
                     RAS# Precharge   7
                     tRAS   20
                     tRC   27
                     Voltage   1.500 V
                  JEDEC #1
                     Frequency   457.1 MHz
                     CAS# Latency   6.0
                     RAS# To CAS#   6
                     RAS# Precharge   6
                     tRAS   17
                     tRC   23
                     Voltage   1.500 V
            Slot #2
               Type   DDR3
               Size   2048 MBytes
               Manufacturer   Samsung
               Max Bandwidth   PC3-10700 (667 MHz)
               Part Number   M378B5673FH0-CH9  
               Serial Number   6365A2B4
               Week/year   32 / 10
               SPD Ext.   EPP
                  JEDEC #4
                     Frequency   685.7 MHz
                     CAS# Latency   9.0
                     RAS# To CAS#   9
                     RAS# Precharge   9
                     tRAS   25
                     tRC   34
                     Voltage   1.500 V
                  JEDEC #3
                     Frequency   609.5 MHz
                     CAS# Latency   8.0
                     RAS# To CAS#   8
                     RAS# Precharge   8
                     tRAS   22
                     tRC   30
                     Voltage   1.500 V
                  JEDEC #2
                     Frequency   533.3 MHz
                     CAS# Latency   7.0
                     RAS# To CAS#   7
                     RAS# Precharge   7
                     tRAS   20
                     tRC   27
                     Voltage   1.500 V
                  JEDEC #1
                     Frequency   457.1 MHz
                     CAS# Latency   6.0
                     RAS# To CAS#   6
                     RAS# Precharge   6
                     tRAS   17
                     tRC   23
                     Voltage   1.500 V
Motherboard
   Manufacturer   FOXCONN
   Model   2A92
   Chipset Vendor   AMD
   Chipset Model   785G
   Chipset Revision   00
   Southbridge Vendor   AMD
   Southbridge Model   SB700
   Southbridge Revision   00
   System Temperature   30 °C
      BIOS
         Brand   American Megatrends Inc.
         Version   6.05
         Date   07/02/2010
      Voltage
         CPU CORE   2.160 V
         MEMORY CONTROLLER   2.160 V
         +3.3V   2.160 V
         +5V   5.027 V
         +12V   8.640 V
         -12V   -8.640 V
         -5V   -8.640 V
         +5V HIGH THRESHOLD   5.027 V
         CMOS BATTERY    3.296 V
      PCI Data
         1. PCI   Available
         2. PCI   Available
         3. PCI   Available
Graphics
      Monitor
         Name   MAW-SERIAL on NVIDIA GeForce GT 240
         Current Resolution   1280x800 pixels
         Work Resolution   1280x760 pixels
         State   enabled, primary
         Monitor Width   1280
         Monitor Height   800
         Monitor BPP   32 bits per pixel
         Monitor Frequency   60 Hz
         Device   \\.\DISPLAY1\Monitor0
      NVIDIA GeForce GT 240
         Memory   512 MB
         Memory type   2
         Driver version   8.17.12.5896
Hard Drives
      Hitachi HDS721075CLA332 SCSI Disk Device
         Manufacturer   Hitachi
         Product Family   Deskstar
         Series Prefix   Standard
         Speed, Expressed in Revolutions Per Minute (rpm)   7200
         Model Capacity For This Specific Drive   100GB
         Interface   RAID
         Capacity   733GB
         Real size   750,156,374,016 bytes
            S.M.A.R.T
               S.M.A.R.T not supported
            Partition 0
               Partition ID   Disk #0, Partition #0
               Size   100 MB
            Partition 1
               Partition ID   Disk #0, Partition #1
               Disk Letter   C:
               File System   NTFS
               Volume Serial Number   DC25DBCD
               Size   687GB
               Used Space   46GB (7%)
               Free Space   641GB (93%)
            Partition 2
               Partition ID   Disk #0, Partition #2
               Disk Letter   D:
               File System   NTFS
               Volume Serial Number   A2771302
               Size   11.5GB
               Used Space   10.1GB (88%)
               Free Space   1.40GB (12%)
Optical Drives
      hp DVD A  DH16AAL SCSI CdRom Device
         Media Type   DVD Writer
         Name   hp DVD A  DH16AAL SCSI CdRom Device
         Availability   Running/Full Power
         Capabilities   Random Access, Supports Writing, Supports Removable Media
         Config Manager Error Code   Device is working properly
         Config Manager User Config   FALSE
         Drive   E:
         Media Loaded   FALSE
         SCSI Bus   0
         SCSI Logical Unit   0
         SCSI Port   0
         SCSI Target Id   1
         Status   OK
Audio
      Sound Cards
         NVIDIA High Definition Audio
         NVIDIA High Definition Audio
         NVIDIA High Definition Audio
         Realtek High Definition Audio
         NVIDIA High Definition Audio
      Playback Devices
         Speakers (Realtek High Definition Audio)   (default)
         Realtek Digital Output (Realtek High Definition Audio)
      Speaker Configuration
Peripherals
      Logitech HID-Compliant Keyboard
         Device Kind   Keyboard
         Device Name   Logitech HID-Compliant Keyboard
         Vendor   Logitech
         Location   USB Input Device
            Driver
               Date   1-23-2007
               Version   3.30.0.0
               File   C:\Windows\system32\DRIVERS\kbdhid.sys
               File   C:\Windows\system32\DRIVERS\kbdclass.sys
      HID-compliant mouse
         Device Kind   Mouse
         Device Name   HID-compliant mouse
         Vendor   PixArt Imaging
         Location   USB Input Device
            Driver
               Date   6-21-2006
               Version   6.1.7600.16385
               File   C:\Windows\system32\DRIVERS\mouhid.sys
               File   C:\Windows\system32\DRIVERS\mouclass.sys
      Logitech HID-compliant Cordless Mouse
         Device Kind   Mouse
         Device Name   Logitech HID-compliant Cordless Mouse
         Vendor   Logitech
         Location   USB Input Device
            Driver
               Date   1-23-2007
               Version   3.30.0.0
               File   C:\Windows\system32\DRIVERS\LHidFilt.Sys
               File   C:\Windows\system32\DRIVERS\LMouFilt.Sys
               File   C:\Windows\KHALMNPR.Exe
               File   C:\Windows\system32\DRIVERS\mouhid.sys
               File   C:\Windows\system32\DRIVERS\mouclass.sys
               File   C:\Windows\system32\WdfCoInstaller01005.dll
      Disk drive
         Device Kind   USB storage
         Device Name   Disk drive
         Vendor   GENERIC-
         Comment   Generic- SM/xD-Picture USB Device
         Location   USB Mass Storage Device
            Driver
               Date   6-21-2006
               Version   6.1.7600.16385
               File   C:\Windows\system32\DRIVERS\disk.sys
      Disk drive
         Device Kind   USB storage
         Device Name   Disk drive
         Vendor   GENERIC-
         Comment   Generic- Compact Flash USB Device
         Location   USB Mass Storage Device
            Driver
               Date   6-21-2006
               Version   6.1.7600.16385
               File   C:\Windows\system32\DRIVERS\disk.sys
      Disk drive
         Device Kind   USB storage
         Device Name   Disk drive
         Vendor   GENERIC-
         Comment   Generic- MS/MS-Pro USB Device
         Location   USB Mass Storage Device
            Driver
               Date   6-21-2006
               Version   6.1.7600.16385
               File   C:\Windows\system32\DRIVERS\disk.sys
      Disk drive
         Device Kind   USB storage
         Device Name   Disk drive
         Vendor   GENERIC-
         Comment   Generic- SD/MMC USB Device
         Location   USB Mass Storage Device
            Driver
               Date   6-21-2006
               Version   6.1.7600.16385
               File   C:\Windows\system32\DRIVERS\disk.sys

8
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 03:41:38 PM »
Yup.

HP 6510. Quad core 630 processor. 4GB RAM. Desktop.

9
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 03:28:10 PM »
Oh, never saw the RAM question. Must've overlooked it. Yah, i have 4GB. The BIOS version i have is 6.05

10
Tech Clinic / Random Crashes with Blue screen error
« on: March 20, 2011, 10:29:52 AM »
Well, i just woke it up from sleep mode, no error. Waited like 20 minutes, no error. -.-

Either way, here are the OTL logs and if i remember correctly, the message would change between 3 things i think. Services or something.

OTL logfile created on: 3/20/2011 11:22:30 AM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Trey\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.92 Gb Total Space | 642.99 Gb Free Space | 93.61% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.20% Space Free | Partition Type: NTFS
 
Computer Name: TREY-HP | User Name: Trey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/03/20 11:21:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/17 14:03:44 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/08/20 09:24:14 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/06/03 15:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/03/20 11:21:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/11/04 21:58:01 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
MOD - [2010/11/04 21:58:00 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcp80.dll
MOD - [2007/01/30 02:08:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/02 11:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/30 04:55:06 | 003,739,080 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/08/20 09:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 09:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 19:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/27 04:48:28 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2010/06/21 18:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/14 14:54:30 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2010/03/10 12:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 11:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/02 10:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/19 17:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2007/01/23 15:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 15:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/11/04 01:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\HtsysmNT.sys -- (Htsysm)
DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2005/01/03 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/boards/942008-mario-kart-wii"
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/06 14:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/17 03:52:28 | 000,000,000 | ---D | M]
 
[2010/09/17 14:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trey\AppData\Roaming\Mozilla\Extensions
[2011/03/20 00:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trey\AppData\Roaming\Mozilla\Firefox\Profiles\ren8bj1a.default\extensions
[2010/09/17 15:16:07 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Trey\AppData\Roaming\Mozilla\Firefox\Profiles\ren8bj1a.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/17 03:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/17 09:03:14 | 000,051,360 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBFPlugin.dll
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/03/20 11:21:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
[2011/03/20 02:18:11 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011/03/20 02:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2011/03/20 02:17:33 | 000,000,000 | ---D | C] -- C:\Users\Trey\Desktop\Killer Instinct Gold
[2011/03/20 00:47:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Trey\Desktop\HijackThis.exe
[2011/03/17 17:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/03/17 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/17 16:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/17 16:56:53 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Google
[2011/03/17 16:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/03/17 16:54:21 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\RegistryTool
[2011/03/17 16:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryTool
[2011/03/17 04:42:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/03/17 04:30:18 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/03/17 04:30:18 | 000,048,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/03/17 04:30:12 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/03/17 04:30:09 | 005,563,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/03/17 04:30:08 | 003,715,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/17 04:30:08 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/03/17 04:30:08 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2011/03/17 04:30:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2011/03/17 04:30:06 | 003,215,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/17 04:30:04 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/03/17 04:30:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/03/17 04:30:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/03/17 04:30:02 | 002,314,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/03/17 04:30:01 | 014,633,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/03/17 04:30:01 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/03/17 04:30:00 | 004,120,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/03/17 04:30:00 | 003,205,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2011/03/17 04:30:00 | 001,731,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/03/17 04:30:00 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2011/03/17 04:29:59 | 003,008,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011/03/17 04:29:59 | 001,219,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2011/03/17 04:29:59 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2011/03/17 04:29:59 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2011/03/17 04:29:59 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2011/03/17 04:29:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2011/03/17 04:29:59 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2011/03/17 04:29:59 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2011/03/17 04:29:58 | 002,086,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011/03/17 04:29:58 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2011/03/17 04:29:57 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2011/03/17 04:29:56 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/03/17 04:29:55 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/03/17 04:29:55 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2011/03/17 04:29:55 | 001,340,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2011/03/17 04:29:55 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/03/17 04:29:54 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/03/17 04:29:54 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/03/17 04:29:54 | 001,753,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2011/03/17 04:29:53 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011/03/17 04:29:53 | 002,872,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/03/17 04:29:53 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/03/17 04:29:53 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2011/03/17 04:29:53 | 001,326,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NaturalLanguage6.dll
[2011/03/17 04:29:53 | 000,299,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2011/03/17 04:29:52 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/03/17 04:29:52 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/03/17 04:29:51 | 003,957,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2011/03/17 04:29:51 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/03/17 04:29:51 | 003,027,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2011/03/17 04:29:51 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2011/03/17 04:29:51 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2011/03/17 04:29:51 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/03/17 04:29:51 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2011/03/17 04:29:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/03/17 04:29:51 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpdd.dll
[2011/03/17 04:29:51 | 000,109,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/03/17 04:29:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/03/17 04:29:50 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2011/03/17 04:29:50 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/03/17 04:29:50 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/03/17 04:29:49 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuthFWSnapin.dll
[2011/03/17 04:29:49 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthFWSnapin.dll
[2011/03/17 04:29:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/03/17 04:29:49 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2011/03/17 04:29:49 | 000,867,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFolder.dll
[2011/03/17 04:29:48 | 003,391,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2011/03/17 04:29:48 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2011/03/17 04:29:47 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/03/17 04:29:47 | 001,456,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2011/03/17 04:29:47 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2011/03/17 04:29:46 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011/03/17 04:29:46 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2011/03/17 04:29:46 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/03/17 04:29:45 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d9.dll
[2011/03/17 04:29:45 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2011/03/17 04:29:45 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2011/03/17 04:29:45 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/17 04:29:45 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2011/03/17 04:29:45 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2011/03/17 04:29:45 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqmapi.dll
[2011/03/17 04:29:44 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/03/17 04:29:44 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2011/03/17 04:29:44 | 001,900,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2011/03/17 04:29:44 | 001,281,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\werconcpl.dll
[2011/03/17 04:29:44 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/03/17 04:29:44 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/03/17 04:29:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011/03/17 04:29:43 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2011/03/17 04:29:43 | 001,049,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/17 04:29:43 | 001,008,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2011/03/17 04:29:43 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/03/17 04:29:43 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/03/17 04:29:43 | 000,376,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/03/17 04:29:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/03/17 04:29:42 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2011/03/17 04:29:42 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2011/03/17 04:29:42 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/03/17 04:29:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2011/03/17 04:29:42 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2011/03/17 04:29:42 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsmf.dll
[2011/03/17 04:29:42 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2011/03/17 04:29:41 | 002,652,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2011/03/17 04:29:41 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2011/03/17 04:29:41 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2011/03/17 04:29:41 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/03/17 04:29:41 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2011/03/17 04:29:41 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2011/03/17 04:29:41 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2011/03/17 04:29:41 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2011/03/17 04:29:41 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2011/03/17 04:29:41 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2011/03/17 04:29:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmonui.dll
[2011/03/17 04:29:40 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2011/03/17 04:29:40 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2011/03/17 04:29:40 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2011/03/17 04:29:40 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2011/03/17 04:29:40 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011/03/17 04:29:40 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2011/03/17 04:29:40 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2011/03/17 04:29:40 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2011/03/17 04:29:40 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.exe
[2011/03/17 04:29:40 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2011/03/17 04:29:40 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2011/03/17 04:29:39 | 002,543,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2011/03/17 04:29:39 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2011/03/17 04:29:39 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Vault.dll
[2011/03/17 04:29:39 | 000,897,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2011/03/17 04:29:39 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2011/03/17 04:29:39 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2011/03/17 04:29:39 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/03/17 04:29:39 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/03/17 04:29:39 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmd.exe
[2011/03/17 04:29:39 | 000,281,600 | ---- | C] (Microsoft) -- C:\Windows\SysNative\DShowRdpFilter.dll
[2011/03/17 04:29:39 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsmf.dll
[2011/03/17 04:29:39 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QAGENT.DLL
[2011/03/17 04:29:39 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3api.dll
[2011/03/17 04:29:38 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/03/17 04:29:38 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2011/03/17 04:29:38 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/03/17 04:29:38 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2011/03/17 04:29:38 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2011/03/17 04:29:37 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2011/03/17 04:29:37 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2011/03/17 04:29:37 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/03/17 04:29:37 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Query.dll
[2011/03/17 04:29:37 | 001,190,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2011/03/17 04:29:37 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/03/17 04:29:37 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2011/03/17 04:29:37 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sxs.dll
[2011/03/17 04:29:37 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/03/17 04:29:37 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2011/03/17 04:29:37 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/03/17 04:29:37 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2011/03/17 04:29:37 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcbuilder.exe
[2011/03/17 04:29:37 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/17 04:29:37 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgprint.dll
[2011/03/17 04:29:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/03/17 04:29:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/03/17 04:29:36 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2011/03/17 04:29:36 | 001,158,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webservices.dll
[2011/03/17 04:29:36 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2011/03/17 04:29:36 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2011/03/17 04:29:36 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/03/17 04:29:36 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2011/03/17 04:29:36 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2011/03/17 04:29:36 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/03/17 04:29:36 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2011/03/17 04:29:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3api.dll
[2011/03/17 04:29:36 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/03/17 04:29:35 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011/03/17 04:29:35 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2011/03/17 04:29:35 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2011/03/17 04:29:35 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2011/03/17 04:29:35 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2011/03/17 04:29:35 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2011/03/17 04:29:35 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2011/03/17 04:29:35 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2011/03/17 04:29:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/03/17 04:29:35 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011/03/17 04:29:35 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpnike.dll
[2011/03/17 04:29:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2011/03/17 04:29:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mcbuilder.exe
[2011/03/17 04:29:35 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prncache.dll
[2011/03/17 04:29:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2011/03/17 04:29:34 | 002,262,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2011/03/17 04:29:34 | 001,082,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2011/03/17 04:29:34 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011/03/17 04:29:34 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2011/03/17 04:29:34 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2011/03/17 04:29:34 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2011/03/17 04:29:34 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.exe
[2011/03/17 04:29:34 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2011/03/17 04:29:34 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2011/03/17 04:29:33 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2011/03/17 04:29:33 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2011/03/17 04:29:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2011/03/17 04:29:33 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/03/17 04:29:33 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fde.dll
[2011/03/17 04:29:32 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2011/03/17 04:29:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2011/03/17 04:29:32 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2011/03/17 04:29:32 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2011/03/17 04:29:31 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localsec.dll
[2011/03/17 04:29:31 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2011/03/17 04:29:31 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netdiagfx.dll
[2011/03/17 04:29:31 | 000,298,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2011/03/17 04:29:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011/03/17 04:29:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2011/03/17 04:29:31 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2011/03/17 04:29:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/03/17 04:29:30 | 002,746,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2011/03/17 04:29:30 | 001,050,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2011/03/17 04:29:30 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2011/03/17 04:29:30 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspbda.dll
[2011/03/17 04:29:30 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biocpl.dll
[2011/03/17 04:29:30 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2011/03/17 04:29:30 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2011/03/17 04:29:30 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2011/03/17 04:29:30 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2011/03/17 04:29:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QSHVHOST.DLL
[2011/03/17 04:29:30 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netid.dll
[2011/03/17 04:29:30 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2011/03/17 04:29:30 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/03/17 04:29:29 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2011/03/17 04:29:29 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbghelp.dll
[2011/03/17 04:29:29 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2011/03/17 04:29:29 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011/03/17 04:29:29 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2011/03/17 04:29:29 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2011/03/17 04:29:29 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/03/17 04:29:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2011/03/17 04:29:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/03/17 04:29:29 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2011/03/17 04:29:29 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2011/03/17 04:29:29 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\credui.dll
[2011/03/17 04:29:29 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2011/03/17 04:29:29 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2011/03/17 04:29:29 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitagent.exe
[2011/03/17 04:29:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2011/03/17 04:29:28 | 003,211,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2011/03/17 04:29:28 | 000,934,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallControlPanel.dll
[2011/03/17 04:29:28 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2011/03/17 04:29:28 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2011/03/17 04:29:28 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXP.dll
[2011/03/17 04:29:28 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011/03/17 04:29:28 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2011/03/17 04:29:28 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2011/03/17 04:29:28 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2011/03/17 04:29:28 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/03/17 04:29:28 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/03/17 04:29:28 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2011/03/17 04:29:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetapi.dll
[2011/03/17 04:29:27 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011/03/17 04:29:27 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2011/03/17 04:29:27 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2011/03/17 04:29:27 | 000,780,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2011/03/17 04:29:27 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2011/03/17 04:29:27 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2011/03/17 04:29:27 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2011/03/17 04:29:27 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2011/03/17 04:29:27 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/03/17 04:29:27 | 000,263,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2011/03/17 04:29:27 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2011/03/17 04:29:27 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cfgmgr32.dll
[2011/03/17 04:29:27 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/03/17 04:29:27 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/03/17 04:29:27 | 000,128,000 | ---- | C] (Microsoft) -- C:\Windows\SysNative\Robocopy.exe
[2011/03/17 04:29:27 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
[2011/03/17 04:29:27 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys
[2011/03/17 04:29:26 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2011/03/17 04:29:26 | 002,494,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2011/03/17 04:29:26 | 001,457,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxpTaskSync.dll
[2011/03/17 04:29:26 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2011/03/17 04:29:26 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2011/03/17 04:29:26 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\puiobj.dll
[2011/03/17 04:29:26 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2011/03/17 04:29:26 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2011/03/17 04:29:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011/03/17 04:29:26 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2011/03/17 04:29:26 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prncache.dll
[2011/03/17 04:29:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2011/03/17 04:29:25 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msi.dll
[2011/03/17 04:29:25 | 001,363,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2011/03/17 04:29:25 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/03/17 04:29:25 | 000,932,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2011/03/17 04:29:25 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2011/03/17 04:29:25 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXPTaskRingtone.dll
[2011/03/17 04:29:25 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2011/03/17 04:29:25 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2011/03/17 04:29:25 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2011/03/17 04:29:25 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2011/03/17 04:29:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/03/17 04:29:25 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2011/03/17 04:29:25 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2011/03/17 04:29:25 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\net1.exe
[2011/03/17 04:29:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2011/03/17 04:29:24 | 002,621,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2011/03/17 04:29:24 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2011/03/17 04:29:24 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2011/03/17 04:29:24 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdengin2.dll
[2011/03/17 04:29:24 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2011/03/17 04:29:24 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011/03/17 04:29:24 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiadefui.dll
[2011/03/17 04:29:24 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2011/03/17 04:29:24 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2011/03/17 04:29:24 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2011/03/17 04:29:24 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MMDevAPI.dll
[2011/03/17 04:29:24 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\QSHVHOST.DLL
[2011/03/17 04:29:24 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2011/03/17 04:29:24 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/03/17 04:29:24 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QUTIL.DLL
[2011/03/17 04:29:24 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2011/03/17 04:29:24 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/03/17 04:29:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samcli.dll
[2011/03/17 04:29:24 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/03/17 04:29:23 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2011/03/17 04:29:23 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2011/03/17 04:29:23 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2011/03/17 04:29:23 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webservices.dll
[2011/03/17 04:29:23 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2011/03/17 04:29:23 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TabletPC.cpl
[2011/03/17 04:29:23 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2011/03/17 04:29:23 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2011/03/17 04:29:23 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2011/03/17 04:29:23 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2011/03/17 04:29:23 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2011/03/17 04:29:23 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netdiagfx.dll
[2011/03/17 04:29:23 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fde.dll
[2011/03/17 04:29:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/03/17 04:29:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcl.exe
[2011/03/17 04:29:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2011/03/17 04:29:23 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/03/17 04:29:22 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hgcpl.dll
[2011/03/17 04:29:22 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clusapi.dll
[2011/03/17 04:29:22 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msconfig.exe
[2011/03/17 04:29:22 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2011/03/17 04:29:22 | 000,166,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2011/03/17 04:29:22 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSCard.dll
[2011/03/17 04:29:22 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdeploy.dll
[2011/03/17 04:29:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsmproxy.dll
[2011/03/17 04:29:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2011/03/17 04:29:21 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2011/03/17 04:29:21 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/03/17 04:29:21 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WFS.exe
[2011/03/17 04:29:21 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2011/03/17 04:29:21 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2011/03/17 04:29:21 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2011/03/17 04:29:21 | 000,633,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2011/03/17 04:29:21 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXPTaskRingtone.dll
[2011/03/17 04:29:21 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2011/03/17 04:29:21 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2011/03/17 04:29:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logoncli.dll
[2011/03/17 04:29:21 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/03/17 04:29:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winsta.dll
[2011/03/17 04:29:21 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2011/03/17 04:29:21 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RpcRtRemote.dll
[2011/03/17 04:29:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2011/03/17 04:29:21 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/03/17 04:29:20 | 002,250,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SensorsCpl.dll
[2011/03/17 04:29:20 | 002,193,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2011/03/17 04:29:20 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2011/03/17 04:29:20 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Narrator.exe
[2011/03/17 04:29:20 | 000,668,160 | ---- |

11
Tech Clinic / Random Crashes with Blue screen error
« on: March 19, 2011, 11:50:02 PM »
Hello, i'm back again only this time, it's on a new HP computer 6510y. I bought this in September of last year and just a few days ago i get random crashes with the blue screen error message saying how the system has been shut down to prevent damage. I'm not sure what's causing this so i'm coming here to see if the problem can be fixed. Also, if i put it in sleep mode, it seems to have a 50% chance of waking up like it's supposed to while the other 50% chance will just cause it to either wake up but nothing appears on the screen or it wakes up then within 1-3 minutes crash happens. Here's the log file for Hijack this.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:19 AM, on 3/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Trey\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8951 bytes

12
Tech Clinic / Computer doesnt open programs
« on: May 19, 2010, 09:48:35 PM »
Alright, will do. Thanks a lot. =]

13
Tech Clinic / Computer doesnt open programs
« on: May 19, 2010, 09:35:56 PM »
Everything is still running great. Here's the log file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:57 PM, on 5/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ip34.208-100-40.static.steadfast.net:80
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} (CsLauncher Class) - http://hb.getamped.com/start/CsLauncher.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

--
End of file - 7071 bytes

14
Tech Clinic / Computer doesnt open programs
« on: May 18, 2010, 11:48:51 PM »
Everything is running excellent. No more random delays in opening programs, task bar stays windows xp and doesnt revert to 97 on startup, sound device always stays on and isn't randomly gone for no reason. =]

First log is OTL.Txt. Second one is the Extra.Txt

OTL logfile created on: 5/19/2010 12:40:30 AM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 641.00 Mb Available Physical Memory | 63.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.15 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DELL-DKW8UT4OOH
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/05/19 00:39:17 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/21 21:42:26 | 001,291,600 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/02/21 21:40:06 | 002,726,000 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/02/21 21:39:04 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/19 00:39:17 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/11/06 17:08:30 | 000,106,496 | ---- | M] (Nektra S.A.) -- C:\Program Files\Sunbelt Software\VIPRE\oehook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/05/09 08:31:28 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai)
SRV - [2010/02/21 21:40:06 | 002,726,000 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/02/21 21:39:04 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/12/16 13:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/04 04:31:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/02/21 20:30:04 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/02/21 20:30:04 | 000,085,080 | ---- | M] (Sunbelt Software, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2010/01/05 04:40:38 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/05 04:40:38 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/10/14 03:39:40 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/06/08 22:52:27 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\obx4sn8o.sys -- (PCIEDump)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/04/10 01:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ip34.208-100-40.static.steadfast.net:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {61FD08D8-A2CB-46c0-B36D-3F531AC53C12}:1.3.2009110201
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/17 22:53:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/17 14:57:19 | 000,000,000 | ---D | M]
 
[2009/06/18 03:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/02/09 16:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions
[2009/02/09 16:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/05/18 22:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6019aqja.default\extensions
[2009/09/16 21:26:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6019aqja.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/11 13:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6019aqja.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
[2010/01/28 00:38:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6019aqja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/11 13:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6019aqja.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/05/18 22:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/17 14:57:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/17 14:56:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/30 19:36:01 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
 
O1 HOSTS File: ([2010/05/17 00:50:20 | 000,394,529 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1            activate.adobe.com
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 13650 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} http://hb.getamped.com/start/CsLauncher.cab (CsLauncher Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/28 17:13:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/05/19 00:38:48 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/18 23:45:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/18 23:45:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/18 23:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/18 23:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/18 23:34:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/05/18 23:31:03 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/05/18 13:15:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/18 13:10:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/18 13:10:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/18 13:10:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/18 13:10:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/18 13:10:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/18 13:08:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/17 23:21:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/17 23:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/17 14:57:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/17 14:57:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/17 14:57:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/17 14:57:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/17 02:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/17 02:38:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/17 02:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/17 01:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/16 22:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/16 22:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/16 22:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/16 22:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2010/05/15 04:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe(2)
[2010/05/15 02:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/05/15 02:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/15 01:50:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/15 01:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/09 17:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2010/05/07 02:37:51 | 000,000,000 | ---D | C] -- C:\UFORIA
[2010/05/05 16:39:18 | 561,296,518 | ---- | C] (Hanbitsoft Corp.) -- C:\Documents and Settings\Administrator\Desktop\CamonHeroSetup_USA_20100423.exe
[2010/05/04 13:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/19 14:35:26 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/04/19 14:35:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/04/19 14:35:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/04/19 14:35:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010/05/19 00:39:17 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/05/18 23:45:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 23:44:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/18 23:42:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 23:42:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 23:41:41 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/05/18 23:41:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/18 23:35:03 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/05/18 23:31:34 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/05/18 21:56:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/18 13:15:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/18 13:08:12 | 003,690,693 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/05/18 01:21:14 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/05/18 01:20:02 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/05/17 23:50:26 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/05/17 14:56:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/17 14:56:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/17 14:56:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/17 14:56:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/17 14:56:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/17 00:50:20 | 000,394,529 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/17 00:50:19 | 000,394,566 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100517-005020.backup
[2010/05/17 00:50:18 | 000,394,599 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100517-005019.backup
[2010/05/16 23:08:20 | 000,394,643 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100517-005018.backup
[2010/05/16 22:32:51 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/15 04:21:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 12:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/07 02:44:16 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camon Hero.lnk
[2010/05/05 16:57:47 | 561,296,518 | ---- | M] (Hanbitsoft Corp.) -- C:\Documents and Settings\Administrator\Desktop\CamonHeroSetup_USA_20100423.exe
[2010/05/02 23:17:11 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/20 01:05:32 | 000,028,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/20 01:04:09 | 002,028,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010/05/18 23:45:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 13:15:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/18 13:15:27 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/18 13:10:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/18 13:10:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/18 13:10:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/18 13:10:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/18 13:10:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/18 13:08:12 | 003,690,693 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/05/18 01:20:21 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/05/18 01:20:01 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/05/11 13:35:54 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/05/07 02:44:15 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camon Hero.lnk
[2010/01/21 23:44:05 | 000,141,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys
[2009/10/25 17:33:03 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/23 02:26:37 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/08 22:52:27 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\obx4sn8o.dll
[2009/06/08 22:52:27 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\obx4sn8o.sys
[2009/06/07 00:04:00 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/06/06 23:55:13 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/17 19:34:53 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2008/11/23 20:05:30 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/11/03 13:45:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/28 18:03:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/19 03:24:18 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2004/02/19 03:24:18 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613
< End of report >




OTL Extras logfile created on: 5/19/2010 12:40:30 AM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 641.00 Mb Available Physical Memory | 63.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.15 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DELL-DKW8UT4OOH
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"59065:TCP" = 59065:TCP:*:Enabled:Pando Media Booster
"59065:UDP" = 59065:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"59065:TCP" = 59065:TCP:*:Enabled:Pando Media Booster
"59065:UDP" = 59065:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58966:TCP" = 58966:TCP:*:Enabled:Pando Media Booster
"58966:UDP" = 58966:UDP:*:Enabled:Pando Media Booster
"56069:TCP" = 56069:TCP:*:Enabled:Pando Media Booster
"56069:UDP" = 56069:UDP:*:Enabled:Pando Media Booster
"1051:TCP" = 1051:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe" = C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe -- ()
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E66803D6-028C-452E-9A25-53BC64589FBE}" = VIPRE Antivirus
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Camon Hero" = Camon Hero
"CCleaner" = CCleaner
"Graboid Video" = Graboid Video 1.71
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"middle_man" = middle_man
"mIRC" = mIRC
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"StepMania" = StepMania (remove only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/18/2010 9:41:54 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 9:41:54 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:11:58 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:11:58 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:29:55 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:29:55 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:42:39 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:42:39 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:42:39 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 5/18/2010 11:42:39 PM | Computer Name = DELL-DKW8UT4OOH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
[ System Events ]
Error - 5/17/2010 11:54:33 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The Task Scheduler service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 5/17/2010 11:54:33 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The Shell Hardware Detection service terminated unexpectedly.  It
has done this 1 time(s).
 
Error - 5/17/2010 11:54:33 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly.  It has done this 1 time(s).
  The following corrective action will be taken in 60000 milliseconds: Restart the
 service.
 
Error - 5/17/2010 11:54:33 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The Wireless Zero Configuration service terminated unexpectedly.  
It has done this 1 time(s).
 
Error - 5/17/2010 11:54:33 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 5/18/2010 9:33:15 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 5/18/2010 11:38:55 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 5/18/2010 11:39:03 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The SB Recovery Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 5/18/2010 11:39:39 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The VIPRE Antivirus service terminated unexpectedly.  It has done
this 1 time(s).
 
Error - 5/18/2010 11:44:45 PM | Computer Name = DELL-DKW8UT4OOH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >

15
Tech Clinic / Computer doesnt open programs
« on: May 18, 2010, 11:12:49 PM »
Here's MBAM's log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4116

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/19/2010 12:12:39 AM
mbam-log-2010-05-19 (00-12-39).txt

Scan type: Quick scan
Objects scanned: 192273
Time elapsed: 24 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

16
Tech Clinic / Computer doesnt open programs
« on: May 18, 2010, 09:06:12 PM »
Sorry for the late reply. I just got home. Anyway, here is the log Combofix gave me.

ComboFix 10-05-16.06 - Administrator 05/18/2010  21:31:04.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.639 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000102_.tmp.dll
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe
c:\windows\system32\UACaccwfdut.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACvuusustu.log
c:\windows\wiaserviv.log

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
.
(((((((((((((((((((((((((   Files Created from 2010-04-19 to 2010-05-19  )))))))))))))))))))))))))))))))
.

2010-05-18 17:08 . 2010-05-18 17:10   --------   d-----w-   C:\32788R22FWJFW
2010-05-18 05:20 . 2010-05-18 05:20   388096   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-18 03:02 . 2010-05-18 03:02   --------   d-----w-   c:\program files\CCleaner
2010-05-18 02:52 . 2010-05-18 02:52   --------   d-----w-   c:\documents and settings\Athrin\Local Settings\Application Data\Mozilla
2010-05-18 02:47 . 2010-05-18 02:47   28888   ----a-w-   c:\documents and settings\Athrin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 02:47 . 2010-05-18 02:47   --------   d-----w-   c:\documents and settings\Athrin\Application Data\Logitech
2010-05-18 02:47 . 2010-05-18 02:47   --------   d-----w-   c:\documents and settings\Athrin\Local Settings\Application Data\ATI
2010-05-18 02:47 . 2010-05-18 02:47   --------   d-----w-   c:\documents and settings\Athrin\Application Data\ATI
2010-05-18 02:45 . 2009-12-19 00:56   --------   d-----w-   c:\documents and settings\Athrin\Local Settings\Application Data\Adobe
2010-05-17 18:57 . 2010-05-17 18:56   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-17 06:38 . 2010-05-17 06:38   --------   d-----w-   c:\windows\SxsCaPendDel
2010-05-17 02:37 . 2010-05-17 02:37   --------   d-----w-   c:\program files\Trend Micro
2010-05-17 02:12 . 2010-05-17 06:45   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-05-17 02:12 . 2010-05-17 06:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-17 02:08 . 2010-05-17 07:07   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware(2)
2010-05-15 08:07 . 2010-05-17 06:47   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Adobe(2)
2010-05-15 06:38 . 2010-05-15 06:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-15 06:37 . 2010-05-15 06:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 05:50 . 2010-05-15 05:51   --------   d-----w-   c:\windows\system32\NtmsData
2010-05-09 21:42 . 2010-05-09 21:42   --------   d-----w-   c:\documents and settings\Administrator\Application Data\dvdcss
2010-05-07 06:37 . 2010-05-07 06:37   --------   d-----w-   C:\UFORIA
2010-05-04 17:21 . 2010-05-04 17:21   --------   d-----w-   c:\program files\MSXML 4.0
2010-04-19 18:35 . 2010-02-04 14:01   74072   ----a-w-   c:\windows\system32\XAPOFX1_4.dll
2010-04-19 18:35 . 2010-02-04 14:01   528216   ----a-w-   c:\windows\system32\XAudio2_6.dll
2010-04-19 18:35 . 2010-02-04 14:01   238936   ----a-w-   c:\windows\system32\xactengine3_6.dll
2010-04-19 18:35 . 2010-02-04 14:01   22360   ----a-w-   c:\windows\system32\X3DAudio1_7.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 01:22 . 2009-11-18 20:40   --------   d-----w-   c:\program files\Common Files\Akamai
2010-05-18 02:46 . 2010-05-18 02:46   --------   d-----w-   c:\documents and settings\Athrin\Application Data\Sunbelt
2010-05-17 19:01 . 2008-11-19 04:28   --------   d-----w-   c:\program files\Common Files\Java
2010-05-17 18:56 . 2008-11-19 04:28   --------   d-----w-   c:\program files\Java
2010-05-17 05:08 . 2010-02-05 07:46   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Skype
2010-05-17 04:07 . 2009-01-21 03:46   --------   d-----w-   c:\documents and settings\Administrator\Application Data\skypePM
2010-05-09 23:39 . 2010-02-16 06:20   --------   d-----w-   c:\documents and settings\Administrator\Application Data\vlc
2010-05-04 04:33 . 2008-11-03 18:27   --------   d-----w-   c:\documents and settings\Administrator\Application Data\mIRC
2010-05-04 04:32 . 2008-11-03 18:27   --------   d-----w-   c:\program files\mIRC
2010-04-20 05:05 . 2008-11-04 22:02   28888   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-17 02:18 . 2007-09-28 21:50   --------   d-----w-   c:\program files\Common Files\Adobe
2010-04-17 02:15 . 2008-11-03 17:49   --------   d-----w-   c:\program files\Logitech
2010-04-16 22:03 . 2010-04-16 22:03   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Sunbelt
2010-04-16 21:54 . 2010-04-16 21:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sunbelt
2010-04-16 21:39 . 2010-04-16 21:39   --------   d-----w-   c:\program files\Sunbelt Software
2010-03-28 04:42 . 2010-03-28 04:42   --------   d-----w-   c:\program files\Common Files\Skype
2010-03-22 05:26 . 2009-05-17 00:41   --------   d-----w-   c:\documents and settings\Administrator\Application Data\MozillaControl
2010-03-20 05:55 . 2007-09-28 21:26   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-03-11 12:38 . 2006-06-23 16:33   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-23 05:06   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-03-31 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-03-31 12:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2003-03-31 12:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 01:39 . 2010-02-22 01:39   27984   ----a-w-   c:\windows\system32\sbbd.exe
2010-02-22 00:30 . 2010-04-16 21:39   85080   ----a-w-   c:\windows\system32\drivers\sbhips.sys
2010-02-22 00:30 . 2010-04-16 21:39   204632   ----a-w-   c:\windows\system32\drivers\sbtis.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-30 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-24 335872]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-3 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42   72208   ----a-w-   c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"59065:TCP"= 59065:TCP:Pando Media Booster
"59065:UDP"= 59065:UDP:Pando Media Booster
"58966:TCP"= 58966:TCP:Pando Media Booster
"58966:UDP"= 58966:UDP:Pando Media Booster
"56069:TCP"= 56069:TCP:Pando Media Booster
"56069:UDP"= 56069:UDP:Pando Media Booster

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/16/2010 6:08 PM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/16/2010 5:39 PM 204632]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/31/2003 8:00 AM 14336]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/16/2010 6:08 PM 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/16/2010 5:39 PM 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
S2 PCIEDump;PCIEDump;c:\windows\system32\drivers\obx4sn8o.sys [6/8/2009 10:52 PM 4096]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/27/2008 3:09 PM 16512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva226;XDva226;\??\c:\windows\system32\XDva226.sys --> c:\windows\system32\XDva226.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva295;XDva295;\??\c:\windows\system32\XDva295.sys --> c:\windows\system32\XDva295.sys [?]
S3 XDva319;XDva319;\??\c:\windows\system32\XDva319.sys --> c:\windows\system32\XDva319.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = ip34.208-100-40.static.steadfast.net:80
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6019aqja.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 21:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xF7AB1000]<< >>UNKNOWN [0xF7821000]<< >>UNKNOWN [0xF7811000]<< >>UNKNOWN [0xF7724000]<< >>UNKNOWN [0x806EE000]<< >>UNKNOWN [0xF7DA9000]<< >>UNKNOWN [0xF7A61000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xf7825f28
\Driver\ACPI -> 0xf7798cb8
\Driver\atapi -> 0xf772a852
IoDeviceObjectType -> DeleteProcedure -> 0x805a0615
 ParseProcedure -> 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x805a0615
 ParseProcedure -> 0x8056c3ac
NDIS: Intel(R) PRO/1000 MT Network Connection -> SendCompleteHandler -> 0xf7623bb0
 PacketIndicateHandler -> 0xf7630a21
 SendHandler -> 0xf760e87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-1532298954-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,dc,dd,6d,f8,51,5d,45,b2,2f,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,dc,dd,6d,f8,51,5d,45,b2,2f,c0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2010-05-18  22:04:34
ComboFix-quarantined-files.txt  2010-05-19 02:04

Pre-Run: 20,176,429,056 bytes free
Post-Run: 21,517,680,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,4,5,6
- - End Of File - - CC343CDA71B39237A566ABAF646507C1

17
Tech Clinic / Computer doesnt open programs
« on: May 18, 2010, 12:29:46 AM »
A kind of misleading topic title but it's the only one short enough to fit this. Basically, what happens is i start up my computer, it loads windows normally, then gets to my desktop and once there, after about 10 seconds the desktop disappears then reappears and reverts back to windows 97 look even though i have windows XP. (the task bar changes to that at least. the whole gray look.) My programs and shortcuts are all the same. Desktop doesnt change but the taskbar does. Another thing that happens is my sound device goes kaboom. The little icon at the bottom right disappears. If i go to control panel>sounds and audio devices it says "No audio device" To get my sound back, i have to uninstall it then reinstall and it works. I shouldn't have to do that every time i restart my computer or turn it on. Also, it just recently stopped working entirely even after uninstall/reinstall. I click a song to play on WMP and it asks me to install a codec it. I do it, sound plays. I go to youtube, click a random video, no sound at all. This just started 10 minutes ago. And lastly, after my computer has been on between 30 minutes to xx hours, programs like Task manager, a game i have, display for desktop settings, windows media player, and some .exe files will not open. And if they do decide to open, it's normally 10-20 minutes later AFTER i've selected that particular program or document to open. I don't know what could be causing this. I've tried system restore, last known good configuration, ran malware, spyware, and virus scans, things came up yes but it did not solve my problem. I've been here before about some computer problems i've had and guestolo helped out a lot. I'm now back asking for help again. Here is my latest Hijackthis log. Hopefully you can again help me. ^^

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:41 AM, on 5/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ip34.208-100-40.static.steadfast.net:80
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} (CsLauncher Class) - http://hb.getamped.com/start/CsLauncher.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: VIPRE Antivirus (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

--
End of file - 8315 bytes

18
Tech Clinic / Background Showing Scamware
« on: September 20, 2008, 01:27:42 PM »
Pretty good.

I think i figured out the problem. It was my RAM in the computer that caused it to shutdown like that. Might have been bad memory or something. But it hasn't shut off for 3 days now. =]

19
Tech Clinic / Background Showing Scamware
« on: September 16, 2008, 01:29:29 PM »
Alright, here it is.

20
Tech Clinic / Background Showing Scamware
« on: September 15, 2008, 11:58:05 PM »
File/Folder C:\WINDOWS\system32\prio.dll not found.
C:\WINDOWS\system32\prio.ini moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09172008_011753




ComboFix 08-09-15.02 - Administrator 2008-09-17  1:20:55.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\My Documents\Installations\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-08-17 to 2008-09-17  )))))))))))))))))))))))))))))))
.

2008-09-17 01:17 . 2008-09-17 01:17   <DIR>   d--------   C:\_OTMoveIt
2008-09-17 00:54 . 2008-09-17 00:55   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-09-16 21:59 . 2008-09-16 21:59   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 21:59 . 2008-09-16 21:59   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 21:59 . 2008-09-16 21:59   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-16 21:59 . 2008-09-08 00:11   38,528   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 21:59 . 2008-09-08 00:11   17,200   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 21:51 . 2008-09-16 21:51   <DIR>   d--------   C:\WINDOWS\system32\xircom
2008-09-16 21:51 . 2008-09-16 21:51   <DIR>   d--------   C:\Program Files\microsoft frontpage
2008-09-16 21:47 . 2008-09-16 21:47   578,560   --a------   C:\WINDOWS\system32\dllcache\user32.dll
2008-09-16 21:46 . 2008-09-16 21:47   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-09-16 15:41 . 2008-09-16 15:41   <DIR>   d--------   C:\mGame
2008-09-16 15:41 . 2008-09-16 15:41   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-09-15 22:44 . 2001-08-17 22:36   8,704   --a------   C:\WINDOWS\system32\kbdjpn.dll
2008-09-15 22:44 . 2001-08-17 22:36   8,192   --a------   C:\WINDOWS\system32\kbdkor.dll
2008-09-15 22:44 . 2008-03-21 01:33   6,144   --a------   C:\WINDOWS\system32\kbd106.dll
2008-09-15 22:44 . 2001-08-17 14:55   6,144   --a------   C:\WINDOWS\system32\kbd101c.dll
2008-09-15 22:44 . 2001-08-17 14:55   6,144   --a------   C:\WINDOWS\system32\kbd101b.dll
2008-09-15 22:44 . 2001-08-17 14:55   5,632   --a------   C:\WINDOWS\system32\kbd103.dll
2008-09-15 22:43 . 2008-09-15 22:44   <DIR>   d--------   C:\WINDOWS\CAVTemp
2008-09-15 17:12 . 2008-09-17 01:08   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-09-15 15:34 . 2008-09-15 15:34   <DIR>   d--------   C:\Program Files\WiFiConnector
2008-09-15 15:31 . 2008-09-15 15:31   <DIR>   d--------   C:\Program Files\CA
2008-09-15 15:31 . 2008-09-15 15:31   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CA
2008-09-15 15:31 . 2008-09-15 15:32   880,560   --a------   C:\WINDOWS\system32\drivers\vetefile.sys
2008-09-15 15:31 . 2008-09-15 15:32   108,368   --a------   C:\WINDOWS\system32\drivers\veteboot.sys
2008-09-15 15:31 . 2008-01-11 21:30   99,592   --a------   C:\WINDOWS\system32\isafeif.dll
2008-09-15 15:31 . 2008-09-15 15:32   91,376   --a------   C:\WINDOWS\system32\isafprod.dll
2008-09-15 15:31 . 2008-01-11 21:30   83,256   --a------   C:\WINDOWS\system32\vetredir.dll
2008-09-15 15:31 . 2008-09-15 15:32   32,240   --a------   C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-15 15:31 . 2008-09-15 15:32   26,352   --a------   C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-15 15:31 . 2008-09-15 15:32   21,488   --a------   C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-15 15:31 . 2008-09-15 15:32   21,104   --a------   C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-15 15:29 . 2008-09-15 15:29   <DIR>   d--------   C:\WINDOWS\Logs
2008-09-15 15:28 . 2008-09-15 15:28   <DIR>   d--------   C:\Program Files\Sun
2008-09-15 15:28 . 2008-09-15 15:28   <DIR>   d--------   C:\Program Files\Java
2008-09-15 15:28 . 2008-09-15 15:28   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-09-15 15:28 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-15 15:26 . 2008-09-15 15:27   <DIR>   d--------   C:\Program Files\LimeWire
2008-09-15 15:26 . 2008-09-15 15:29   <DIR>   d--------   C:\Program Files\Direct X
2008-09-15 10:18 . 2008-09-15 10:18   <DIR>   d--------   C:\Program Files\Ventrilo
2008-09-15 10:18 . 2008-09-15 10:18   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-09-15 10:17 . 2008-09-15 10:17   <DIR>   d--------   C:\Program Files\mIRC
2008-09-15 10:17 . 2008-09-15 10:17   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\mIRC
2008-09-15 10:13 . 2008-09-15 10:13   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Logitech
2008-09-15 10:13 . 2008-09-15 10:13   127,034   -r-------   C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-09-15 10:12 . 2008-09-15 10:13   <DIR>   d--------   C:\Program Files\Logitech
2008-09-15 10:12 . 2008-09-15 10:12   <DIR>   d--------   C:\Program Files\Common Files\Logitech
2008-09-15 10:12 . 2008-09-15 10:12   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Logitech
2008-09-15 10:08 . 2008-09-15 15:45   <DIR>   d--------   C:\Program Files\middle_man
2008-09-15 10:06 . 2008-09-15 10:06   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Aim
2008-09-15 10:05 . 2008-09-15 15:38   <DIR>   d--------   C:\Program Files\Viewpoint
2008-09-15 10:05 . 2008-09-15 10:05   <DIR>   d--------   C:\Program Files\AOD
2008-09-15 10:05 . 2008-09-15 10:08   <DIR>   d--------   C:\Program Files\AIM
2008-09-15 10:05 . 2004-02-25 08:05   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-09-15 10:01 . 2008-03-20 14:39   32,128   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-15 10:01 . 2008-03-20 20:36   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2008-09-15 10:01 . 2008-03-20 14:32   14,592   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-15 10:01 . 2001-08-17 08:48   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-15 10:01 . 2008-03-20 14:38   10,368   --a------   C:\WINDOWS\system32\drivers\hidusb.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 19:41   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-16 00:51   507,904   ----a-w   C:\WINDOWS\system32\winlogon.exe
2008-09-16 00:51   295,424   ----a-w   C:\WINDOWS\system32\termsrv.dll
2008-09-15 14:12   0   ---ha-w   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-15 14:12   0   ---ha-w   C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-09-15 14:12   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-09-15 14:11   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-09-15 12:54   ---------   d---a-w   C:\Program Files\(HDTune)
2008-09-15 12:46   ---------   d-----w   C:\Program Files\Nero
2008-09-15 12:41   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-09-15 12:41   ---------   d-----w   C:\Program Files\Microsoft ActiveSync
2008-09-15 12:38   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\Talkback
2008-09-15 12:34   ---------   d-----w   C:\Program Files\office 2003 pro
2008-09-15 12:30   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-09-15 12:29   ---------   d-----w   C:\Program Files\Common Files\Adobe Systems Shared
2008-09-15 12:29   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-15 12:25   ---------   d-----w   C:\Program Files\Analog Devices
2008-09-15 12:24   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\U3
2008-09-15 11:56   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-09-15 11:53   ---------   d-----w   C:\Program Files\Opera
2008-07-31 14:41   68,616   ----a-w   C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 14:41   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 14:40   509,448   ----a-w   C:\WINDOWS\system32\XAudio2_2.dll
2008-07-19 02:10   94,920   ----a-w   C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10   53,448   ----a-w   C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-19 02:10   36,552   ----a-w   C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09   563,912   ----a-w   C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09   325,832   ----a-w   C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09   205,000   ----a-w   C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09   1,811,656   ----a-w   C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-12 12:18   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 12:18   3,851,784   ----a-w   C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 12:18   1,493,528   ----a-w   C:\WINDOWS\system32\D3DCompiler_39.dll
.

------- Sigcheck -------

2008-06-20 06:45  360320  2a5554fc5b1e04e131230e3ce035c3f9   C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
2008-06-20 06:44  360960  744e57c99232201ae98c49168b918f48   C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys
2008-06-20 07:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
2008-06-20 07:59  361600  ad978a1b783b5719720cff204b666c8e   C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
2008-05-03 08:00  361344  37d8387cbd4437c55f454209be10ef11   C:\WINDOWS\system32\drivers\tcpip.sys

2008-09-15 20:51  507904  a8f7ab40d4b2478fdcb4adc1291a9d52   C:\WINDOWS\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2006-08-01 67112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-05-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-09-15 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-15 234736]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-15 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-09-15 688128]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-09-15 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=


*Newly Created Service* - PROCEXP90
*Newly Created Service* - SR
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v85yoeek.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.myspace.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 01:25:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\prio.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\prio.dll
.
Completion time: 2008-09-17  1:28:22
ComboFix-quarantined-files.txt  2008-09-17 05:27:54

Pre-Run: 32,402,165,760 bytes free
Post-Run: 32,393,220,096 bytes free

203

Pages: [1] 2 3 4