Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Agobot Virus Infection


  • Please log in to reply

#16
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And also- did you want me to follow those instructions exactly and uninstall those programs, etcetera?

Thanks.
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
Sorry for the delay. Wife took over the computer.

Go ahead and uninstall the programs and run the OTL script.

How is it running now? Any more problems?

Ron
  • 0

#18
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
It's no problem :) I don't know about the problems- I haven't tried to run any games or movies yet until the issue is solved. I'll go ahead and run OTL.
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
After you finish with OTL:

Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f

to clean up System Restore.

Get the latest Java at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.



Then let's do a general tuneup and checkup:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get SIW

http://www.snapfiles.com/get/siw.html

Run it and under Hardware look for Sensors. Click on Sensors and look in the right pane there should be some temperature readings. What are they? Watch your video for a little bit then look again. Are the temps going up?

Check the Device Manager for problems:
(Start) then rightclick on My Computer and select Manage. Then Device Manager.
click on each of the + marks to open each item. Look for yellow marked items and
uninstall them or delete them and reboot. Do they come back with yellow marks?





Ron
  • 0

#20
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Just in case you wanted to see them, here are my most recent logs from OTC, first being the main log, the second is extras:

---



OTL logfile created on: 5/24/2011 2:17:22 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Dioscuri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 55.83% Memory free
3.84 Gb Paging File | 3.01 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 63.50 Gb Free Space | 42.60% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 225.75 Gb Free Space | 48.47% Space Free | Partition Type: NTFS

Computer Name: THXSEAGATE | User Name: Dioscuri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 16:34:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\Desktop\OTL.exe
PRC - [2011/05/07 04:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:57:28 | 001,396,736 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:46:22 | 001,206,544 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/10/19 19:08:22 | 001,408,072 | ---- | M] (BigFix, Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2009/10/19 19:08:20 | 002,370,632 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/07/20 17:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/09/21 15:44:14 | 000,129,793 | ---- | M] () -- C:\WINDOWS\LD_Boot.exe
PRC - [2005/10/07 14:13:38 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/27 16:41:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 16:34:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/15 08:39:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/10/19 19:08:20 | 002,370,632 | ---- | M] (BigFix Inc.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/07/20 17:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/31 11:58:36 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/09/26 02:01:00 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/09 22:06:00 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (symmpi)
DRV - [2006/05/02 19:45:45 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 21:57:18 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/11 05:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/15 16:06:20 | 000,251,578 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 10:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.seagate.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[2011/05/09 10:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dioscuri\Application Data\Mozilla\Extensions
[2011/05/09 10:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 12:26:00 | 000,000,000 | ---D | M] (IE View) -- C:\Program Files\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/01/12 14:35:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
File not found (No name found) --
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/26 03:16:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2011/05/24 10:05:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Auto_Inventory] C:\WINDOWS\LD_Boot.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - Startup: C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://quickr.seagate.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1201641630687 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {9C855227-889B-4B50-A41E-4B97C2F1E6A5} https://seagate.soft.../SLMSViewer.cab (SLMSViewer Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} http://ok-orgpub.okl...ins/OrgPubX.cab (OrgPublisher PluginX)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl-sv.seaga...SetupClient.cab (JuniperSetupClientControl Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MSGINA.DLL) - C:\WINDOWS\System32\msgina.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/01 09:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 14:04:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/24 10:22:29 | 001,422,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dioscuri\Desktop\tdsskiller.exe
[2011/05/24 10:03:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/05/24 08:41:19 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dioscuri\Desktop\aswMBR.exe
[2011/05/24 08:30:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/24 08:28:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/24 08:28:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/24 08:28:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/24 08:28:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/24 08:27:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/24 00:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Malwarebytes
[2011/05/24 00:00:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/24 00:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/24 00:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/24 00:00:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 00:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/23 23:34:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 16:34:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\Desktop\OTL.exe
[2011/05/23 13:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/05/23 09:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/23 09:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/23 09:08:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/23 09:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/23 09:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/20 11:48:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/05/20 01:51:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/19 22:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/05/19 19:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Kernel Recovery for iPod(Demo)
[2011/05/19 19:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fox Interactive
[2011/05/19 13:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Avira
[2011/05/19 11:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/19 11:25:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/19 11:25:43 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/19 11:25:43 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/19 11:25:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/19 11:25:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/19 11:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/19 11:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/18 11:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\WindSolutions
[2011/05/18 11:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/05/16 16:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/05/16 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/05/10 22:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\DVD Decrypter
[2011/05/10 22:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2011/05/10 22:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2011/05/10 22:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/05/10 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2011/05/10 22:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\PackageAware
[2011/05/10 22:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\dvdcss
[2011/05/09 17:08:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dioscuri\Recent
[2011/05/09 13:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\My Documents\Red Kawa
[2011/05/09 13:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Red Kawa
[2011/05/09 11:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\Geckofx
[2011/05/09 11:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2011/05/09 11:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2011/05/09 11:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
[2011/05/09 11:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2011/05/09 10:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\Mozilla
[2011/05/06 11:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/06 11:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\My Documents\Any Video Converter
[2011/05/06 11:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\AnvSoft
[2011/05/05 10:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\HandBrake
[2011/05/05 10:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dioscuri\Application Data\HandBrake
[2011/05/05 10:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake

========== Files - Modified Within 30 Days ==========

[2011/05/24 14:13:59 | 000,028,124 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/24 14:13:53 | 000,028,124 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/24 14:13:44 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/24 14:13:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/24 14:12:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 14:12:17 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 10:22:41 | 001,422,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dioscuri\Desktop\tdsskiller.exe
[2011/05/24 10:20:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dioscuri\My Documents\MBR.dat
[2011/05/24 10:05:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/24 08:41:25 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dioscuri\Desktop\aswMBR.exe
[2011/05/24 08:30:30 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/05/24 08:08:36 | 004,353,961 | R--- | M] () -- C:\Documents and Settings\Dioscuri\Desktop\ComboFix.exe
[2011/05/23 23:21:31 | 000,000,331 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/23 21:38:52 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/05/23 16:34:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dioscuri\Desktop\OTL.exe
[2011/05/23 09:08:10 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/23 00:49:06 | 2145,435,648 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/21 18:45:22 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/21 13:25:24 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/05/21 09:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 11:21:28 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/16 23:41:16 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 00:53:05 | 000,442,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/15 00:53:05 | 000,072,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/14 10:28:51 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/14 10:28:50 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Desktop\Google Chrome.lnk
[2011/05/11 22:48:04 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\SysCalls.dat
[2011/05/09 17:13:51 | 000,941,132 | ---- | M] () -- C:\cc_20110509_1712.reg
[2011/05/07 09:13:44 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Dioscuri\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/06 01:50:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/05/24 14:13:45 | 000,028,124 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/24 14:13:45 | 000,028,124 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/24 14:13:44 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/24 08:47:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dioscuri\My Documents\MBR.dat
[2011/05/24 08:30:30 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/05/24 08:30:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/24 08:28:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/24 08:28:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/24 08:28:17 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/24 08:28:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/24 08:28:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/24 08:08:21 | 004,353,961 | R--- | C] () -- C:\Documents and Settings\Dioscuri\Desktop\ComboFix.exe
[2011/05/23 09:08:10 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/21 18:47:04 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/21 18:45:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/09 17:13:18 | 000,941,132 | ---- | C] () -- C:\cc_20110509_1712.reg
[2011/05/06 08:53:59 | 001,660,416 | ---- | C] () -- C:\WINDOWS\PS_MatrixScreensaver.scr
[2011/05/06 01:50:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 20:34:44 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/07 16:00:14 | 000,041,472 | ---- | C] () -- C:\WINDOWS\FreeAgentGo.dll
[2010/10/07 14:32:05 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Dioscuri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 14:18:23 | 000,069,506 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/09/30 14:18:23 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/09/29 11:54:43 | 006,814,952 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/09/29 09:51:07 | 000,057,320 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/26 00:22:32 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/01 09:31:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpmnwun.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/25 11:03:38 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\DLLEX32.DLL
[2009/06/25 11:03:38 | 000,014,304 | ---- | C] () -- C:\WINDOWS\System32\HLPADDIN.DLL
[2009/06/25 11:00:54 | 000,000,057 | ---- | C] () -- C:\WINDOWS\SABRE.INI
[2008/12/02 17:43:46 | 000,000,228 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/12/02 15:52:38 | 000,125,678 | ---- | C] () -- C:\WINDOWS\cleanup_remedy.exe
[2008/12/02 15:20:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/02 15:20:03 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/02 15:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/12/02 15:19:00 | 000,120,839 | ---- | C] () -- C:\WINDOWS\cleanup_2ksp3.exe
[2008/11/14 17:38:27 | 000,000,331 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/14 17:19:27 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\SysCalls.dat
[2008/11/14 16:09:46 | 000,129,793 | ---- | C] () -- C:\WINDOWS\LD_Boot.exe
[2008/11/14 16:09:46 | 000,129,739 | ---- | C] () -- C:\WINDOWS\LD_Repair.exe
[2008/10/20 12:57:25 | 000,126,734 | ---- | C] () -- C:\WINDOWS\WSE_FixLDAgent.EXE
[2008/01/31 13:14:08 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/01/31 11:55:05 | 000,125,557 | ---- | C] () -- C:\WINDOWS\cleanup.exe
[2008/01/31 10:07:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/01/31 10:04:34 | 000,110,494 | ---- | C] () -- C:\WINDOWS\wzclean.exe
[2008/01/30 12:19:46 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/01/30 12:19:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/01/29 12:31:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2008/01/29 12:26:41 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/01/29 12:26:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/29 12:26:38 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/29 12:26:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/29 12:26:23 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/29 12:26:19 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/01/29 12:25:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/01/29 12:25:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/11/18 11:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/01 10:12:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/01 09:45:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/01 09:37:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/01 04:19:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/01 04:17:56 | 004,737,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/21 13:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,442,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,296 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/07/30 20:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

< End of report >




----




OTL Extras logfile created on: 5/24/2011 2:17:22 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Dioscuri\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 55.83% Memory free
3.84 Gb Paging File | 3.01 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 63.50 Gb Free Space | 42.60% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 225.75 Gb Free Space | 48.47% Space Free | Partition Type: NTFS

Computer Name: THXSEAGATE | User Name: Dioscuri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"52311:UDP" = 52311:UDP:*:Enabled:BES Client

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"52311:UDP" = 52311:UDP:*:Enabled:BES Client
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\ftp.exe" = C:\WINDOWS\System32\ftp.exe:*:Enabled:FTP -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{154A9EEB-05FC-45E6-B7BD-75D27ED02276}" = Crystal11_Redistributables
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{8048F0F3-C5AB-4C3C-8518-2B5E41DDFABA}" = AuthenTec Fingerprint Sensor Minimum Install
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9F5492E6-D322-438B-B04A-3C78CA93E5D7}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9CB8279B-F11B-437C-AC58-C91AA3482F8D}" = Intel® PROSet/Wireless WiFi Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BF7023BC-319B-4FE1-B569-C854A19F81F8}" = BigFix Enterprise Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D55A74A5-5B3B-441A-B5EE-435E304627FB}" = Embassy Trusted Drive Manager Remote Configuration
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE3E60BC-F29F-4E7B-A110-B538387D34DA}" = No One Lives Forever - Game of the Year Edition
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Information" = PC Information
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"Recuva" = Recuva
"Shockwave" = Shockwave
"SystemRequirementsLab" = System Requirements Lab
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.8
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2011 1:52:55 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/22/2011 1:52:57 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/22/2011 1:53:04 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 2:25:32 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 2:25:36 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 3:14:38 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 3:50:21 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 11:56:00 AM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.5, faulting module unknown,
version 0.0.0.0, fault address 0x001540cd.

Error - 5/23/2011 6:20:37 PM | Computer Name = THXSEAGATE | Source = MsiInstaller | ID = 1013
Description = Product: McAfee Agent -- McAfee Agent cannot be removed because other
products are still using it.

Error - 5/23/2011 9:23:58 PM | Computer Name = THXSEAGATE | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ OSession Events ]
Error - 4/28/2009 2:13:49 PM | Computer Name = SVA-U400588L002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8514
seconds with 180 seconds of active time. This session ended with a crash.

Error - 11/12/2009 6:28:58 PM | Computer Name = SVA-U400588L002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 2823
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 1/4/2010 3:07:58 PM | Computer Name = SVA-U400588L002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 62
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/24/2011 5:10:38 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The BES Client service terminated unexpectedly. It has done this
1 time(s).

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Basics Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/24/2011 5:10:39 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/24/2011 5:10:40 PM | Computer Name = THXSEAGATE | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

#21
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Sorry, quick question. Does my external hard drive have a system restore feature, and if so, does that need to have a restore point set and previous ones cleared as well? I only ask because disk cleanup gives me that option, and I thought that was a little odd.
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
Normally you only have System Restore monitor the main drive so don't worry about any others. Sometimes it will get turned on for other drives but even then I think it stores the info on the main drive. I wouldn't worry about it.

Ron
  • 0

#23
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I am away from my computer right now, and will be back late tomorrow (wednesday) evening, just so you know. I couldn't let you know sooner because I had to leave the computer running the disk check.

Thanks for your continued help and I will continue to update you on how things are going when I return home tomorrow. :)
  • 0

#24
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
The driver check found over 3700 unsigned files, but I couldn't find any that were from 2011, which is when this issue began.

Thoughts?
  • 0

#25
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here is the Event Viewer list for <SYSTEM>


---




Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/05/2011 1:43:02 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/05/2011 1:00:39 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 11:33:51 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 11:05:31 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 10:05:28 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 9:05:30 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 8:05:28 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 7:05:30 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 6:05:53 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 5:05:32 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 3:05:28 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 2:05:31 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 1:05:32 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 12:05:30 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 11:05:31 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 10:05:31 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 9:05:29 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 8:05:28 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 7:05:31 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 25/05/2011 6:41:11 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 25/05/2011 6:05:28 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.
  • 0

Advertisements


#26
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And it looks like there's nothing to show for <APPLICATION>.


---




Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/05/2011 1:45:04 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#27
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here's process XP's log. I noticed google chrome (1-10%), services.exe, BESclient.exe, csrss.exe taking the most, but the log list was jumping around a lot, for sure, so it was slightly hard to pinpoint.

---


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.75 0 K 28 K
chrome.exe 2940 3.91 99,456 K 108,984 K Google Chrome Google Inc.
System 4 0.78 0 K 244 K
procexp.exe 2028 0.78 10,240 K 14,508 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs
ZCfgSvc.exe 1960 10,956 K 16,536 K Intel® PROSet/Wireless Zero Config Service Intel® Corporation
wmiprvse.exe 2180 3,832 K 8,084 K WMI Microsoft Corporation
winlogon.exe 996 20,208 K 20,388 K Windows NT Logon Application Microsoft Corporation
unsecapp.exe 2052 2,224 K 3,960 K WMI Microsoft Corporation
unsecapp.exe 1648 2,252 K 4,284 K WMI Microsoft Corporation
SyncServicesBasics.exe 336 2,624 K 3,836 K Sync Windows Services Seagate Technology LLC
svchost.exe 1352 23,376 K 36,760 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1260 2,948 K 5,488 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1312 2,052 K 4,852 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1568 1,804 K 4,052 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1628 1,116 K 3,000 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 160 1,228 K 3,488 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 552 2,200 K 3,356 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 832 1,044 K 2,964 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 304 2,196 K 3,296 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1420 2,528 K 4,364 K Generic Host Process for Win32 Services Microsoft Corporation
stsystra.exe 804 4,660 K 8,244 K Sigmatel Audio system tray application SigmaTel, Inc.
spoolsv.exe 1892 4,084 K 6,080 K Spooler SubSystem App Microsoft Corporation
smss.exe 912 172 K 432 K Windows NT Session Manager Microsoft Corporation
services.exe 1040 1,916 K 3,664 K Services and Controller app Microsoft Corporation
sched.exe 1972 3,984 K 888 K Antivirus Scheduler Avira GmbH
scardsvr.exe 1928 928 K 2,704 K Smart Card Resource Management Server Microsoft Corporation
S24EvMon.exe 1528 11,412 K 16,960 K Intel® Wireless Management Service Intel® Corporation
rundll32.exe 2152 2,268 K 3,432 K Run a DLL as an App Microsoft Corporation
rundll32.exe 2300 1,972 K 2,792 K Run a DLL as an App Microsoft Corporation
rundll32.exe 460 2,664 K 4,184 K Run a DLL as an App Microsoft Corporation
RegSrvc.exe 1168 908 K 3,184 K Intel® PROSet/Wireless Registry Service Intel® Corporation
quickset.exe 3864 7,712 K 11,404 K QuickSet Dell Inc.
nvsvc32.exe 936 2,776 K 4,340 K NVIDIA Driver Helper Service, Version 175.97 NVIDIA Corporation
NicConfigSvc.exe 848 3,400 K 4,772 K Internal Network Card Power Management Service Dell Inc.
mDNSResponder.exe 540 1,220 K 3,788 K Bonjour Service Apple Inc.
MaxMenuMgrBasics.exe 3216 916 K 3,252 K Maxtor Status Icon Maxtor Corporation
lsass.exe 1052 3,900 K 868 K LSA Shell (Export Version) Microsoft Corporation
jqs.exe 752 2,284 K 1,412 K Java™ Quick Starter Service Sun Microsystems, Inc.
iTunesHelper.exe 2064 8,568 K 13,312 K iTunesHelper Apple Inc.
ipoint.exe 908 24,044 K 27,736 K IPoint.exe Microsoft Corporation
iPodService.exe 3668 2,408 K 3,992 K iPodService Module (32-bit) Apple Inc.
igfxsrvc.exe 1556 980 K 3,188 K igfxsrvc Module Intel Corporation
iFrmewrk.exe 2440 14,044 K 19,356 K Intel® PROSet/Wireless Framework Intel® Corporation
hpwuSchd2.exe 3016 548 K 2,068 K hpwuSchd Hewlett-Packard Company
hpqtra08.exe 2632 4,396 K 9,736 K HP Digital Imaging Monitor Hewlett-Packard Co.
hidfind.exe 1416 1,612 K 2,172 K Alps Pointing-device Driver Alps Electric Co., Ltd.
explorer.exe 3208 24,956 K 33,008 K Windows Explorer Microsoft Corporation
EvtEng.exe 580 13,956 K 17,592 K Intel® PROSet/Wireless Event Log Service Intel® Corporation
DVDLauncher.exe 3780 716 K 2,988 K CyberLink PowerCinema Resident Program CyberLink Corp.
DLACTRLW.EXE 1304 996 K 3,676 K Drive Letter Access Component Sonic Solutions
ctfmon.exe 3148 888 K 3,248 K CTF Loader Microsoft Corporation
csrss.exe 968 1,848 K 5,052 K Client Server Runtime Process Microsoft Corporation
chrome.exe 3156 61,312 K 33,408 K Google Chrome Google Inc.
chrome.exe 3060 11,024 K 18,304 K Google Chrome Google Inc.
chrome.exe 684 11,244 K 18,736 K Google Chrome Google Inc.
chrome.exe 940 10,560 K 17,980 K Google Chrome Google Inc.
chrome.exe 3196 17,488 K 25,708 K Google Chrome Google Inc.
chrome.exe 640 11,132 K 18,392 K Google Chrome Google Inc.
chrome.exe 1460 60,656 K 72,020 K Google Chrome Google Inc.
chrome.exe 3528 70,440 K 82,288 K Google Chrome Google Inc.
chrome.exe 1728 3,028 K 7,456 K Google Chrome Google Inc.
chrome.exe 2500 64,040 K 78,324 K Google Chrome Google Inc.
BFIdleTracker.exe 3816 404 K 1,716 K BFIdleTr Application
BESClientUI.exe 2764 7,520 K 1,192 K BigFix Enterprise Suite Client User Interface BigFix, Inc.
BESClient.exe 412 12,508 K 5,756 K BigFix BESClient Application BigFix Inc.
avshadow.exe 292 640 K 2,824 K AntiVir shadow copy service Avira GmbH
avguard.exe 232 94,496 K 18,676 K Antivirus On-Access Service Avira GmbH
avgnt.exe 1640 4,740 K 2,836 K Antivirus System Tray Tool Avira GmbH
AppleMobileDeviceService.exe 260 4,904 K 7,736 K MobileDeviceService Apple Inc.
Apoint.exe 2828 1,608 K 4,856 K Alps Pointing-device Driver Alps Electric Co., Ltd.
ApntEx.exe 3820 880 K 2,676 K Alps Pointing-device Driver for Windows NT/2000/XP Alps Electric Co., Ltd.
alg.exe 2424 1,184 K 3,624 K Application Layer Gateway Service Microsoft Corporation
acrotray.exe 812 800 K 2,996 K AcroTray Adobe Systems Inc.
  • 0

#28
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
So I watched the temperatures, and it looked like they were steadily climbing with both games and videos. I was mainly looking at the core and ACPI temperatures, and they've all seemed to have risen by at least 10 degrees Celsius..
  • 0

#29
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Alright, so, after looking through the device manager, I came across no yellow-marked devices. How did you want me to proceed? :)

Thanks!
  • 0

#30
Tokay

Tokay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
As a last note for the night, I wanted to add that the CPU spikes and screen static is still occuring. I just tried to run a game as a test, and it was fine for a bit, and then suddenly it was the same as before. So I guess I'm a little puzzled as to the cause of that stuff, since it's never happened before and I feel like I have plently of RAM for computer CPU not to be an issue. Anyway, I guess we'll speak more tomorrow. Thanks again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP