Jump to content


Photo

Event 7000 error in Event Viewer


  • This topic is locked This topic is locked
30 replies to this topic

#1 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 16 February 2010 - 08:29 AM

I am getting a 7000 Event viewer error repeatedly that is described in the log as "the security services driver (x86) service failed to start due to the following error: the system cannot find the file specified. for more information, see help and support center at http://go.microsoft....nk/events.asp." I have done a little searching on Google and believe the problem is due to a bad uninstall of security software that my ISP(Sympatico) provided that seemed to cause problems on my computer.I have downloaded a MS program called Autoruns to see if I could disable the service that way but can't find security services driver (x86) service listed. Any help would be appreciated.
Thanks


OS XP Pro SP3

Edited by LostintheWilderness, 16 February 2010 - 08:29 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 18 February 2010 - 08:55 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 22 February 2010 - 09:53 AM

Hi LostintheWilderness!!.. :).

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 22 February 2010 - 01:18 PM

Thank You,

Here is the OLT.txt log

OTL logfile created on: 22/02/2010 1:42:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.11 Gb Total Space | 158.31 Gb Free Space | 86.45% Space Free | Partition Type: NTFS
Drive D: | 748.40 Gb Total Space | 567.67 Gb Free Space | 75.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 580.45 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINSQUEEZE
Current User Name: David & Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/22 13:41:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2010/01/07 16:21:04 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/15 14:15:00 | 010,080,343 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\server\squeezecenter.exe
PRC - [2009/06/15 14:14:34 | 001,814,617 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\SqueezeTray.exe
PRC - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/03/19 10:44:28 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/17 23:55:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 13:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/01/11 07:35:16 | 000,759,728 | ---- | M] (Skinkers Communications) -- C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe
PRC - [2007/10/08 08:56:04 | 002,744,320 | ---- | M] () -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
PRC - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/04/12 17:00:00 | 000,142,336 | ---- | M] () -- C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
PRC - [2006/12/18 21:34:36 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/09/11 18:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/09/11 18:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/09/11 18:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/07/13 06:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/11/20 04:31:50 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2002/08/03 13:33:50 | 000,147,456 | ---- | M] (DaleSoft) -- C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe
PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/22 13:41:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:21:04 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2009/03/26 16:12:14 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/09/17 23:55:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/10/08 08:56:04 | 002,744,320 | ---- | M] () [Auto | Running] -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe -- (MusicIP Server)
SRV - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006/09/11 18:59:28 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 18:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 18:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/01 15:00:46 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/01 15:00:40 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/07/23 18:39:04 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/04/22 13:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 13:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/03/19 10:45:38 | 000,093,848 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/03/19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/03/19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/12/14 11:13:26 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/10/24 17:55:22 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2008/10/24 17:55:22 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2008/09/17 23:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/20 06:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/07 18:16:45 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/07 18:16:45 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/12/17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/16 09:09:06 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/12/12 01:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 06:45:26 | 000,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/09/02 23:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/07 06:57:30 | 000,093,952 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/14 03:26:34 | 000,009,728 | R--- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/15 02:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/25 01:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/09/25 01:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/09/25 01:29:50 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/09/25 01:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/09/25 01:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/09/25 01:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/11/07 04:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wer.microsoft...9a-d280cb7ff34a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.therainfo...s_home_sitenav"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6a
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/02 09:13:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 22:18:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 22:18:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/05/14 18:39:05 | 000,000,000 | ---D | M]

[2009/08/17 12:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Extensions
[2009/08/17 12:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Extensions\MediaCoder
[2010/02/22 08:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions
[2009/07/22 19:37:20 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2009/11/23 11:48:27 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/16 09:08:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/31 14:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/01/07 20:00:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/19 16:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\brief@mozdev.org
[2010/01/31 14:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\flashcatch-amo@flashcatch.com
[2009/12/23 12:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\piclens@cooliris.com
[2009/12/23 12:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\piclens@cooliris.com-trash
[2009/12/19 16:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\ststusscicalc@sunny
[2010/02/22 08:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/09/27 18:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BBC Alerts] C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe (Skinkers Communications)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/02/17 14:32:07 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe (SlimDevices - A Logitech Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup\MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe ()
O4 - Startup: C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup\Shortcut to DTemp.lnk = C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe (DaleSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260144284734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229179877750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David & Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David & Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/12 14:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/17 14:32:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/02/16 19:57:11 | 000,315,280 | ---- | C] (-) -- C:\WINDOWS\System32\Eraser.dll
[2010/02/16 19:57:11 | 000,085,392 | ---- | C] (-) -- C:\WINDOWS\System32\Erasext.dll
[2010/02/16 19:57:10 | 000,075,152 | ---- | C] (-) -- C:\WINDOWS\System32\Eraserl.exe
[2010/02/16 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2010/02/16 19:46:26 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2010/02/16 12:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/02/16 09:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Start Locations
[2010/02/15 11:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David & Renee\Application Data\BBC Alerts
[2010/02/15 11:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\BBC
[2010/01/07 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/07 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/01 21:43:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/05 08:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/07/22 11:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/25 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/17 12:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/12 20:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/12 14:31:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/22 13:33:36 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 13:33:33 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/22 13:33:28 | 000,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/22 13:33:25 | 000,193,636 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/22 13:33:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/22 13:33:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/22 13:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/22 13:33:12 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\magicpvt.dat
[2010/02/22 13:33:11 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/22 11:48:15 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\David & Renee\NTUSER.DAT
[2010/02/22 11:48:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David & Renee\ntuser.ini
[2010/02/22 11:48:14 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/02/22 11:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 22:51:03 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/21 19:14:51 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\OptimizeDaily.job
[2010/02/21 08:23:16 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 14:57:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/15 19:42:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/15 19:42:19 | 000,000,211 | -H-- | M] () -- C:\boot.ini
[2010/02/15 11:41:05 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\David & Renee\Desktop\BBC Alerts.lnk
[2010/02/09 19:32:16 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/03 12:09:37 | 000,623,525 | ---- | M] () -- D:\My Documents\97CB32C8d01.pdf
[2010/02/02 07:28:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/27 11:05:05 | 000,032,374 | --S- | M] () -- D:\My Documents\Road Trip.rcl
[2010/01/24 09:10:58 | 000,000,072 | -H-- | M] () -- D:\My Documents\maxdesk.ini2
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/17 15:36:13 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/02/16 11:06:51 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/15 11:41:05 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\David & Renee\Desktop\BBC Alerts.lnk
[2010/02/03 12:09:37 | 000,623,525 | ---- | C] () -- D:\My Documents\97CB32C8d01.pdf
[2010/02/02 07:28:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/27 11:05:05 | 000,032,374 | --S- | C] () -- D:\My Documents\Road Trip.rcl
[2009/12/10 11:09:13 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2009/12/10 11:09:13 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2009/10/17 13:40:02 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/10/17 13:40:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/10/17 13:40:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/08/22 09:55:24 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/08/17 12:07:20 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\David & Renee\Application Data\MPUI.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/19 10:32:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/27 15:19:03 | 000,896,444 | ---- | C] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\imageCache7.db
[2009/03/13 12:18:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/03/10 11:10:43 | 000,001,074 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/10 11:10:43 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/10 11:10:27 | 000,000,710 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/10 11:10:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/10 11:04:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/10 11:02:31 | 000,032,099 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/07 22:11:58 | 003,178,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/12/16 09:34:37 | 000,000,249 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2008/12/14 10:46:38 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/14 10:01:46 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2008/12/13 11:39:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/13 11:39:12 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/13 11:39:11 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/12/13 11:39:11 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/12/13 08:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/13 08:36:40 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSyb.DLL
[2008/12/13 08:36:26 | 000,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2008/12/12 19:40:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008/12/12 19:37:05 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008/12/12 19:37:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/12/12 19:37:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008/12/12 15:48:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/12/12 15:48:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/12/12 15:48:34 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/12 15:48:32 | 000,032,834 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/12 15:48:24 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/13 22:05:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/13 22:05:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/13 22:05:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/13 22:05:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/13 22:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/13 22:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Unicode (All) ==========
[2009/12/30 15:54:30 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/12/30 15:54:30 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66633281
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
< End of report >

Here is the Extra File

OTL Extras logfile created on: 22/02/2010 1:42:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.11 Gb Total Space | 158.31 Gb Free Space | 86.45% Space Free | Partition Type: NTFS
Drive D: | 748.40 Gb Total Space | 567.67 Gb Free Space | 75.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 580.45 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINSQUEEZE
Current User Name: David & Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [DrTagBrowse] -- "C:\Program Files\Dr Tag\DrTag\DrTag.exe" "%1" (Aspect one)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:SqueezeCenter 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp
"1723:TCP" = 1723:TCP:*:Disabled:UTorrent
"9001:TCP" = 9001:TCP:*:Enabled:SqueezeCenter 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:SqueezeCenter 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:SqueezeCenter 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:SqueezeCenter 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:SqueezeCenter 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:SqueezeCenter 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:SqueezeCenter 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:SqueezeCenter 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:SqueezeCenter 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:SqueezeCenter 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:SqueezeCenter 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:SqueezeCenter 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:SqueezeCenter 10000 tcp (UI)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe" = C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe -- (Skinkers Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\Bit\utorrent.exe" = C:\Program Files\Bit\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe" = C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe -- (Skinkers Communications)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0EFC334E-0BFE-4387-8E67-A0DAA54D998D}" = AutoRotation Premium
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{62F9F352-A7F7-4051-B2AD-6D1A3C325407}" = OmniPage Pro 11.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-09-09
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22D11A0-DF6A-4DE9-B6E2-62A8C5ECCDDE}" = RPS CRT
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F5294001-AACD-4DD4-B228-CE44AD4C0F87}" = Brother MFL-Pro Suite MFC-5490CN
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}" = ESET NOD32 Antivirus
"7-Zip" = 7-Zip 4.62
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Album Art Downloader XUI" = Album Art Downloader XUI 0.24
"Audacity_is1" = Audacity 1.2.6
"AutoFLAC_is1" = AutoFLAC 1.2
"BBC Alerts" = BBC Alerts (remove only)
"CCleaner" = CCleaner
"CDCheck" = CDCheck
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dr.Tag_is1" = Dr.Tag v3.0.1
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.4.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"EULAlyzer_is1" = EULAlyzer 2.0
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"foobar2000" = foobar2000 v0.9.6
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{1F6423DE-7959-4

#5 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 22 February 2010 - 01:22 PM

I notice there is something in my systems folder with chinese characters. I purchased a copy of Win Office 2007 on Ebay that was listed as genuine which I found to be pirated. I returned the software to the vendor but perhaps when I installed it and then uninstalled it, it left malware on the computer. Should I be concerned, I thought that I removed all traces of the software and had run numerous scans some time ago.

Edited by LostintheWilderness, 23 February 2010 - 07:58 AM.


#6 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 22 February 2010 - 01:25 PM

Here is the Extra file:

OTL Extras logfile created on: 22/02/2010 1:42:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.11 Gb Total Space | 158.31 Gb Free Space | 86.45% Space Free | Partition Type: NTFS
Drive D: | 748.40 Gb Total Space | 567.67 Gb Free Space | 75.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 580.45 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINSQUEEZE
Current User Name: David & Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [DrTagBrowse] -- "C:\Program Files\Dr Tag\DrTag\DrTag.exe" "%1" (Aspect one)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:SqueezeCenter 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp
"1723:TCP" = 1723:TCP:*:Disabled:UTorrent
"9001:TCP" = 9001:TCP:*:Enabled:SqueezeCenter 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:SqueezeCenter 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:SqueezeCenter 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:SqueezeCenter 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:SqueezeCenter 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:SqueezeCenter 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:SqueezeCenter 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:SqueezeCenter 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:SqueezeCenter 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:SqueezeCenter 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:SqueezeCenter 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:SqueezeCenter 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:SqueezeCenter 10000 tcp (UI)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe" = C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe -- (Skinkers Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\Bit\utorrent.exe" = C:\Program Files\Bit\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe" = C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe -- (Skinkers Communications)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0EFC334E-0BFE-4387-8E67-A0DAA54D998D}" = AutoRotation Premium
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{62F9F352-A7F7-4051-B2AD-6D1A3C325407}" = OmniPage Pro 11.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-09-09
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22D11A0-DF6A-4DE9-B6E2-62A8C5ECCDDE}" = RPS CRT
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F5294001-AACD-4DD4-B228-CE44AD4C0F87}" = Brother MFL-Pro Suite MFC-5490CN
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}" = ESET NOD32 Antivirus
"7-Zip" = 7-Zip 4.62
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Album Art Downloader XUI" = Album Art Downloader XUI 0.24
"Audacity_is1" = Audacity 1.2.6
"AutoFLAC_is1" = AutoFLAC 1.2
"BBC Alerts" = BBC Alerts (remove only)
"CCleaner" = CCleaner
"CDCheck" = CDCheck
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dr.Tag_is1" = Dr.Tag v3.0.1
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.4.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"EULAlyzer_is1" = EULAlyzer 2.0
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"foobar2000" = foobar2000 v0.9.6
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"m3uEdit_is1" = m3uEdit 1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MWSnap 3" = MWSnap 3
"MyDefrag v4.2.7_is1" = MyDefrag v4.2.7
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"SMPlayer" = SMPlayer 0.6.7
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SqueezeCenter_is1" = SqueezeCenter 7.3.3
"TagScanner_is1" = TagScanner 5.0 build 525
"Tweak UI 2.10" = Tweak UI
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.5.570
"Web Photo Album_is1" = Web Photo Album 1.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"XRECODE_is1" = XRECODE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"89223c5012ed472a" = Fibonacci Market Timer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/02/2010 2:33:43 PM | Computer Name = MAINSQUEEZE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/02/2010 8:34:22 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:34:36 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:34:52 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:36:50 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:36:55 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:38:30 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:39:44 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:47:29 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:47:57 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

[ System Events ]
Error - 20/02/2010 12:23:24 AM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 20/02/2010 10:13:41 AM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 20/02/2010 6:40:45 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 21/02/2010 8:34:34 AM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 21/02/2010 1:25:12 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 21/02/2010 3:57:15 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 21/02/2010 11:51:25 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 22/02/2010 8:17:15 AM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 22/02/2010 12:48:13 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 22/02/2010 2:33:29 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2


< End of report >

#7 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 23 February 2010 - 01:50 PM

While waiting for your reply I ran Malwarebytes on a full scan; it found nothing. I also ran disk cleanup and emptied old Temp files in Local Settings folder. I have posted new OLT logs below:

OTL logfile created on: 23/02/2010 3:14:57 PM - Run 5
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\David & Renee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.11 Gb Total Space | 160.09 Gb Free Space | 87.43% Space Free | Partition Type: NTFS
Drive D: | 748.40 Gb Total Space | 567.67 Gb Free Space | 75.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 580.45 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINSQUEEZE
Current User Name: David & Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 09:17:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe
PRC - [2010/01/07 16:21:04 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/15 14:15:00 | 010,080,343 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\server\squeezecenter.exe
PRC - [2009/06/15 14:14:34 | 001,814,617 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\SqueezeTray.exe
PRC - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/03/19 10:44:28 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/17 23:55:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 13:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/01/11 07:35:16 | 000,759,728 | ---- | M] (Skinkers Communications) -- C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe
PRC - [2007/10/08 08:56:04 | 002,744,320 | ---- | M] () -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
PRC - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/04/12 17:00:00 | 000,142,336 | ---- | M] () -- C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
PRC - [2006/12/18 21:34:36 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/09/11 18:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/09/11 18:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/09/11 18:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/07/13 06:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/11/20 04:31:50 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2002/08/03 13:33:50 | 000,147,456 | ---- | M] (DaleSoft) -- C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe
PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/23 09:17:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe
MOD - [2008/04/13 19:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [1998/07/27 04:54:06 | 000,038,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXSEH32.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:21:04 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2009/03/26 16:12:14 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/09/17 23:55:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/10/08 08:56:04 | 002,744,320 | ---- | M] () [Auto | Running] -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe -- (MusicIP Server)
SRV - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006/09/11 18:59:28 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 18:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 18:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/01 15:00:46 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/01 15:00:40 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/07/23 18:39:04 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/04/22 13:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 13:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/03/19 10:45:38 | 000,093,848 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/03/19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/03/19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/12/14 11:13:26 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/10/24 17:55:22 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2008/10/24 17:55:22 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2008/09/17 23:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/20 06:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/07 18:16:45 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/07 18:16:45 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/12/17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/16 09:09:06 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/12/12 01:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 06:45:26 | 000,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/09/02 23:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/07 06:57:30 | 000,093,952 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/14 03:26:34 | 000,009,728 | R--- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/15 02:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/25 01:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/09/25 01:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/09/25 01:29:50 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/09/25 01:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/09/25 01:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/09/25 01:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/11/07 04:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wer.microsoft...9a-d280cb7ff34a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.therainfo...s_home_sitenav"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6a
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/02 09:13:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 22:18:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 22:18:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/05/14 18:39:05 | 000,000,000 | ---D | M]

[2009/08/17 12:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Extensions
[2009/08/17 12:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Extensions\MediaCoder
[2010/02/23 11:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions
[2009/07/22 19:37:20 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2009/11/23 11:48:27 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/16 09:08:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/31 14:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/01/07 20:00:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/19 16:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\brief@mozdev.org
[2010/01/31 14:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\flashcatch-amo@flashcatch.com
[2009/12/23 12:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\piclens@cooliris.com
[2009/12/23 12:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\piclens@cooliris.com-trash
[2009/12/19 16:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\ststusscicalc@sunny
[2010/02/23 11:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/09/27 18:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BBC Alerts] C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe (Skinkers Communications)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/02/17 14:32:07 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe (SlimDevices - A Logitech Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup\MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe ()
O4 - Startup: C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup\Shortcut to DTemp.lnk = C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe (DaleSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260144284734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229179877750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David & Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David & Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/12 14:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 09:17:38 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe
[2010/02/17 14:32:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/02/16 19:57:11 | 000,315,280 | ---- | C] (-) -- C:\WINDOWS\System32\Eraser.dll
[2010/02/16 19:57:11 | 000,085,392 | ---- | C] (-) -- C:\WINDOWS\System32\Erasext.dll
[2010/02/16 19:57:10 | 000,075,152 | ---- | C] (-) -- C:\WINDOWS\System32\Eraserl.exe
[2010/02/16 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2010/02/16 19:46:26 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2010/02/16 12:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/02/16 09:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Start Locations
[2010/02/15 11:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David & Renee\Application Data\BBC Alerts
[2010/02/15 11:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\BBC
[2010/01/07 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/07 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/01 21:43:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/05 08:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/07/22 11:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/25 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/17 12:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/12 20:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/12 14:31:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/23 14:44:30 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/23 14:43:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/23 14:43:53 | 000,193,636 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/23 14:43:49 | 000,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/23 14:43:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/23 14:43:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 14:43:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/23 14:43:33 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\magicpvt.dat
[2010/02/23 14:43:32 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 12:08:59 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\David & Renee\NTUSER.DAT
[2010/02/23 12:08:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David & Renee\ntuser.ini
[2010/02/23 12:08:54 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/02/23 11:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/23 09:17:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe
[2010/02/23 09:14:40 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/22 18:39:20 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\OptimizeDaily.job
[2010/02/21 22:51:03 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/21 08:23:16 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 14:57:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/15 19:42:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/15 19:42:19 | 000,000,211 | -H-- | M] () -- C:\boot.ini
[2010/02/15 11:41:05 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\David & Renee\Desktop\BBC Alerts.lnk
[2010/02/09 19:32:16 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/03 12:09:37 | 000,623,525 | ---- | M] () -- D:\My Documents\97CB32C8d01.pdf
[2010/02/02 07:28:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/27 11:05:05 | 000,032,374 | --S- | M] () -- D:\My Documents\Road Trip.rcl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/17 15:36:13 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/02/16 11:06:51 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/15 11:41:05 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\David & Renee\Desktop\BBC Alerts.lnk
[2010/02/03 12:09:37 | 000,623,525 | ---- | C] () -- D:\My Documents\97CB32C8d01.pdf
[2010/02/02 07:28:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/27 11:05:05 | 000,032,374 | --S- | C] () -- D:\My Documents\Road Trip.rcl
[2009/12/10 11:09:13 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2009/12/10 11:09:13 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2009/10/17 13:40:02 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/10/17 13:40:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/10/17 13:40:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/08/22 09:55:24 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/08/17 12:07:20 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\David & Renee\Application Data\MPUI.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/19 10:32:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/27 15:19:03 | 000,896,444 | ---- | C] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\imageCache7.db
[2009/03/13 12:18:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/03/10 11:10:43 | 000,001,074 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/10 11:10:43 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/10 11:10:27 | 000,000,710 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/10 11:10:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/10 11:04:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/10 11:02:31 | 000,032,099 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/07 22:11:58 | 003,178,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/12/16 09:34:37 | 000,000,249 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2008/12/14 10:46:38 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/14 10:01:46 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2008/12/13 11:39:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/13 11:39:12 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/13 11:39:11 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/12/13 11:39:11 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/12/13 08:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/13 08:36:40 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSyb.DLL
[2008/12/13 08:36:26 | 000,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2008/12/12 19:40:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008/12/12 19:37:05 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008/12/12 19:37:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/12/12 19:37:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008/12/12 15:48:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/12/12 15:48:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/12/12 15:48:34 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/12 15:48:32 | 000,032,834 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/12 15:48:24 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/13 22:05:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/13 22:05:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/13 22:05:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/13 22:05:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/13 22:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/13 22:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Files - Unicode (All) ==========
[2009/12/30 15:54:30 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/12/30 15:54:30 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66633281
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
< End of report >

Edited by LostintheWilderness, 23 February 2010 - 02:20 PM.


#8 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 23 February 2010 - 02:21 PM

OTL Extras logfile created on: 23/02/2010 3:14:57 PM - Run 5
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\David & Renee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.11 Gb Total Space | 160.09 Gb Free Space | 87.43% Space Free | Partition Type: NTFS
Drive D: | 748.40 Gb Total Space | 567.67 Gb Free Space | 75.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 580.45 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINSQUEEZE
Current User Name: David & Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [DrTagBrowse] -- "C:\Program Files\Dr Tag\DrTag\DrTag.exe" "%1" (Aspect one)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:SqueezeCenter 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp
"1723:TCP" = 1723:TCP:*:Disabled:UTorrent
"9001:TCP" = 9001:TCP:*:Enabled:SqueezeCenter 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:SqueezeCenter 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:SqueezeCenter 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:SqueezeCenter 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:SqueezeCenter 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:SqueezeCenter 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:SqueezeCenter 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:SqueezeCenter 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:SqueezeCenter 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:SqueezeCenter 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:SqueezeCenter 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:SqueezeCenter 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:SqueezeCenter 10000 tcp (UI)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe" = C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe -- (Skinkers Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe" = C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\Bit\utorrent.exe" = C:\Program Files\Bit\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune -- (SEC)
"C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe" = C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe -- (Skinkers Communications)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0EFC334E-0BFE-4387-8E67-A0DAA54D998D}" = AutoRotation Premium
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{62F9F352-A7F7-4051-B2AD-6D1A3C325407}" = OmniPage Pro 11.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-09-09
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.8
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22D11A0-DF6A-4DE9-B6E2-62A8C5ECCDDE}" = RPS CRT
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F5294001-AACD-4DD4-B228-CE44AD4C0F87}" = Brother MFL-Pro Suite MFC-5490CN
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}" = ESET NOD32 Antivirus
"7-Zip" = 7-Zip 4.62
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Album Art Downloader XUI" = Album Art Downloader XUI 0.24
"Audacity_is1" = Audacity 1.2.6
"AutoFLAC_is1" = AutoFLAC 1.2
"BBC Alerts" = BBC Alerts (remove only)
"CCleaner" = CCleaner
"CDCheck" = CDCheck
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dr.Tag_is1" = Dr.Tag v3.0.1
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.4.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"EULAlyzer_is1" = EULAlyzer 2.0
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"foobar2000" = foobar2000 v0.9.6
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"m3uEdit_is1" = m3uEdit 1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MWSnap 3" = MWSnap 3
"MyDefrag v4.2.7_is1" = MyDefrag v4.2.7
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"SMPlayer" = SMPlayer 0.6.7
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SqueezeCenter_is1" = SqueezeCenter 7.3.3
"TagScanner_is1" = TagScanner 5.0 build 525
"Tweak UI 2.10" = Tweak UI
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.5.570
"Web Photo Album_is1" = Web Photo Album 1.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"XRECODE_is1" = XRECODE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"89223c5012ed472a" = Fibonacci Market Timer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/02/2010 2:33:43 PM | Computer Name = MAINSQUEEZE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16/02/2010 8:34:22 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:34:36 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:34:52 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:36:50 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:36:55 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:38:30 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:39:44 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:47:29 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

Error - 16/02/2010 8:47:57 PM | Computer Name = MAINSQUEEZE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 eraser.exe, P2 6.0.6.1376, P3 4b26dc33, P4 system.windows.forms,
P5 2.0.0.0, P6 4889dee7, P7 16ce, P8 21, P9 system.invalidoperationexception, P10
NIL.

[ System Events ]
Error - 23/02/2010 9:42:50 AM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 23/02/2010 10:13:42 AM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 23/02/2010 10:14:58 AM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 23/02/2010 10:37:00 AM | Computer Name = MAINSQUEEZE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 23/02/2010 11:05:23 AM | Computer Name = MAINSQUEEZE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 23/02/2010 11:17:47 AM | Computer Name = MAINSQUEEZE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 23/02/2010 11:44:18 AM | Computer Name = MAINSQUEEZE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 23/02/2010 1:08:53 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7034
Description = The MagicTuneEngine service terminated unexpectedly. It has done
this 1 time(s).

Error - 23/02/2010 3:43:50 PM | Computer Name = MAINSQUEEZE | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2

Error - 23/02/2010 3:47:42 PM | Computer Name = MAINSQUEEZE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >

#9 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 23 February 2010 - 02:29 PM

Here is a High Jack this as per request in FAQ section:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:28:36 PM, on 23/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe
C:\Program Files\SqueezeCenter\SqueezeTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe
C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~1.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wer.microsoft...9a-d280cb7ff34a
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SEARCH~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
O4 - Startup: Shortcut to DTemp.lnk = C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SEARCH~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SEARCH~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1260144284734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1229179877750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{457EC2F0-B042-4962-8339-5262146B9AC9}: NameServer = 198.235.216.134
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: MusicIP Server - Unknown owner - C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 10073 bytes

#10 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 24 February 2010 - 12:32 PM

Hi again LostintheWilderness and thank you for the logfiles!.. :).

Let's do a little in-depth search:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    rp_skt32.sys
    :regfind
    Security Services Driver (x86)
    RPSKT
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#11 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 24 February 2010 - 12:48 PM

I ran an updated Spybot S&D and it found nothing.Should I be concerned about the System32 file with chinese characters ?
Here is the log:


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:45 on 24/02/2010 by David & Renee (Administrator - Elevation successful)

========== filefind ==========

Searching for "rp_skt32.sys"
No files found.

========== regfind ==========

Searching for "Security Services Driver (x86)"
No data found.

Searching for "RPSKT"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RPSKT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RPSKT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RPSKT]

-=End Of File=-

Edited by LostintheWilderness, 24 February 2010 - 02:22 PM.


#12 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 25 February 2010 - 12:39 PM

Hi again LostintheWilderness!!.. :)..

Should I be concerned about the System32 file with chinese characters ?

No... I cannot tell if they're malicious or not (can be just a leftover), but are probably safe to delete - you can do this manually...

Run the following batch file - let me know if an error stops appearing after this step (and after a reboot):

Please run Notepad and copy the following text in the Code box into a new file:

sc config RPSKT start= disabled
sc stop RPSKT
sc delete RPSKT

Save the file to the Desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. Please note any errors encountered.
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#13 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 25 February 2010 - 01:31 PM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:30 on 25/02/2010 by David & Renee (Administrator - Elevation successful)

No Context: sc config RPSKT start= disabled

No Context: sc stop RPSKT

No Context: sc delete RPSKT

-=End Of File=-

I rebooted and no error messages popped up.I deleted the file with the chinese characters in the file name also. Below is the OLT log afre this was done.

OTL logfile created on: 25/02/2010 2:37:20 PM - Run 6
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\David & Renee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 183.11 Gb Total Space | 158.13 Gb Free Space | 86.36% Space Free | Partition Type: NTFS
Drive D: | 748.40 Gb Total Space | 567.66 Gb Free Space | 75.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 580.45 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINSQUEEZE
Current User Name: David & Renee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 09:17:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe
PRC - [2010/02/18 22:18:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/07 16:21:04 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/15 14:15:00 | 010,080,343 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\server\squeezecenter.exe
PRC - [2009/06/15 14:14:34 | 001,814,617 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\SqueezeTray.exe
PRC - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/03/19 10:44:28 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/17 23:55:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 13:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/01/11 07:35:16 | 000,759,728 | ---- | M] (Skinkers Communications) -- C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe
PRC - [2007/10/08 08:56:04 | 002,744,320 | ---- | M] () -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
PRC - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/04/12 17:00:00 | 000,142,336 | ---- | M] () -- C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
PRC - [2006/12/18 21:34:36 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/09/11 18:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/09/11 18:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/09/11 18:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/07/13 06:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/11/20 04:31:50 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2002/08/03 13:33:50 | 000,147,456 | ---- | M] (DaleSoft) -- C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe
PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/23 09:17:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:21:04 | 000,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2009/03/26 16:12:14 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/19 10:48:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/09/17 23:55:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/10/08 08:56:04 | 002,744,320 | ---- | M] () [Auto | Running] -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe -- (MusicIP Server)
SRV - [2007/08/23 15:05:18 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
SRV - [2006/09/11 18:59:28 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 18:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 18:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 15:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2009/12/01 15:00:46 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/01 15:00:40 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/07/23 18:39:04 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/04/22 13:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 13:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/03/19 10:45:38 | 000,093,848 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/03/19 10:44:34 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/03/19 10:41:38 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/12/14 11:13:26 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/10/24 17:55:22 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2008/10/24 17:55:22 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2008/09/17 23:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/20 06:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/07 18:16:45 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/07 18:16:45 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/12/17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/16 09:09:06 | 000,293,888 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/12/12 01:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 06:45:26 | 000,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/09/02 23:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/07 06:57:30 | 000,093,952 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/14 03:26:34 | 000,009,728 | R--- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/15 02:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/25 01:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/09/25 01:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/09/25 01:29:50 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/09/25 01:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/09/25 01:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/09/25 01:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/11/07 04:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wer.microsoft...9a-d280cb7ff34a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.therainfo...s_home_sitenav"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6a
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/02 09:13:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 22:18:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 22:18:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/05/14 18:39:05 | 000,000,000 | ---D | M]

[2009/08/17 12:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Extensions
[2009/08/17 12:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Extensions\MediaCoder
[2010/02/23 11:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions
[2009/07/22 19:37:20 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2009/11/23 11:48:27 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/16 09:08:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/31 14:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/01/07 20:00:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/19 16:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\brief@mozdev.org
[2010/01/31 14:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\flashcatch-amo@flashcatch.com
[2009/12/23 12:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\piclens@cooliris.com
[2009/12/23 12:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\piclens@cooliris.com-trash
[2009/12/19 16:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David & Renee\Application Data\Mozilla\Firefox\Profiles\pdy4gjox.default\extensions\ststusscicalc@sunny
[2010/02/23 11:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2009/09/27 18:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BBC Alerts] C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe (Skinkers Communications)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/02/17 14:32:07 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SqueezeCenter Tray Tool.lnk = C:\Program Files\SqueezeCenter\SqueezeTray.exe (SlimDevices - A Logitech Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - Startup: C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup\MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe ()
O4 - Startup: C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup\Shortcut to DTemp.lnk = C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe (DaleSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260144284734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229179877750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David & Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David & Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/12 14:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 13:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\SystemLock
[2010/02/23 09:17:38 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe
[2010/02/17 14:32:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/02/16 19:57:11 | 000,315,280 | ---- | C] (-) -- C:\WINDOWS\System32\Eraser.dll
[2010/02/16 19:57:11 | 000,085,392 | ---- | C] (-) -- C:\WINDOWS\System32\Erasext.dll
[2010/02/16 19:57:10 | 000,075,152 | ---- | C] (-) -- C:\WINDOWS\System32\Eraserl.exe
[2010/02/16 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2010/02/16 19:46:26 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2010/02/16 12:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/02/16 09:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auto-Start Locations
[2010/02/15 11:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David & Renee\Application Data\BBC Alerts
[2010/02/15 11:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\BBC
[2010/01/07 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/07 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/01 21:43:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/05 08:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/07/22 11:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/25 20:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/02/17 12:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/12 20:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/12 14:31:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/25 14:33:23 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/25 14:33:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/25 14:33:14 | 000,193,636 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/25 14:33:11 | 000,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/25 14:33:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/25 14:32:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/25 14:32:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/25 14:32:55 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\magicpvt.dat
[2010/02/25 14:32:52 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/25 14:32:16 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\David & Renee\NTUSER.DAT
[2010/02/25 14:31:48 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/02/25 14:26:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/25 10:21:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David & Renee\ntuser.ini
[2010/02/24 19:19:49 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\OptimizeDaily.job
[2010/02/23 09:17:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David & Renee\Desktop\OTL.exe
[2010/02/23 09:14:40 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/21 22:51:03 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/21 08:23:16 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 14:57:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/15 19:42:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/15 19:42:19 | 000,000,211 | -H-- | M] () -- C:\boot.ini
[2010/02/15 11:41:05 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\David & Renee\Desktop\BBC Alerts.lnk
[2010/02/09 19:32:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/03 12:09:37 | 000,623,525 | ---- | M] () -- D:\My Documents\97CB32C8d01.pdf
[2010/02/02 07:28:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/27 11:05:05 | 000,032,374 | --S- | M] () -- D:\My Documents\Road Trip.rcl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/17 15:36:13 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2010/02/16 11:06:51 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/15 11:41:05 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\David & Renee\Desktop\BBC Alerts.lnk
[2010/02/03 12:09:37 | 000,623,525 | ---- | C] () -- D:\My Documents\97CB32C8d01.pdf
[2010/02/02 07:28:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/27 11:05:05 | 000,032,374 | --S- | C] () -- D:\My Documents\Road Trip.rcl
[2009/12/10 11:09:13 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2009/12/10 11:09:13 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2009/10/17 13:40:02 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/10/17 13:40:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/10/17 13:40:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/08/22 09:55:24 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/08/17 12:07:20 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\David & Renee\Application Data\MPUI.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/19 10:32:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/27 15:19:03 | 000,896,444 | ---- | C] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\imageCache7.db
[2009/03/13 12:18:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/03/10 11:10:43 | 000,001,074 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/03/10 11:10:43 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/03/10 11:10:27 | 000,000,710 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/03/10 11:10:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/03/10 11:04:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/03/10 11:02:31 | 000,032,099 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/02/07 22:11:58 | 003,178,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/12/16 09:34:37 | 000,000,249 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2008/12/14 10:46:38 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\David & Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/14 10:01:46 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2008/12/13 11:39:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/13 11:39:12 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/13 11:39:11 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/12/13 11:39:11 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/12/13 08:48:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/13 08:36:40 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSyb.DLL
[2008/12/13 08:36:26 | 000,000,462 | R--- | C] () -- C:\WINDOWS\System32\CNCMP50.INI
[2008/12/12 19:40:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008/12/12 19:37:05 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008/12/12 19:37:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/12/12 19:37:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008/12/12 15:48:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/12/12 15:48:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/12/12 15:48:34 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/12 15:48:32 | 000,032,834 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/12 15:48:24 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/13 22:05:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/13 22:05:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/13 22:05:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/13 22:05:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/13 22:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/13 22:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66633281
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
< End of report >

Edited by LostintheWilderness, 25 February 2010 - 01:41 PM.


#14 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 25 February 2010 - 01:40 PM

Hi again LostintheWilderness!!.. :).

I did not ask you to copy the text in the code box into the SystemLook window... I just asked you to copy it to the Notepad window and save it as a batch file, which needs to be run afterwards... :thumbsup:
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#15 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 25 February 2010 - 01:55 PM

Sorry about that; I think I got it right this time. When I ran the file a black command window opened for a moment then closed. There were no error messages on the screen. I rebooted as normal and no error messages appeared.

I am getting two error messages in Event Viewer under System. One the message I originally mentioned about "the security services driver (x86) service failed to start due to the following error: the system cannot find the file specified. for more information, see help and support center at http://go.microsoft....nk/events.asp." I am not sure if this message still comes up since the bat file was run. The second error message is still there and is "The MagicTuneEngine service terminated unexpectedly. It has done this one time." This service is related to my Samsung monitor and I am not sure if I should uninstall that software or not.

Edited by LostintheWilderness, 25 February 2010 - 02:02 PM.


#16 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 25 February 2010 - 02:54 PM

Hi again!.. :).

I am not sure if this message still comes up since the bat file was run.

It should be ok now, since we deleted that Service... :thumbsup:

The second error message is still there and is "The MagicTuneEngine service terminated unexpectedly. It has done this one time." This service is related to my Samsung monitor and I am not sure if I should uninstall that software or not.

I have no idea why this Service "terminated unexpectedly"... If it's not annoying, I'd just leave it as it is...

You can go to Start --> Run --> write services.msc and click Enter... Then stop the MagicTuneEngine Service and set it to disabled from there (in its properties)... I'm not sure, though, if it will have any impact on how that Samsung's software works (and if loads properly for you)...
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#17 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 25 February 2010 - 03:36 PM

I greatly appreciate your help. Thanks

#18 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 25 February 2010 - 04:30 PM

Hi again!.. :).

I greatly appreciate your help. Thanks

You're welcome!..
You may delete OTL and SystemLook (and their logs) from your Desktop now...

I'll leave that thread opened for two weeks in case you have any additional questions!.. :thumbsup:

:wave:
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#19 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 02 March 2010 - 07:51 AM

I am now getting screen freeze at the logon screen(able to type password in but it will not go past that point and the computer will not shut down just stays on welcome screen).I have also had screen freezes after logon which usually corrects if I don't click on any icons for a minute or so when starting up.

#20 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 02 March 2010 - 05:47 PM

Hi again LostintheWilderness!!.. :).

I'm not sure I understand... You cannot boot into Windows because it freezes at the logon screen, right??..
If yes, I'd try performing a System Restore, provided that you can boot into Safe Mode...

Please reboot into Safe Mode. To do this, press the F8 key just before Windows starts to load and then select Safe Mode from the menu.

Start/Programs/Accessories/System Tools/System Restore. Click the Restore My Computer to an earlier time, next.

If you can boot into Windows, performing a System Restore in Normal Mode won't be a bad idea...

If the above doesn't work, could you tell me when that problem started??..
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#21 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 02 March 2010 - 09:50 PM

Yes this might work. There is another matter that may be related. For the last 3 nights including tonight at about 6 pm my computer shuts down on it's own. It is not going into hibernation it just shuts down. When I reboot there are no blue screens or error messages it starts up normally. I have been away from my computer when this happens but tomorrow I think I will watch it at 6 pm to see exactly what goes on. I know computers will shut down for some Windows updates but 3 nights in a row seems strange.

#22 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 03 March 2010 - 11:27 AM

Hi again LostintheWilderness!!.. :).

Yes this might work.

Ok, let me know how it goes...

For the last 3 nights including tonight at about 6 pm my computer shuts down on it's own. It is not going into hibernation it just shuts down.

You have the following program installed:
APC PowerChute Personal Edition - it has a possibility to schedule a system shutdown... If I were you, I'd just take a look at this program's options/scheduled tasks...

If you can get into Normal Mode, I suggest you uninstall: NVIDIA ForceWare Network Access Manager - it is known for causing problems on some machines - this might be a case here... For example, described by one user here: NVIDIA "hidden firewall" causes networking problem
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#23 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 04 March 2010 - 06:34 PM

This is really weird. I checked with tech support at APC and there is no scheduling option for powering off the computer automatically (you can set it to power the computer down if there is a power failure though), It shut down again tonight at about the same time and I am wondering if in fact it is a virus (as suggested athttp://www.computerhope.com/issues/ch000689.htm). I haven't made any hardware changes heat doesn't seem to be the issue. This all seem to start after we made changes to the Services I had problems with. I am running a virus scan right now.

Ran my Eset anti virus came up with no infection. Ran Trend Micro anti virus still comes up no infection

Edited by LostintheWilderness, 04 March 2010 - 07:45 PM.


#24 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 05 March 2010 - 01:32 PM

Hi again LostintheWilderness!!.. :).

It shut down again tonight at about the same time and I am wondering if in fact it is a virus (as suggested athttp://www.computerhope.com/issues/ch000689.htm). I haven't made any hardware changes heat doesn't seem to be the issue.

"Virus" is rather unlikely here... Nowadays, malware means money, not playing "stupid" games, like turning a computer off... Turning off a computer without any other telltale signs (like displaying some messages) just wouldn't make a sense, if it was a "virus"...

This all seem to start after we made changes to the Services I had problems with.

HHmmm, that's very strange... I reviewed an "installed programs" list once again... There is an entry for: RPS CRT - it's probably a leftover belonging to the software you mentioned in your first post:

I have done a little searching on Google and believe the problem is due to a bad uninstall of security software that my ISP(Sympatico) provided that seemed to cause problems on my computer.


So I suggest you just uninstall RPS CRT...
Did you uninstall NVIDIA ForceWare Network Access Manager as I suggested??..

If it shutdowns always at the very same hour, I believe it has to be scheduled somewhere (any hardware or heat related problems would cause random crashes/shutdowns)... You may want to check BIOS settings (available before your Windows loads) or the settings of other programs running... Looking at the list of processes it can be any of those programs:

PRC - [2010/01/07 16:21:04 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/15 14:15:00 | 010,080,343 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files\SqueezeCenter\server\squeezecenter.exe
PRC - [2009/03/19 10:44:50 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/09/17 23:55:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/11 13:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/01/11 07:35:16 | 000,759,728 | ---- | M] (Skinkers Communications) -- C:\Program Files\BBC\BBC Alerts\BBC_Alerts.exe
PRC - [2007/10/08 08:56:04 | 002,744,320 | ---- | M] () -- C:\Program Files\MusicIP\MusicIP Mixer\MusicMagicServer.exe
PRC - [2007/04/12 17:00:00 | 000,142,336 | ---- | M] () -- C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
PRC - [2006/12/18 21:34:36 | 000,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/09/11 18:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/07/13 06:12:26 | 000,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/11/20 04:31:50 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2002/08/03 13:33:50 | 000,147,456 | ---- | M] (DaleSoft) -- C:\Program Files\S.M.A.R.T\DTemp\DTemp.exe


But none of them (apart from APC PowerChute mentioned earlier) shouldn't cause such "problems"... :think:
Nothing unusual happens before a shutdown??..
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#25 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 05 March 2010 - 03:49 PM

I have removed RPS CRT with Windows Installer Clean Up
and I uninstalled NVIDIA ForceWare Network Access Manager as you suggested
I did have a look in BIOS setting but found no indication of an auto shut down feature being implemented

I will see what happens tonight in another hour or so.

The monitor goes into power saving mode in late afternoon if I don't use it so I am not sure what is on the screen when it shuts down. The one night (2 days ago ) when I was using the computer at around 6 pm the computer did not shut down. I have set power saving options to minimal (ie hard drive does not turn off just monitor)

#26 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 06 March 2010 - 05:27 AM

Hi again LostintheWilderness and thanks for an update!.. :).

I will see what happens tonight in another hour or so.

Did it shutdown automatically yesterday??..
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#27 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 06 March 2010 - 07:19 AM

I replaced the UPS last night and the computer did not shut down; it has been on all night. I would have thought if the battery on the UPS ran dry (Powerchute showed it as fully charged), the mains power would keep the computer on. Not sure if the new UPS was the solution or the last set of uninstalls, but I will keep an eye on it for the next few days at 6pm.

Thanks

#28 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 06 March 2010 - 07:57 AM

Hi again!.. :).

Not sure if the new UPS was the solution or the last set of uninstalls, but I will keep an eye on it for the next few days at 6pm.

Let me know how it goes!.. :thumbup:
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#29 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 21 March 2010 - 02:14 PM

I reckon the problem is resolved and this topic can be closed?.. :).
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#30 LostintheWilderness

LostintheWilderness

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 21 March 2010 - 02:46 PM

Yes. Thanks for your help

#31 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 21 March 2010 - 03:34 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button