Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Error code 0000001a and other problems


  • Please log in to reply

#1
Oyml

Oyml

    Member

  • Member
  • PipPip
  • 35 posts
My system is currently having some problems, and I'm not sure how to go about tracking down the cause. Right now, I'm getting a couple of consistent errors:

1) I'm getting periodic blue screen stop errors. These have varied from a full day after rebooting to only a few hours after rebooting. I thing many of them were caused by a faulty monitor driver since these started right after I swapped out my monitor, and after fixing the driver, they are less common. Since then, the error I am getting is:

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 5/14/2010
Time: 11:50:33 AM
User: N/A
Computer: OYML
Description:
Error code 0000001a, parameter1 00041284, parameter2 08a69001, parameter3 00002a9b, parameter4 c0883000.

This seems like it happens after around 12-24 hours after booting the computer, but I can't pinpoint it to any specific actions since it seems to happen when I'm not around.

2) Most of the time when I reboot, I get an Explorer error that says:

The instruction at "0x7342611a" referenced memory at "0x7342611a".
The memory could not be "written".

This reboots explorer, and then everything appears to be alright. I have quite a few processes that run on startup, and I haven't yet tried to start removing and readding things to see if I can pinpoint what program might be causing the problem, but since it doesn't happen on every startup, I'm not sure if there is a problem with any startup program. I do run Winbar at startup, and it occasionally gives me errors that it couldn't start, but running the program again seems to fix it.

I think I might have a memory issue, but I haven't yet investigated that route fully. I thought I might post here first and make sure there isn't any other problem before I proceed with hardware testing. I ran through all the steps on the cleaning guide: TFC, ERUNT, MB Anti-Malware, Avast!, GMER, and OTL. Avast was still doing a file scan when I went to bed and the system was stopped when I got up, so I don't know if it completed, but as of the time I went to bed, it had finished scanning the system drive without finding anything.

Unfortunately, my system did not include Windows installation disks, only a recovery partition. Otherwise I would do a repair install to see if that fixed anything. My system : Athlon 64 3700+, Windows XP SP3, 3GB RAM.

Here's my logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4097

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/13/2010 12:43:53 PM
mbam-log-2010-05-13 (12-43-53).txt

Scan type: Quick scan
Objects scanned: 140583
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-14 15:39:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ugldapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEDB7BBDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xED9B56B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xEDB7B1B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xEDB7B840]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xED9B5574]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xEDB7B09A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xEDB7D06A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEDB7D302]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xEDB7AC60]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xEDB7BFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xED9B5A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xED9B514C]
SSDT spbl.sys ZwEnumerateKey [0xF72ACDA4]
SSDT spbl.sys ZwEnumerateValueKey [0xF72AD132]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xEDB7CCEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xEDB7B43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xEDB7BA1C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xED9B564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xED9B508C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xEDB7B6CC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xED9B50F0]
SSDT spbl.sys ZwQueryKey [0xF72AD20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xED9B576E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xEDB7C720]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEDB7D648]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xED9B572E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xEDB7CA88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xEDB7BDC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xEDB7CE9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xED9B58AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xEDB7B3D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xEDB7B5C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xEDB7AF64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xEDB7AE32]

INT 0x62 ? 8DB02BF8
INT 0x63 ? 8D8CBF00
INT 0x82 ? 8DB02BF8
INT 0x83 ? 8DB02BF8
INT 0x83 ? 8DB02BF8
INT 0x83 ? 8D8CBF00
INT 0x83 ? 8DB02BF8

Code 8BB79BAC ZwRequestPort
Code 8BB79B0C ZwTraceEvent
Code 8BB79BAB NtRequestPort
Code 8BB79B0B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 80531840 5 Bytes JMP 8BB79B10
PAGE ntkrnlpa.exe!NtRequestPort 80597DD4 5 Bytes JMP 8BB79BB0
? spbl.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF56EE380, 0x566445, 0xE8000020]
.text USBPORT.SYS!DllUnload F56CE8AC 5 Bytes JMP 8D8CB4E0
.text az4gvddl.SYS F545A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az4gvddl.SYS F545A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az4gvddl.SYS F545A3C4 3 Bytes [00, 80, 02]
.text az4gvddl.SYS F545A3C9 1 Byte [30]
.text az4gvddl.SYS F545A3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E77A 5 Bytes JMP 8BB799D0
.text win32k.sys!EngCreateBitmap + DDB2 BF845CCB 5 Bytes JMP 8BB796B0
.text win32k.sys!EngCreateClip + 19C1 BF91313E 5 Bytes JMP 8BB79A70

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[312] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe[1824] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040FD50 C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[2944] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050E060 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\PeerBlock\peerblock.exe[3940] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0041FBE0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8DAEC1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 8C0761F8

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8D8BD4C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8DB701F8
Device \Driver\dmio \Device\DmControl\DmConfig 8DB701F8
Device \Driver\dmio \Device\DmControl\DmPnP 8DB701F8
Device \Driver\dmio \Device\DmControl\DmInfo 8DB701F8
Device \Driver\usbehci \Device\USBPDO-1 8D8A11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1D51F650-8F1E-4CD8-96CF-D469FDC966DD} 8C2F71F8

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8DB041F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8DB041F8
Device \Driver\Cdrom \Device\CdRom0 8D8951F8
Device \Driver\Cdrom \Device\CdRom1 8D8951F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8DB041F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c [F7112B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8DB041F8
Device \Driver\usbstor \Device\000000c0 8C08B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8DB041F8
Device \Driver\usbstor \Device\000000c1 8C08B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 8DB041F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 8DB041F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8C2F71F8
Device \Driver\usbstor \Device\000000c2 8C08B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume8 8DB041F8
Device \Driver\usbstor \Device\000000c3 8C08B1F8
Device \Driver\sptd \Device\2211275280 spbl.sys
Device \Driver\NetBT \Device\NetbiosSmb 8C2F71F8
Device \Driver\usbstor \Device\000000c4 8C08B1F8
Device \Driver\usbstor \Device\000000c5 8C08B1F8
Device \Driver\usbstor \Device\000000b9 8C08B1F8

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\PCI_PNP4030 \Device\00000089 spbl.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{17214CFA-65B1-40C2-A3ED-9EDF7D5EF03D} 8C2F71F8

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8D8BD4C0
Device \Driver\usbehci \Device\USBFDO-1 8D8A11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8C29C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8C29C500
Device \Driver\Ftdisk \Device\FtControl 8DB041F8
Device \Driver\usbstor \Device\000000bc 8C08B1F8
Device \Driver\usbstor \Device\000000bd 8C08B1F8
Device \Driver\usbstor \Device\000000be 8C08B1F8
Device \Driver\usbstor \Device\000000bf 8C08B1F8
Device \Driver\az4gvddl \Device\Scsi\az4gvddl1 8D7781F8
Device \Driver\az4gvddl \Device\Scsi\az4gvddl1Port4Path0Target0Lun0 8D7781F8
Device \FileSystem\Fastfat \Fat 8C0761F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 8C0561F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -465821277
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1494996065
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0x8C 0xB6 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x8D 0x60 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xED 0x7E 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0x3A 0xC1 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x9A 0x34 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x2F 0x18 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9F 0x5F 0x1A 0xED ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x86 0x90 0x2A 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2E 0x50 0x95 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x16 0xD9 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x13 0x7C 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x8D 0x60 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0xED 0x7E 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0x3A 0xC1 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x76 0x9A 0x34 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD4 0x2F 0x18 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9F 0x5F 0x1A 0xED ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\guard32.dll

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 5/14/2010 3:54:17 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads\Cleaning
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.22 Gb Total Space | 20.32 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
Drive D: | 4.07 Gb Total Space | 1.39 Gb Free Space | 34.08% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 40.07 Gb Free Space | 17.21% Space Free | Partition Type: NTFS
Drive G: | 153.38 Gb Total Space | 153.09 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 153.38 Gb Total Space | 117.96 Gb Free Space | 76.91% Space Free | Partition Type: NTFS
Drive X: | 914.43 Gb Total Space | 183.09 Gb Free Space | 20.02% Space Free | Partition Type: NTFS
Drive Y: | 465.65 Gb Total Space | 55.87 Gb Free Space | 12.00% Space Free | Partition Type: FAT32
Drive Z: | 914.43 Gb Total Space | 327.35 Gb Free Space | 35.80% Space Free | Partition Type: NTFS

Computer Name: OYML
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Downloads\Cleaning\05 - OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe (Foxit Software)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashLogV.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\EPSON\EpsonPrinterStudy4\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Portable Apps\FeedReader\feedreader.exe ()
PRC - C:\Program Files\Everything\Everything.exe ()
PRC - C:\Program Files\Topos\cFosSpeed\spd.exe (cFos Software GmbH)
PRC - C:\Program Files\Topos\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Icecast2 Win32\icecastService.exe ()
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\qmc.exe ()
PRC - C:\Program Files\Launchy\Launchy.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
PRC - C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\WinBar\WinBar.exe (JDM)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\zHotkey.exe ()
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\Cacheman\Cacheman.exe (Outer Technologies)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Downloads\Cleaning\05 - OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\GPSoftware\Directory Opus\dopushlp.dll (GP Software)
MOD - C:\WINDOWS\HKNTDLL.dll ()


========== Win32 Services (SafeList) ==========

SRV - (KodakCCS) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (EpsonPrinterStudy4) -- C:\Program Files\EPSON\EpsonPrinterStudy4\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (cFosSpeedS) -- C:\Program Files\Topos\cFosSpeed\spd.exe (cFos Software GmbH)
SRV - (Icecast-trunk) -- C:\Program Files\Icecast2 Win32\icecastService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (MVPMedia) -- C:\Program Files\Hauppauge MediaMVP\MVPStart.exe (Hauppauge Computer Works)
SRV - (MVPMediaSvc) -- C:\Program Files\Hauppauge MediaMVP\Hardware\DglSvcMain.exe (Hauppauge Computer Works, Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (winvnc) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV - (SIVDRIVER) -- C:\WINDOWS\system32\drivers\SIVX32.sys (Ray Hinchliffe)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (cFosSpeed) -- C:\WINDOWS\system32\drivers\cfosspeed.sys (cFos Software GmbH)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (iaStor) -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)
DRV - (sbusb) -- C:\WINDOWS\system32\drivers\sbusb.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFModNT.sys (Creative Technology Ltd.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=GT4016

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT4016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.gateway.c...h...TP&M=GT4016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {55009080-176f-11da-8cd6-0800200c9a66}:4.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.9.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:28:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 23:17:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 11:40:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/30 10:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/06 11:40:54 | 000,000,000 | ---D | M]

[2008/06/17 15:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/14 12:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions
[2010/02/06 21:45:19 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/10/30 23:52:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/27 01:34:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 01:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/14 00:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2010/05/06 00:18:55 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/01/28 02:16:20 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/15 02:59:06 | 000,000,000 | ---D | M] (ImageBot) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2009/11/02 02:43:12 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/01/28 02:16:15 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/05/06 00:18:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/06 00:23:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/12/20 17:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}
[2009/11/25 02:27:38 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010/04/27 01:34:32 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/12 02:57:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/12 14:38:28 | 000,000,000 | ---D | M] (BBCode) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2010/04/27 01:34:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/01 12:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{bbfec13c-8cb2-53f2-b852-999eb2a852c9}
[2008/08/23 12:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}-trash
[2010/05/06 00:19:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/27 01:34:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/09 23:55:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/09 22:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\dave2x@download
[2010/02/23 03:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2009/12/26 23:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\filtersetg@updater
[2009/06/19 14:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/04/27 01:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/01/08 14:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/03/15 02:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\SkipScreen@SkipScreen
[2009/10/20 11:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2010/01/28 02:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]
[2008/05/02 14:08:52 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\allrecipes.xml
[2010/05/09 05:21:24 | 000,001,147 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\kraytracker.xml
[2010/05/03 13:36:00 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\stmusic-search.xml
[2008/08/21 15:45:48 | 000,002,011 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\support-alert.xml
[2008/05/23 02:02:32 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\webster.xml
[2009/06/02 16:18:29 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\winamp-search.xml
[2008/08/21 15:45:45 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\searchplugins\windowssecretscom.xml
[2010/05/14 12:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/27 03:51:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/04/26 15:05:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/25 02:23:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/12/17 20:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/10/30 23:49:45 | 000,348,919 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11964 more lines...
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\Topos\cFosSpeed\cFosSpeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKCU..\Run: [Cacheman] C:\Program Files\Cacheman\Cacheman.exe (Outer Technologies)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [EPSON WorkForce 30 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [feedreader.exe] C:\Portable Apps\FeedReader\feedreader.exe ()
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunServices: [SchedulingAgent] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Music Anywhere Settings.lnk = C:\Program Files\Logitech\Music Anywhere\LMASysTray.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\QuickMonth Calendar.lnk = C:\WINDOWS\qmc.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WinBar.lnk = C:\Program Files\WinBar\WinBar.exe (JDM)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to MVP Favorite Radio Stations - C:\Program Files\Hauppauge MediaMVP\mvp.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.micros...i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gatew...r/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169227185812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\dadb {82D6F09F-4AC2-11D3-8BD9-0080ADB8683C} - C:\Program Files\OrangeCD\dadb.dll (Firetongue Software)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\DOpus_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\DOpus_Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ab1def2e-d5a2-11de-901a-00045a538d1f}\Shell\AutoRun\command - "" = M:\PStart.exe -- File not found
O33 - MountPoints2\{c09915e2-ca34-483b-804e-62d249662b86}\Shell\AutoRun\command - "" = Z:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/13 11:18:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/14 15:52:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/14 14:17:03 | 000,063,296 | ---- | C] (Ray Hinchliffe) -- C:\WINDOWS\System32\drivers\SIVX32.sys
[2010/05/12 16:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/05/12 15:25:24 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Owner\My Documents\DTLite4356-0091.exe
[2010/05/12 02:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application DataComodoGroup
[2010/05/12 02:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2010/05/12 02:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/05/12 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/05/12 02:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/12 01:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/05/09 23:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nimiq
[2010/05/09 23:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.bittorrent
[2010/05/09 23:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ipodderX
[2010/05/09 23:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Primetime Podcast Receiver
[2010/05/09 23:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nimiq
[2010/05/09 23:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\iPodderX Downloads
[2010/05/09 23:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPodderX
[2010/05/09 23:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\AudioShell
[2010/05/07 00:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Juice
[2010/05/06 11:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/06 11:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/02 12:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\EncSpot
[2010/04/07 23:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Playlist Creator 3.6
[2010/04/05 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Red Chair Software
[2010/04/05 15:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Red Chair Software
[2010/04/03 22:55:32 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/01 00:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickMediaConverter
[2010/03/31 23:58:18 | 000,000,000 | ---D | C] -- C:\Fonts
[2010/03/30 00:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.thumbnails
[2010/03/25 23:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Taskbar Shuffle
[2010/03/23 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Joiner
[2010/03/22 13:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2010/03/20 16:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2010/03/14 03:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.gimp-2.6
[2010/03/14 03:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\gegl-0.0
[2010/03/14 03:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/03/13 02:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\XMedia Recode
[2010/03/08 22:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\ExtractNow
[2010/02/22 22:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\WBFS Manager Covers
[2010/02/22 22:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2010/02/22 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Icecast2 Win32
[2010/02/21 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Windows Live Writer
[2010/02/21 12:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded Audio
[2010/02/21 12:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Orb Networks
[2010/02/20 13:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\UFS Explorer
[2010/02/19 21:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2010/02/14 02:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Valentines Coloring
[2009/09/13 00:46:16 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/05/14 15:29:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/14 13:50:22 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 13:50:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/14 13:39:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/14 12:31:39 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/14 12:31:39 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/14 12:31:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/14 12:09:54 | 000,063,296 | ---- | M] (Ray Hinchliffe) -- C:\WINDOWS\System32\drivers\SIVX32.sys
[2010/05/14 11:49:02 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/14 11:47:37 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/14 11:47:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/14 11:47:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 11:46:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 11:46:17 | 3186,085,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 02:46:16 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/05/14 00:31:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/05/13 18:31:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/13 12:13:49 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/05/13 04:19:36 | 000,019,882 | ---- | M] () -- C:\Documents and Settings\Owner\peerblock.dmp
[2010/05/12 16:34:14 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/12 06:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/05/12 03:01:28 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Owner\My Documents\DTLite4356-0091.exe
[2010/05/12 02:11:51 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LoggingOff.reg
[2010/05/12 01:55:19 | 232,439,190 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2009-5-12.reg
[2010/05/12 01:08:04 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LoggingOn.reg
[2010/05/11 00:33:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/10 01:45:43 | 000,001,564 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/09 23:40:03 | 000,000,178 | RHS- | M] () -- C:\WINDOWS\System32\thssdk32.sys
[2010/05/08 01:23:56 | 000,077,172 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/06 10:33:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/02 13:42:06 | 000,000,436 | RHS- | M] () -- C:\Documents and Settings\Owner\ntuser.pol
[2010/04/29 23:22:44 | 000,462,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/29 23:22:44 | 000,078,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 23:22:42 | 000,551,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/19 08:46:54 | 000,098,296 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/03 22:55:32 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/03 22:55:32 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/03 22:55:32 | 000,025,755 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/04/03 22:55:32 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/03 19:22:32 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/30 23:58:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/30 02:08:22 | 000,000,899 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/30 00:19:40 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/03/23 16:27:10 | 001,623,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/13 13:35:28 | 012,642,447 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Various Artists-Do You Remember.zip
[2010/03/13 03:49:50 | 012,060,382 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\VA-WELLKEEPBELIEVINGIFYOUKEEPSINGING.zip
[2010/02/27 20:01:28 | 016,183,776 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/19 01:39:27 | 010,434,739 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dns34_manual_100.pdf
[2010/02/18 21:43:56 | 000,047,722 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nGen Customer Client.pdf
[2010/02/15 02:21:31 | 000,088,975 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Newegg.com 2010-02-15.pdf

========== Files Created - No Company Name ==========

[2010/05/12 02:37:44 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/05/12 02:20:25 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/05/12 02:11:51 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LoggingOff.reg
[2010/05/12 01:54:23 | 232,439,190 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2009-5-12.reg
[2010/05/12 01:08:04 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LoggingOn.reg
[2010/05/11 00:33:44 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/05/11 00:33:44 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/10 23:16:37 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/10 23:16:36 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/05/10 23:16:34 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/05/10 23:16:33 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/05/10 02:54:32 | 000,019,882 | ---- | C] () -- C:\Documents and Settings\Owner\peerblock.dmp
[2010/05/09 23:40:03 | 000,000,178 | RHS- | C] () -- C:\WINDOWS\System32\thssdk32.sys
[2010/05/08 01:23:56 | 000,077,172 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/02 14:33:52 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Owner\DeductionPro2009.log
[2010/05/02 13:42:06 | 000,000,436 | RHS- | C] () -- C:\Documents and Settings\Owner\ntuser.pol
[2010/04/03 22:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/03 22:55:32 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/03 19:22:32 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/03 19:22:32 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/30 00:19:40 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel
[2010/03/13 02:59:08 | 012,642,447 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Various Artists-Do You Remember.zip
[2010/03/13 02:58:48 | 012,060,382 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\VA-WELLKEEPBELIEVINGIFYOUKEEPSINGING.zip
[2010/03/13 00:20:06 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/03/13 00:20:04 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/02/18 22:26:53 | 010,434,739 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dns34_manual_100.pdf
[2010/02/18 21:43:53 | 000,047,722 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\nGen Customer Client.pdf
[2010/02/15 02:21:29 | 000,088,975 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Newegg.com 2010-02-15.pdf
[2010/01/31 02:35:12 | 000,000,145 | ---- | C] () -- C:\WINDOWS\jpegcrop.INI
[2009/11/02 01:54:34 | 000,001,564 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/10/03 09:37:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/09/13 00:46:14 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009/02/13 02:44:34 | 000,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll
[2009/02/10 14:53:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 14:50:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPWF30.ini
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/18 14:49:10 | 000,000,179 | ---- | C] () -- C:\WINDOWS\{E91A2937-0368-460F-A511-73966296C967}.ini
[2008/11/18 14:49:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\{E91A2937-0368-460F-A511-73966296C967}.ini
[2008/07/08 11:22:36 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/07/08 11:08:37 | 000,000,074 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/12 00:51:19 | 000,000,171 | ---- | C] () -- C:\WINDOWS\icecast2.ini
[2007/05/11 04:14:52 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2007/05/11 04:14:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/05/11 03:12:41 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/05/11 03:12:41 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/05/11 03:12:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/05/11 03:12:27 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/05/11 03:12:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/05/11 03:12:26 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/05/11 03:11:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BRVPDNTA.DLL
[2007/05/11 03:11:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/05/11 03:11:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/05/11 03:11:51 | 000,011,568 | ---- | C] () -- C:\WINDOWS\HL-1440.INI
[2007/05/11 03:11:51 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/03/12 08:14:51 | 000,002,164 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/03/11 11:37:14 | 000,020,672 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/03/11 11:09:36 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2007/03/11 09:43:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2007/03/01 03:28:21 | 000,026,322 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2007/02/22 20:18:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/02/22 18:52:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/02/08 10:04:37 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/02/08 10:04:37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/02/03 12:19:35 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/03 12:19:13 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/03 12:19:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/27 09:29:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/01/23 15:39:49 | 000,000,349 | ---- | C] () -- C:\WINDOWS\Ffpsettings.ini
[2007/01/19 12:02:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/01/19 11:45:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/01/19 11:43:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2007/01/18 11:09:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/15 10:00:39 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netspeed.INI
[2007/01/14 09:43:58 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/14 09:00:52 | 000,000,497 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/13 14:00:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/13 12:53:12 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2007/01/13 12:53:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2007/01/13 12:53:12 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2007/01/13 12:38:01 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2006/03/18 09:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/11 12:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/01/12 13:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 19:49:16 | 000,001,270 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/04/05 12:17:52 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 16:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/12/14 16:46:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 16:46:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 16:46:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1995/03/14 00:22:21 | 000,003,440 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll

========== LOP Check ==========

[2010/05/12 16:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2007/03/13 08:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2009/09/30 15:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/01/25 21:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2007/08/08 17:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GPSoftware
[2007/03/12 10:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/12/12 01:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/11/29 13:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/09/24 02:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MP3Toys
[2008/11/26 03:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/22 18:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/08/10 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/10/06 22:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2009/09/17 15:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/05/13 14:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/02/04 21:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/10/31 00:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/25 22:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/02/10 15:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/01/19 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/08/16 07:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/22 04:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/06 11:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 15:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 11:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/31 00:24:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/05/09 23:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.bittorrent
[2008/10/05 15:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2008/08/17 10:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AD ON Multimedia
[2007/03/08 20:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bersirc
[2009/09/28 00:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BOXEE
[2009/03/18 18:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bullzip
[2008/11/18 14:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Business Objects
[2009/01/08 02:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cYo
[2009/02/24 22:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2009/08/11 13:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/02/24 22:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2010/04/05 05:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dBpoweramp
[2007/02/01 10:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner
[2009/10/28 04:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
[2008/08/04 08:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDFab
[2007/09/22 14:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2009/12/29 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2009/09/28 01:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FMZilla
[2009/02/24 22:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2009/10/06 14:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2010/05/10 03:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2009/12/28 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gizmotronix
[2010/05/12 02:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2007/02/02 01:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GPSoftware
[2010/03/30 00:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/03/22 13:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HandBrake
[2009/09/22 01:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IcoFX
[2010/05/07 00:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iPodder
[2010/05/10 00:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ipodderX
[2008/08/18 01:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JGsoft
[2009/03/03 00:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Launchy
[2009/02/10 15:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/02/01 03:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mazaika
[2008/04/21 13:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MiniLyrics
[2009/08/09 15:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Moyea
[2007/03/31 11:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mp3tag
[2009/04/20 01:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3Toys
[2007/08/16 07:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2007/11/04 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MusicIP
[2008/07/28 15:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NewsBin
[2010/01/12 00:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\nicotine
[2010/05/09 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nimiq
[2009/08/18 23:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2007/09/10 10:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2007/02/22 18:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995
[2008/02/22 21:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlainEdit
[2007/08/10 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\r2 Studios
[2010/04/05 15:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Chair Software
[2010/02/24 12:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RipIt4Me
[2007/01/18 07:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2008/01/06 12:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Schism Tracker
[2008/04/22 10:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2007/02/24 09:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softplicity
[2007/02/08 11:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOIK
[2010/01/22 14:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut
[2007/01/31 08:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/07/09 15:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tenebril
[2007/01/14 09:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2007/02/08 09:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2010/05/14 16:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/01/22 17:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/11/30 00:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2008/12/11 14:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/05/14 00:31:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/05/12 06:31:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/05/14 12:31:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/05/13 18:31:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/05/11 00:33:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/14 11:47:37 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/14 11:46:08 | 000,036,732 | ---- | M] () -- C:\aaw7boot.log
[2009/12/29 00:18:45 | 000,007,662 | ---- | M] () -- C:\archives.html
[2007/01/13 12:54:32 | 000,000,206 | ---- | M] () -- C:\audio.log
[2005/01/09 21:13:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/30 19:35:03 | 000,004,005 | ---- | M] () -- C:\Best of Skate Punk.m3u
[2009/10/24 01:21:59 | 000,000,197 | -HS- | M] () -- C:\boot.ini
[2005/12/15 03:00:13 | 000,000,199 | ---- | M] () -- C:\boot.ini.comodofirewall
[2005/01/09 21:13:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/07 02:48:43 | 000,460,202 | ---- | M] () -- C:\CTSUFile.txt
[2009/08/29 00:26:10 | 000,000,000 | ---- | M] () -- C:\DMF2_WKLog.txt
[2007/02/02 15:34:34 | 000,565,248 | -HS- | M] () -- C:\ehthumbs.db
[2007/03/11 12:14:04 | 000,118,104 | ---- | M] () -- C:\hcwclear.txt
[2010/05/14 11:46:17 | 3186,085,888 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/06 01:44:45 | 000,034,400 | ---- | M] () -- C:\hpCDE.log
[2009/12/29 00:18:44 | 000,008,490 | ---- | M] () -- C:\index.html
[2007/07/15 08:28:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2005/01/09 21:13:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/01/13 12:56:21 | 000,001,180 | -H-- | M] () -- C:\IPH.PH
[2008/02/01 09:50:04 | 000,229,376 | ---- | M] (J.C. Kessels) -- C:\JkDefrag.exe
[2008/12/14 18:39:05 | 000,001,439 | ---- | M] () -- C:\JkDefrag.log
[2007/01/13 12:32:03 | 000,000,086 | ---- | M] () -- C:\lan.log
[2007/11/03 11:57:51 | 000,026,234 | ---- | M] () -- C:\logfile
[2007/05/25 08:42:16 | 000,000,215 | ---- | M] () -- C:\MAC Library.log
[2007/05/25 08:41:35 | 000,401,800 | ---- | M] () -- C:\MAC Library.txt
[2008/12/15 01:36:44 | 000,036,497 | ---- | M] () -- C:\MediaMonkey.ini
[2008/12/15 01:31:22 | 176,993,280 | ---- | M] () -- C:\MM.DB
[2008/12/11 04:59:24 | 000,000,000 | ---- | M] () -- C:\MMiPodExcept.log
[2008/12/11 04:59:24 | 000,000,000 | ---- | M] () -- C:\MMWMDMExcept.log
[2007/01/13 11:14:02 | 000,000,064 | ---- | M] () -- C:\MOVE_RECOVERY
[2005/01/09 21:13:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/09 17:12:31 | 000,000,834 | ---- | M] () -- C:\mxlog.dat
[2004/08/10 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/08 11:21:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/01/13 12:52:59 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2010/05/14 11:46:08 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/10/06 13:36:44 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\PureText.exe
[2008/12/15 01:37:08 | 000,000,864 | ---- | M] () -- C:\Restore.vbs
[2009/12/29 00:18:44 | 000,001,316 | ---- | M] () -- C:\rss.xml
[2003/12/21 22:44:22 | 000,032,768 | ---- | M] (http://www.beyondlogic.org) -- C:\smart.exe
[2007/12/17 15:13:11 | 000,003,891 | ---- | M] () -- C:\statistics.xml
[2007/08/11 22:49:53 | 000,000,140 | ---- | M] () -- C:\tomsteady.ini
[2007/01/13 12:29:39 | 000,000,002 | RHS- | M] () -- C:\USER

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msfeeds.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/09 12:58:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/09 12:58:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/09 12:58:49 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010/05/14 12:09:54 | 000,063,296 | ---- | M] (Ray Hinchliffe) -- C:\WINDOWS\system32\drivers\SIVX32.sys
[2010/05/12 16:34:14 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAFF1466
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Please uninstall Daemon Tools Lite. It confuses the issue.

Could you please submit these files to http://virustotal.com and see what they say about them:

C:\WINDOWS\HKNTDLL.dll
C:\WINDOWS\System32\thssdk32.sys
C:\WINDOWS\System32\argtmp39.dll

These are hidden system files so if you have trouble finding them:
* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and exit My Computer.
* Now your computer is configured to show all hidden files.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus program at this time :!:

Ron
  • 0

#3
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you for taking the time to help me out with this. Your help is greatly appreciated.

Daemon Tools Lite was uninstalled as requested.

The three files were submitted to virustotal.comas requested. All came up negative in each scan. I saved the results locally if you want to see them.

ComboFix 10-05-16.01 - Owner 05/16/2010 23:19:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3038.2327 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\george.exe
AV: avast! antivirus 4.8.1368 [VPS 100516-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\AD ON Multimedia
c:\documents and settings\Owner\Application Data\Desktopicon
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\My Documents\2009-5-12.reg
c:\windows\eSellerateEngine.dll
c:\windows\system\vcredist.exe
c:\windows\system32\Data
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-14 18:17 . 2010-05-14 16:09 63296 ----a-w- c:\windows\system32\drivers\SIVX32.sys
2010-05-12 06:40 . 2010-05-12 06:40 -------- d-----w- c:\documents and settings\Owner\Application DataComodoGroup
2010-05-12 06:27 . 2010-05-12 06:27 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft
2010-05-12 06:19 . 2010-05-12 06:20 -------- d-----w- c:\program files\Glary Utilities
2010-05-12 06:04 . 2010-05-12 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-12 06:04 . 2010-05-12 06:07 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-12 05:39 . 2010-05-12 05:39 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-05-11 04:33 . 2010-05-17 03:10 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-11 04:33 . 2010-05-17 03:10 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-10 03:47 . 2010-05-10 03:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Nimiq
2010-05-10 03:40 . 2010-05-10 03:40 -------- d-----w- c:\documents and settings\Owner\Application Data\.bittorrent
2010-05-10 03:40 . 2010-05-10 03:40 178 --sh--r- c:\windows\system32\thssdk32.sys
2010-05-10 03:39 . 2010-05-10 04:20 -------- d-----w- c:\documents and settings\Owner\Application Data\ipodderX
2010-05-10 03:39 . 2010-05-10 03:59 -------- d-----w- c:\program files\Primetime Podcast Receiver
2010-05-10 03:38 . 2010-05-10 03:38 7278 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{FF9C8C78-E0D5-4B91-901C-9399A5B3831F}\_26e91eb.exe
2010-05-10 03:38 . 2010-05-10 03:38 2862 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{FF9C8C78-E0D5-4B91-901C-9399A5B3831F}\_bb32ea6.exe
2010-05-10 03:38 . 2010-05-10 03:38 2862 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{FF9C8C78-E0D5-4B91-901C-9399A5B3831F}\_5af141bb.exe
2010-05-10 03:38 . 2010-05-10 03:38 -------- d-----w- c:\program files\Nimiq
2010-05-10 03:37 . 2010-05-10 03:37 24062 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_2cd672ae.exe
2010-05-10 03:37 . 2010-05-10 03:37 24062 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_294823.exe
2010-05-10 03:37 . 2010-05-10 03:37 24062 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_18be6784.exe
2010-05-10 03:37 . 2010-05-10 03:37 1078 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_4ae13d6c.exe
2010-05-10 03:37 . 2010-05-10 03:37 -------- d-----w- c:\program files\iPodderX
2010-05-10 03:34 . 2010-05-10 03:34 -------- d-----w- c:\program files\AudioShell
2010-05-08 05:23 . 2010-05-08 05:23 77172 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-07 04:03 . 2010-05-07 16:00 -------- d-----w- c:\program files\Juice
2010-05-06 15:53 . 2010-05-06 15:53 -------- d-----w- c:\program files\iPod
2010-05-06 15:52 . 2010-05-06 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-06 15:12 . 2010-05-06 15:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 16:08 . 2010-05-02 18:06 -------- d-----w- c:\program files\EncSpot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 03:05 . 2007-01-15 14:19 -------- d-----w- c:\program files\WinBar
2010-05-17 03:05 . 2009-09-30 03:52 -------- d-----w- c:\program files\PeerBlock
2010-05-17 02:56 . 2010-03-26 03:30 -------- d-----w- c:\program files\Taskbar Shuffle
2010-05-17 02:56 . 2009-02-20 01:36 -------- d-----w- c:\program files\Everything
2010-05-17 02:56 . 2006-04-05 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-05-17 02:37 . 2008-08-19 15:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-17 02:26 . 2008-01-08 19:18 -------- d-----w- c:\program files\Rainlendar2
2010-05-14 19:47 . 2009-02-08 03:32 -------- d-----w- c:\program files\TaxCut08
2010-05-14 19:33 . 2008-02-11 23:55 -------- d-----w- c:\program files\TaxCut07
2010-05-14 19:08 . 2008-02-11 23:59 -------- d-----w- c:\program files\PDF995
2010-05-14 18:14 . 2010-03-20 20:56 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-05-13 18:30 . 2008-07-08 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-05-13 16:26 . 2009-10-24 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 16:25 . 2009-11-03 08:01 -------- d-----w- c:\program files\ERUNT
2010-05-13 16:12 . 2007-11-05 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-13 06:49 . 2009-03-26 05:22 -------- d-----w- c:\program files\DSynchronize
2010-05-12 20:34 . 2007-01-27 13:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-12 20:33 . 2009-02-25 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-12 06:37 . 2007-01-13 18:01 -------- d-----w- c:\program files\Comodo
2010-05-10 07:12 . 2008-01-26 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Free Download Manager
2010-05-07 04:04 . 2008-01-24 20:56 -------- d-----w- c:\documents and settings\Owner\Application Data\iPodder
2010-05-06 15:54 . 2007-12-01 18:45 -------- d-----w- c:\program files\iTunes
2010-05-06 15:53 . 2008-11-27 14:16 -------- d-----w- c:\program files\Common Files\Apple
2010-05-06 15:40 . 2007-08-22 18:17 -------- d-----w- c:\program files\QuickTime
2010-05-02 18:34 . 2010-02-05 00:54 -------- d-----w- c:\program files\DeductionPro 2009
2010-05-01 20:05 . 2007-12-30 18:09 -------- d-----w- c:\program files\Bonjour
2010-04-30 14:06 . 2007-01-14 00:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-29 19:39 . 2009-10-24 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-10-24 04:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 05:35 . 2007-11-01 22:53 181096 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\FlashGot.exe
2010-04-27 04:49 . 2010-02-05 01:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2010-04-19 12:46 . 2007-01-13 17:26 98296 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-18 02:16 . 2007-03-20 18:29 -------- d-----w- c:\program files\NFO Sighting
2010-04-12 22:29 . 2010-01-27 07:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 11:16 . 2007-01-13 16:44 -------- d-----w- c:\program files\Common Files\Java
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 15:00 . 2007-03-31 14:50 -------- d-----w- c:\program files\Mp3tag
2010-04-08 03:58 . 2007-01-13 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 03:16 . 2010-04-08 03:15 -------- d-----w- c:\program files\Playlist Creator 3.6
2010-04-05 19:11 . 2010-04-05 19:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Red Chair Software
2010-04-05 09:20 . 2007-11-22 23:16 -------- d-----w- c:\documents and settings\Owner\Application Data\dBpoweramp
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-01 04:54 . 2007-01-21 18:16 -------- d-----w- c:\program files\CDisplay
2010-04-01 04:08 . 2010-04-01 04:07 -------- d-----w- c:\program files\QuickMediaConverter
2010-03-31 23:59 . 2007-11-09 17:00 -------- d-----w- c:\program files\Handbrake
2010-03-31 04:14 . 2010-02-20 01:56 -------- d-----w- c:\program files\DiskInternals
2010-03-31 04:13 . 2010-03-23 23:08 -------- d-----w- c:\program files\Free Video Joiner
2010-03-31 04:13 . 2010-02-21 16:26 -------- d-----w- c:\program files\Orb Networks
2010-03-30 04:19 . 2008-05-01 06:55 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-03-22 17:00 . 2010-03-22 17:00 -------- d-----w- c:\documents and settings\Owner\Application Data\HandBrake
2010-03-22 03:19 . 2010-03-22 03:05 21195352 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US60016901dupd.exe
2010-03-20 21:29 . 2007-01-21 16:04 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-03-10 06:15 . 2007-01-13 03:21 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2007-01-13 03:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2007-01-13 03:20 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 -c--a-w- c:\windows\system32\GPhotos.scr
2010-02-17 13:10 . 2007-01-13 03:20 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2007-01-13 15:19 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-08-08 16:28 . 2009-02-20 23:15 10924032 -c--a-w- c:\program files\easy_search(4.5.0.0).exe
2008-07-14 20:55 . 2009-09-28 04:57 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2007-01-14 13:03 . 2007-01-14 13:03 3071 -c--a-w- c:\program files\install_wizard.log
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-21 07:05 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-21 07:05 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-21 07:05 216064 -csh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2007-07-08 275984]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Cacheman"="c:\progra~1\Cacheman\Cacheman.exe" [2003-07-31 1290752]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-03-05 318256]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 68856]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"feedreader.exe"="c:\portable apps\FeedReader\feedreader.exe" [2009-03-29 2058240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-02-11 876760]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-01-16 122880]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-31 333088]
QuickMonth Calendar.lnk - c:\windows\qmc.exe [2008-6-9 217632]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
WinBar.lnk - c:\program files\WinBar\WinBar.exe [2007-1-15 188928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-7-14 274432]
Logitech Music Anywhere Settings.lnk - c:\program files\Logitech\Music Anywhere\LMASysTray.exe [2007-8-20 184320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2007-07-08 693760]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Directory Opus Desktop Dblclk]
2007-07-08 17:42 275984 ----a-w- c:\program files\GPSoftware\Directory Opus\dopusrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOpus]
2007-07-08 18:14 6964720 ----a-w- c:\program files\GPSoftware\Directory Opus\dopus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2008-01-22 20:13 2449455 ----a-w- c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-01-16 01:14 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 14:42 69632 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/24/2009 10:16 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/9/2008 5:02 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/17/2009 12:40 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/17/2009 12:40 AM 25160]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/6/2007 9:03 PM 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/9/2008 5:02 PM 20560]
R2 EpsonPrinterStudy4;EpsonPrinterStudy4;c:\program files\EPSON\EpsonPrinterStudy4\EPCP.exe [4/22/2009 11:22 AM 96144]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [1/26/2007 9:20 AM 6016]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/27/2007 9:29 AM 691696]
S2 gupdate1c98af454b09ce6;Google Update Service (gupdate1c98af454b09ce6);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 4:23 PM 133104]
S2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2/22/2010 3:24 PM 417792]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [9/29/2009 11:52 PM 14424]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [9/13/2009 12:46 AM 1694592]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [5/14/2010 2:17 PM 63296]
S4 MVPMedia;MVPMedia;c:\progra~1\Hauppauge MediaMVP\MVPStart.exe [9/17/2009 5:14 PM 53248]
S4 MVPMediaSvc;MVPMediaSvc;c:\progra~1\Hauppauge MediaMVP\Hardware\DglSvcMain.exe [9/17/2009 5:14 PM 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JGOGO
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-05-16 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 19:41]

2010-05-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-05-12 01:36]

2010-05-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 21:50]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 20:23]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4016
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to MVP Favorite Radio Stations - c:\program files\Hauppauge MediaMVP\mvp.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: aol.com\free
TCP: {1D51F650-8F1E-4CD8-96CF-D469FDC966DD} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]\components\coolirisstub.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)
AddRemove-Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Uninst.isu
AddRemove-FreeOCR.net - c:\windows\FreeOCR.net



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 23:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3361414594-922222945-685335054-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-05-16 23:26:40
ComboFix-quarantined-files.txt 2010-05-17 03:26

Pre-Run: 11,395,645,440 bytes free
Post-Run: 20,814,675,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - CCA7566BEA0A0DE521142729363AB313


After Combofix ran, I rebooted the system to find the same Explorer.exe error as in my number 2 problem listed in the opening post.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\sptd.sys

Driver::
sptd



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

(Make sure you do not have Comodo's anti-virus running at the same time as Avast. You only want one anti-virus. (Right click on the Comodo shield and make sure that only the Firewall Security is checked.)

If you boot into Safe Mode does it have the same error? (Reboot and when you see the maker's logo or hear a beep start slowly tapping the F8 key. Keep tapping until you see the Safe Mode menu then choose the top option and log in as your usual login.

If you do not get the same error then:

Start, Run, msconfig, OK.
Under Startup uncheck everything. Under Services, check hide Microsoft services then uncheck everything.
Apply OK and reboot into regular mode. Cancel msconfig when it comes up. If you did not get the error then one of the programs we have unchecked is the problem. Go back into msconfig and check all of the services and apply and restart. If the error returns then
one of the services is at fault. If not then one of the Startups. Keep going into msconfig and check or unchecking items until you find the culprit.

If you get the same error then get ShellExView from

http://www.nirsoft.n...xview_setup.exe

Run it and find the column (about the third from the right) that says Microsoft and click on Microsoft once or twice so that it sorts with the NOs at the top. Highlight all the NOs then click the red button under the File. Close and reboot. If the error is gone now then it is one of the items you have disabled. Go back in and turn half of them on and reboot. Eventually you will find the source of the problem.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
1. Combofix was run as requested:

ComboFix 10-05-16.01 - Owner 05/17/2010 0:42.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3038.2325 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\george.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100516-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\windows\system32\drivers\sptd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sptd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPTD
-------\Service_sptd


((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-12 06:27 . 2010-05-12 06:27 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft
2010-05-12 06:04 . 2010-05-12 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-10 03:47 . 2010-05-10 03:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Nimiq
2010-05-10 03:40 . 2010-05-10 03:40 -------- d-----w- c:\documents and settings\Owner\Application Data\.bittorrent
2010-05-10 03:39 . 2010-05-10 04:20 -------- d-----w- c:\documents and settings\Owner\Application Data\ipodderX
2010-05-06 15:52 . 2010-05-06 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 05:01 . 2009-09-30 03:52 -------- d-----w- c:\program files\PeerBlock
2010-05-17 05:00 . 2008-01-08 19:18 -------- d-----w- c:\program files\Rainlendar2
2010-05-17 05:00 . 2010-03-26 03:30 -------- d-----w- c:\program files\Taskbar Shuffle
2010-05-17 05:00 . 2006-04-05 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-05-17 04:57 . 2010-05-11 04:33 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-17 04:57 . 2010-05-11 04:33 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-17 04:36 . 2007-01-15 14:19 -------- d-----w- c:\program files\WinBar
2010-05-17 02:56 . 2009-02-20 01:36 -------- d-----w- c:\program files\Everything
2010-05-17 02:37 . 2008-08-19 15:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-14 19:47 . 2009-02-08 03:32 -------- d-----w- c:\program files\TaxCut08
2010-05-14 19:33 . 2008-02-11 23:55 -------- d-----w- c:\program files\TaxCut07
2010-05-14 19:08 . 2008-02-11 23:59 -------- d-----w- c:\program files\PDF995
2010-05-14 18:14 . 2010-03-20 20:56 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-05-14 16:09 . 2010-05-14 18:17 63296 ----a-w- c:\windows\system32\drivers\SIVX32.sys
2010-05-13 18:30 . 2008-07-08 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-05-13 16:26 . 2009-10-24 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 16:25 . 2009-11-03 08:01 -------- d-----w- c:\program files\ERUNT
2010-05-13 16:12 . 2007-11-05 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-13 06:49 . 2009-03-26 05:22 -------- d-----w- c:\program files\DSynchronize
2010-05-12 20:33 . 2009-02-25 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-12 06:37 . 2007-01-13 18:01 -------- d-----w- c:\program files\Comodo
2010-05-12 06:20 . 2010-05-12 06:19 -------- d-----w- c:\program files\Glary Utilities
2010-05-12 06:07 . 2010-05-12 06:04 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-12 05:39 . 2010-05-12 05:39 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-05-10 07:12 . 2008-01-26 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Free Download Manager
2010-05-10 03:59 . 2010-05-10 03:39 -------- d-----w- c:\program files\Primetime Podcast Receiver
2010-05-10 03:40 . 2010-05-10 03:40 178 --sh--r- c:\windows\system32\thssdk32.sys
2010-05-10 03:38 . 2010-05-10 03:38 7278 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{FF9C8C78-E0D5-4B91-901C-9399A5B3831F}\_26e91eb.exe
2010-05-10 03:38 . 2010-05-10 03:38 2862 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{FF9C8C78-E0D5-4B91-901C-9399A5B3831F}\_bb32ea6.exe
2010-05-10 03:38 . 2010-05-10 03:38 2862 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{FF9C8C78-E0D5-4B91-901C-9399A5B3831F}\_5af141bb.exe
2010-05-10 03:38 . 2010-05-10 03:38 -------- d-----w- c:\program files\Nimiq
2010-05-10 03:37 . 2010-05-10 03:37 24062 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_2cd672ae.exe
2010-05-10 03:37 . 2010-05-10 03:37 24062 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_294823.exe
2010-05-10 03:37 . 2010-05-10 03:37 24062 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_18be6784.exe
2010-05-10 03:37 . 2010-05-10 03:37 1078 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A82F7568-B92C-49B6-9C87-FF0AC4BE3991}\_4ae13d6c.exe
2010-05-10 03:37 . 2010-05-10 03:37 -------- d-----w- c:\program files\iPodderX
2010-05-10 03:34 . 2010-05-10 03:34 -------- d-----w- c:\program files\AudioShell
2010-05-08 05:23 . 2010-05-08 05:23 77172 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-07 16:00 . 2010-05-07 04:03 -------- d-----w- c:\program files\Juice
2010-05-07 04:04 . 2008-01-24 20:56 -------- d-----w- c:\documents and settings\Owner\Application Data\iPodder
2010-05-06 15:54 . 2007-12-01 18:45 -------- d-----w- c:\program files\iTunes
2010-05-06 15:53 . 2010-05-06 15:53 -------- d-----w- c:\program files\iPod
2010-05-06 15:53 . 2008-11-27 14:16 -------- d-----w- c:\program files\Common Files\Apple
2010-05-06 15:40 . 2007-08-22 18:17 -------- d-----w- c:\program files\QuickTime
2010-05-06 15:12 . 2010-05-06 15:12 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 18:34 . 2010-02-05 00:54 -------- d-----w- c:\program files\DeductionPro 2009
2010-05-02 18:06 . 2010-05-02 16:08 -------- d-----w- c:\program files\EncSpot
2010-05-01 20:05 . 2007-12-30 18:09 -------- d-----w- c:\program files\Bonjour
2010-04-30 14:06 . 2007-01-14 00:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-29 19:39 . 2009-10-24 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-10-24 04:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 05:35 . 2007-11-01 22:53 181096 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\FlashGot.exe
2010-04-27 04:49 . 2010-02-05 01:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2010-04-19 12:46 . 2007-01-13 17:26 98296 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-18 02:16 . 2007-03-20 18:29 -------- d-----w- c:\program files\NFO Sighting
2010-04-12 22:29 . 2010-01-27 07:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 11:16 . 2007-01-13 16:44 -------- d-----w- c:\program files\Common Files\Java
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 15:00 . 2007-03-31 14:50 -------- d-----w- c:\program files\Mp3tag
2010-04-08 03:58 . 2007-01-13 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-08 03:16 . 2010-04-08 03:15 -------- d-----w- c:\program files\Playlist Creator 3.6
2010-04-05 19:11 . 2010-04-05 19:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Red Chair Software
2010-04-05 09:20 . 2007-11-22 23:16 -------- d-----w- c:\documents and settings\Owner\Application Data\dBpoweramp
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-01 04:54 . 2007-01-21 18:16 -------- d-----w- c:\program files\CDisplay
2010-04-01 04:08 . 2010-04-01 04:07 -------- d-----w- c:\program files\QuickMediaConverter
2010-03-31 23:59 . 2007-11-09 17:00 -------- d-----w- c:\program files\Handbrake
2010-03-31 04:14 . 2010-02-20 01:56 -------- d-----w- c:\program files\DiskInternals
2010-03-31 04:13 . 2010-03-23 23:08 -------- d-----w- c:\program files\Free Video Joiner
2010-03-31 04:13 . 2010-02-21 16:26 -------- d-----w- c:\program files\Orb Networks
2010-03-30 04:19 . 2008-05-01 06:55 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-03-22 17:00 . 2010-03-22 17:00 -------- d-----w- c:\documents and settings\Owner\Application Data\HandBrake
2010-03-22 03:19 . 2010-03-22 03:05 21195352 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US60016901dupd.exe
2010-03-20 21:29 . 2007-01-21 16:04 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-03-10 06:15 . 2007-01-13 03:21 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2007-01-13 03:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2007-01-13 03:20 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 -c--a-w- c:\windows\system32\GPhotos.scr
2010-02-17 13:10 . 2007-01-13 03:20 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2007-01-13 15:19 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-08-08 16:28 . 2009-02-20 23:15 10924032 -c--a-w- c:\program files\easy_search(4.5.0.0).exe
2008-07-14 20:55 . 2009-09-28 04:57 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2007-01-14 13:03 . 2007-01-14 13:03 3071 -c--a-w- c:\program files\install_wizard.log
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-21 07:05 163328 -csh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-21 07:05 31232 -csh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-21 07:05 216064 -csh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2007-07-08 275984]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Cacheman"="c:\progra~1\Cacheman\Cacheman.exe" [2003-07-31 1290752]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-03-05 318256]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 68856]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"feedreader.exe"="c:\portable apps\FeedReader\feedreader.exe" [2009-03-29 2058240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-02-11 876760]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-01-16 122880]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-31 333088]
QuickMonth Calendar.lnk - c:\windows\qmc.exe [2008-6-9 217632]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
WinBar.lnk - c:\program files\WinBar\WinBar.exe [2007-1-15 188928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-7-14 274432]
Logitech Music Anywhere Settings.lnk - c:\program files\Logitech\Music Anywhere\LMASysTray.exe [2007-8-20 184320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2007-07-08 693760]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Directory Opus Desktop Dblclk]
2007-07-08 17:42 275984 ----a-w- c:\program files\GPSoftware\Directory Opus\dopusrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOpus]
2007-07-08 18:14 6964720 ----a-w- c:\program files\GPSoftware\Directory Opus\dopus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2008-01-22 20:13 2449455 ----a-w- c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-01-16 01:14 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 14:42 69632 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/24/2009 10:16 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/9/2008 5:02 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/17/2009 12:40 AM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/17/2009 12:40 AM 25160]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/6/2007 9:03 PM 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/9/2008 5:02 PM 20560]
R2 EpsonPrinterStudy4;EpsonPrinterStudy4;c:\program files\EPSON\EpsonPrinterStudy4\EPCP.exe [4/22/2009 11:22 AM 96144]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2/22/2010 3:24 PM 417792]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [1/26/2007 9:20 AM 6016]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [9/29/2009 11:52 PM 14424]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S2 gupdate1c98af454b09ce6;Google Update Service (gupdate1c98af454b09ce6);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 4:23 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [9/13/2009 12:46 AM 1694592]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [5/14/2010 2:17 PM 63296]
S4 MVPMedia;MVPMedia;c:\progra~1\Hauppauge MediaMVP\MVPStart.exe [9/17/2009 5:14 PM 53248]
S4 MVPMediaSvc;MVPMediaSvc;c:\progra~1\Hauppauge MediaMVP\Hardware\DglSvcMain.exe [9/17/2009 5:14 PM 45056]
.
Contents of the 'Scheduled Tasks' folder

2010-05-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-15 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-15 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:31]

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-05-16 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 19:41]

2010-05-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-05-12 01:36]

2010-05-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 21:50]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 20:23]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4016
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to MVP Favorite Radio Stations - c:\program files\Hauppauge MediaMVP\mvp.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: aol.com\free
TCP: {1D51F650-8F1E-4CD8-96CF-D469FDC966DD} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]\components\coolirisstub.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3znrirb5.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 00:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3361414594-922222945-685335054-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Taskbar Shuffle\tbhookin.dll
c:\program files\GPSoftware\Directory Opus\dopushlp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Topos\cFosSpeed\spd.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\UltraVNC\WinVNC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\zHotkey.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2010-05-17 01:07:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-17 05:07
ComboFix2.txt 2010-05-17 03:26

Pre-Run: 20,797,005,824 bytes free
Post-Run: 20,459,503,616 bytes free

- - End Of File - - 6F7BB0036F8DA685B43B8FF4FFDA41DB

2. Verified that Comodo Antivirus was not running.

3. Finally tracked down the problem to a component of SpywareGuard. This program used to be pretty heavily recommended on antispyware sites (including this one), but it hasn't been updated since 2004 and I don't think it is nearly as recommended as it used to be. I uninstalled the program, but do you think it is worth reinstalling and fixing what was probably a corrupt file?

4. Event Viewer logs:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/05/2010 2:02:46 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/05/2010 1:57:02 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/05/2010 1:43:50 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/05/2010 1:39:50 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 17/05/2010 1:38:21 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM aswSP aswTdi cmdGuard cmdHlp Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6 WS2IFSL

Log: 'System' Date/Time: 17/05/2010 1:38:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:38:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:38:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:38:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:38:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:38:21 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:37:55 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 17/05/2010 1:37:53 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 17/05/2010 1:25:33 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 17/05/2010 1:22:47 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 17/05/2010 1:18:45 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 17/05/2010 1:18:08 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 17/05/2010 1:17:54 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM aswSP aswTdi cmdGuard cmdHlp Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6 WS2IFSL

Log: 'System' Date/Time: 17/05/2010 1:17:54 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:17:54 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 17/05/2010 1:17:54 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/05/2010 10:41:24 PM
Type: warning Category: 0
Event: 3019 Source: MRxSmb
The redirector failed to determine the connection type.

Log: 'System' Date/Time: 16/05/2010 10:41:24 PM
Type: warning Category: 0
Event: 3019 Source: MRxSmb
The redirector failed to determine the connection type.

Log: 'System' Date/Time: 16/05/2010 10:40:46 PM
Type: warning Category: 0
Event: 3019 Source: MRxSmb
The redirector failed to determine the connection type.

Log: 'System' Date/Time: 16/05/2010 10:40:46 PM
Type: warning Category: 0
Event: 3019 Source: MRxSmb
The redirector failed to determine the connection type.

Log: 'System' Date/Time: 16/05/2010 1:21:33 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 15/05/2010 4:48:33 PM
Type: warning Category: 32
Event: 15208 Source: WPDMTPDriver
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, NOMAD Jukebox Zen Xtra, 2.10.03_0.00.01' cannot accept read-only properties when creating new objects ((24)).

Log: 'System' Date/Time: 14/05/2010 1:56:56 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 12/05/2010 4:28:02 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 12/05/2010 2:47:15 AM
Type: warning Category: 32
Event: 15208 Source: WPDMTPDriver
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, NOMAD Jukebox Zen Xtra, 2.10.03_0.00.01' cannot accept read-only properties when creating new objects ((24)).

Log: 'System' Date/Time: 12/05/2010 1:23:29 AM
Type: warning Category: 32
Event: 15208 Source: WPDMTPDriver
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, NOMAD Jukebox Zen Xtra, 2.10.03_0.00.01' cannot accept read-only properties when creating new objects ((24)).

Log: 'System' Date/Time: 08/05/2010 12:39:43 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 05/05/2010 11:22:47 AM
Type: warning Category: 32
Event: 15208 Source: WPDMTPDriver
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, NOMAD Jukebox Zen Xtra, 2.10.03_0.00.01' cannot accept read-only properties when creating new objects ((24)).

Log: 'System' Date/Time: 05/05/2010 11:07:08 AM
Type: warning Category: 32
Event: 15208 Source: WPDMTPDriver
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, NOMAD Jukebox Zen Xtra, 2.10.03_0.00.01' cannot accept read-only properties when creating new objects ((24)).

Log: 'System' Date/Time: 05/05/2010 10:08:56 AM
Type: warning Category: 32
Event: 15208 Source: WPDMTPDriver
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, NOMAD Jukebox Zen Xtra, 2.10.03_0.00.01' cannot accept read-only properties when creating new objects ((24)).

Log: 'System' Date/Time: 05/05/2010 12:37:47 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 04/05/2010 12:37:17 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 03/05/2010 12:37:04 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 30/04/2010 12:57:05 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 26/04/2010 8:12:28 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 23/04/2010 8:10:40 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/05/2010 2:05:29 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/05/2010 1:58:33 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 17/05/2010 1:47:19 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 17/05/2010 1:26:10 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 17/05/2010 12:56:30 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 17/05/2010 12:42:32 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 17/05/2010 12:41:18 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 17/05/2010 12:35:48 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application runonce.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x7342611a.

Log: 'Application' Date/Time: 16/05/2010 11:34:43 PM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 16/05/2010 11:09:16 PM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 16/05/2010 11:04:22 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application runonce.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x7342611a.

Log: 'Application' Date/Time: 16/05/2010 10:26:29 PM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 16/05/2010 11:25:38 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 15/05/2010 11:46:16 AM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

Log: 'Application' Date/Time: 15/05/2010 1:34:09 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mediamonkey.exe, version 3.2.0.1294, faulting module unknown, version 0.0.0.0, fault address 0x044510d0.

Log: 'Application' Date/Time: 15/05/2010 1:34:08 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mediamonkey.exe, version 3.2.0.1294, faulting module unknown, version 0.0.0.0, fault address 0x044510d0.

Log: 'Application' Date/Time: 15/05/2010 1:34:05 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mediamonkey.exe, version 3.2.0.1294, faulting module unknown, version 0.0.0.0, fault address 0x044510d0.

Log: 'Application' Date/Time: 15/05/2010 1:34:00 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mediamonkey.exe, version 3.2.0.1294, faulting module unknown, version 0.0.0.0, fault address 0x044510d0.

Log: 'Application' Date/Time: 15/05/2010 1:33:53 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mediamonkey.exe, version 3.2.0.1294, faulting module unknown, version 0.0.0.0, fault address 0x044510d0.

Log: 'Application' Date/Time: 15/05/2010 1:33:44 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mediamonkey.exe, version 3.2.0.1294, faulting module unknown, version 0.0.0.0, fault address 0x044510d0.

Log: 'Application' Date/Time: 15/05/2010 1:33:35 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application mediamonkey.exe, version 3.2.0.1294, faulting module unknown, version 0.0.0.0, fault address 0x044510d0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/05/2010 1:32:59 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user OYML\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 17/05/2010 1:32:39 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 14/05/2010 1:49:01 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 14/05/2010 1:49:01 PM
Type: warning Category: 0
Event: 63 Source: WinMgmt
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/05/2010 3:54:35 AM
Type: warning Category: 3
Event: 3053 Source: Windows Search Service
The previous update was reset, or was otherwise interrupted. A full update of all content sources will be automatically started.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 12/05/2010 9:35:44 PM
Type: warning Category: 1
Event: 1008 Source: Windows Search Service
The Windows Search Service is attempting to remove the old catalog.


Log: 'Application' Date/Time: 12/05/2010 2:49:48 AM
Type: warning Category: 1
Event: 1008 Source: Windows Search Service
The Windows Search Service is attempting to remove the old catalog.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Glad you found it. I would just leave it off. If it hasn't been updated since 2004 then it can't be much use anyway. (I don't have a lot of input into what goes in the recommendations.)

Your event logs show a lot of problems with mediamonkey, zune, Hauppauge WinTV PVR PCI II TvTuner

Also your clock is not updating for some reason. The clock is important. If it gets too far out some certificates won't be valid and you won't be able to go to go to some secure sites. Double click on the clock and make sure it is adjusted to the correct local time. Then Internet Time and Update Now. IF it doesn't connect you may be blocking it with Comodo.

You really ought to reconsider using P2P programs like bittorrent, limewire, etc. Files received from the P2P are often ridden with viruses so best not to use but if you must use them always submit any file you get to virustotal.com before you open it.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You have the latest Java (6 update 20)but may have older versions still around which need to be removed. Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

Ron
  • 0

#7
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Your event logs show a lot of problems with mediamonkey, zune, Hauppauge WinTV PVR PCI II TvTuner

I think I installed the Zune software at one time when I was considering buying one. The software has long since been uninstalled so I'm not sure why the "Zune Bus Enumerator" is still hanging around and causing problems. I'm also not sure what component of MediaMonkey might be causing problems since the program works fine. I'll look into that. As for the TV tuner card, I'm gonna update the drivers and software and see if that helps.

Also your clock is not updating for some reason. The clock is important. If it gets too far out some certificates won't be valid and you won't be able to go to go to some secure sites. Double click on the clock and make sure it is adjusted to the correct local time. Then Internet Time and Update Now. IF it doesn't connect you may be blocking it with Comodo.

It updates fine. It might be running into a network traffic bottleneck at some point and timing out on it. I remember about a month ago the computer had set itself to year 2000 and I had to manually fix the time. I suppose that is somehow related. I'll keep my eye on it.

You have the latest Java (6 update 20)but may have older versions still around which need to be removed. Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Residual install information from previous versions removed. Adobe products updated and Javascript in Foxit reader turned off as requested.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

Both installed.

If you use Firefox then get the AdBlock Plus Add-on.

Already had it. It's by far my favorite Firefox add-on. :)

I appreciate your help with this. I'll leave the system on for a while and see if I blue screen again. If it does happen again, can I (relatively) safely assume it is hardware related?
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Zune Bus Enumerator Driver service should show up in OTL but doesn't. You can Start, Run, services.msc, OK and see if you can find it. If you do then doubleclick on it and change the Startup Type to Disabled.

If you get another blue screen we can't assume it's hardware. Will depend on the error message.

Ron
  • 0

#9
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It doesn't show up on the services list... It would appear from another site that it can be found in the registry, but I don't think I want to go in and start removing stuff. :)

I'll let the computer hang around and see if it blue screens again, then.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I wonder if it shows up as a driver?

Right click on My Computer and select Manage then Device Manager. View Hidden and then see if it shows up somewhere in the right pane.
If you find it you can right click and Uninstall or Disable.
I would expect it would have a yellow or red mark next to it since it can't find its file.

Instead of editing the registry directly you can use a tool called RegSeeker.
http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.

Select Find in Registry then have it look for Zune Enumerator. You can then select all and then right click and delete selected. It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it.

RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.

Going to be away from the computer for the next 4 hours.

Ron

Edited by RKinner, 17 May 2010 - 03:13 PM.

  • 0

Advertisements


#11
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It was there as a driver file, so I uninstalled it.

However, before doing this, I realized that I don't have audio anymore. I am trying to reinstall the sound drivers now, but I'm not sure what would have disabled my sound.

EDIT: Well, that didn't work... Now I don't have sound. I'll have to work on this in a little while though.

EDIT 2: OK, I figured out the problem, and of course it was something easy... I have my soundcard running through a source selector box and the button was pushed to a different source when I moved something on my desk... *sigh*

Edited by Oyml, 17 May 2010 - 02:19 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Good.

What I like to do is clear all of the System and Application event logs:

Right click on My Computer and select Manage then Event Viewer then right click on System and Clear All, No. Repeat for Applications.

Then reboot and run the Event Viewer Tool as we did earlier. Ideally there should not be any events of level: warning or error found.

Anything that comes up usually causes a slight delay in boot and can usually be fixed by uninstalling the offending program or stopping the service.

Ron
  • 0

#13
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
When I came back to the computer, it was stuck on a BSOD. Error code 0000001a, parameter1 00041284, parameter2 04249001, parameter3 00000077, parameter4 c0883000. The error was identified as MEMORY_MANAGEMENT.

I will do the steps you mentioned to clear the event viewer logs.

EDIT:
Here's what the Event Log had in it:
Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/05/2010 8:19:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/05/2010 8:08:46 PM
Type: error Category: 0
Event: 4 Source: Media Center Receiver
TV tuner malfunction. (0x80070057) Hauppauge WinTV PVR PCI II TvTuner

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/05/2010 8:08:08 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Kodak Camera Connection Software service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 17/05/2010 8:08:08 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I think I need to get Media Center configured to use the card, but it keeps locking up on me when I try to go into the settings. The Kodak issue should be easy enough to fix: I just unintalled the EasyShare software, so disabling the service should be no problem. That Zune thing is pesky, though.

Edited by Oyml, 17 May 2010 - 06:32 PM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I think you may have some bad RAM.

Run a memory test.

http://www.memtest.org/

or

http://oca.microsoft.../en/windiag.asp

See what it says. You will need to be able to burn a bootable CD.

SIW is also useful. Under Hardware, Sensors they usually give the temperature of your CPU. Sometimes heat is a problem due to a weak/dead fan or clogged heat sink.

http://www.snapfiles.com/get/siw.html


Ron
  • 0

#15
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
That's pretty much what I'm afraid is probably the case.

I installed SIW and the only value that seems a little high is on the I/O controller, which reports a temperature of ~160°F at diode 1 while 125°F at diode 2, while the internal temp is listed at 100°F. The CPU seems fine at ~130°F.

I'll run Memtest later on and report back what it finds.

EDIT: Memtest got to about 95% complete without a single error, and then finished the last 5% with over 60,000. :)

I ran the other test from Microsoft as well hoping it could tell me which module was bad, but I guess my hardware is too old for that to work. It did also come up with some errors, though.

I opened up the case and removed each memory chip, blew out the slot, and then reseated the chip. I also installed an extra fan in the case just for the heck of it since I had one lying around. After restarting, I ran the Microsoft program again and it didn't find any errors this time. I'm hoping that reseating the memory has solved that problem, but I also know that it probably won't be that easy. At least I got to see what kind of memory I'll need to get to replace a bad chip for future reference. And the whole system is running about 10°F cooler now.

I'll report back if the problems appear again.

Edited by Oyml, 18 May 2010 - 12:19 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP