Zeena - Blue Screen Message - Pt.1

View previous topic View next topic Go down

Zeena - Blue Screen Message - Pt.1

Post by Zeena on Sat Jan 15, 2011 10:49 pm

Hope you can help me.
It all started with a message about "blue screen" and of course I followed instructions, learned how to check my hardware devices but kept having problems below....
Screen goes on and off, sometimes it just goes black, twice my pc loged itself off
Sound was occassionaly there, depending if I was in safe mode or not, but now it has gone in both
I have (x2) "!" showing in HID, (HID non-user input data filter (LB 911865)
We have had some bad weather here down under (Tasmania) and have had a few power outs, not sure if anything was updating during these times.
I can only use safe mode as normal is just too frustrating having to wait for things to appear on the screen.
I have pasted the OTL below, hope you can see your way to getting my PC back to normal. Thanks in advance for taking the time in reading this and the below.
(PS.. want me to post you any stress tablets?) Smile

Part 1:
OTL logfile created on: 16/01/2011 9:24:20 AM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Sussan\Desktop\Programs Downloaded
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,023.00 Mb Total Physical Memory | 523.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 264.51 Gb Free Space | 88.74% Space Free | Partition Type: NTFS

Computer Name: SUSSAN-E9F19941 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/16 00:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sussan\Desktop\Programs Downloaded\OTL.com
PRC - [2010/12/11 11:25:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/31 20:20:50 | 002,404,232 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/03/31 18:18:14 | 000,143,360 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/16 00:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sussan\Desktop\Programs Downloaded\OTL.com
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/03/22 16:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/31 20:20:50 | 002,404,232 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - [2010/10/17 05:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/31 20:20:54 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/03/31 18:18:30 | 000,150,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP)
DRV - [2009/03/31 18:18:30 | 000,150,544 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/11/17 03:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/13 17:25:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/06/22 10:54:32 | 000,087,424 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2006/12/21 19:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/13 19:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/09/11 22:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 22:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 21:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001/08/18 00:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/01/09 14:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 13:06:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 11:25:20 | 000,000,000 | ---D | M]

[2011/01/11 13:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/01/11 13:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ch9oi3o.default\extensions
[2011/01/11 13:12:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ch9oi3o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/15 18:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 23:22:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/03/10 20:10:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/12/01 15:01:04 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/09/18 10:23:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/18 10:23:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/18 10:23:30 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/18 10:23:30 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/04/28 22:26:45 | 000,257,831 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8962 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (BigPond Wireless Broadband 2.0 Auto Dial) - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll (Telstra)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BigPondWirelessBroadbandCM] C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe (Telstra)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ErrorTeck] File not found
O4 - HKLM..\Run: [lxcgmon.exe] File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DriverCure] File not found
O4 - HKCU..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - HKCU..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} [You must be registered and logged in to see this link.] (SpinTop DRM Control)
O16 - DPF: {18F616CD-4B28-4C47-815A-560AC6A33C8D} [You must be registered and logged in to see this link.] (CPlayFirstEmeraldCitControl Object)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} [You must be registered and logged in to see this link.] (Auctiva Image Uploader Control)
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} [You must be registered and logged in to see this link.] (CPlayFirstNightshiftControl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} [You must be registered and logged in to see this link.] (GameHouse Games Player)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} [You must be registered and logged in to see this link.] (CPlayFirstdreamControl Object)
O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} [You must be registered and logged in to see this link.] (CPlayFirstNightShiftControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} [You must be registered and logged in to see this link.] (SpinTop Games Launcher)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} [You must be registered and logged in to see this link.] (CPlayFirstzenerchiControl Object)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} [You must be registered and logged in to see this link.] (Nokia Media Bar)
O16 - DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} [You must be registered and logged in to see this link.] (CGGPlugin Object)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} [You must be registered and logged in to see this link.] (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} [You must be registered and logged in to see this link.] (AstroAvengerLoader Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} [You must be registered and logged in to see this link.] (CPlayFirstDreamChronControl Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} [You must be registered and logged in to see this link.] (Flash Casino Helper Control)
O16 - DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} [You must be registered and logged in to see this link.] (CPlayFirstChocolatieControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 15:34:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: eBayToolbar - hkey= - key= - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
MsConfig - StartUpReg: EzPrint - hkey= - key= - File not found
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - File not found
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 22:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/01/15 22:32:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/01/14 16:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/01/14 09:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/01/14 09:18:56 | 002,932,840 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/01/14 09:18:56 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/01/14 09:18:56 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2011/01/14 09:18:56 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2011/01/14 09:18:56 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/01/14 09:18:55 | 013,012,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/01/14 09:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/01/14 09:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/01/11 13:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/01/11 13:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/01/11 13:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011/01/11 13:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/11 13:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/11 12:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/11 12:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ErrorTeck
[2011/01/11 12:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/01/11 12:26:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/01/11 12:25:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/01/11 12:20:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/01/11 12:20:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/01/11 12:20:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/01/11 12:20:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/01/11 12:20:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/01/11 12:20:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/01/11 12:20:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/01/11 12:20:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/01/11 12:20:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/01/11 12:20:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/11 12:20:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/01/11 12:20:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/01/11 12:20:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/01/11 12:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/01/11 12:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2011/01/11 12:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/01/11 12:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/01/11 12:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/01/11 12:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/01/11 08:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/01/04 23:22:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/04 23:22:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/04 23:22:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/16 09:17:37 | 000,351,221 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/01/16 09:17:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/16 08:52:34 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/16 08:52:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/16 00:35:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/14 19:26:47 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2011/01/14 19:26:47 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2011/01/14 09:58:33 | 947,541,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/01/14 09:58:33 | 012,050,624 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/01/14 09:46:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/14 09:19:09 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/14 09:19:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/14 09:19:06 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/14 09:19:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/01/13 20:08:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/13 20:03:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/12 21:58:41 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/01/11 18:49:37 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2011/01/11 13:33:58 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/01/11 13:33:58 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/01/11 13:04:53 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/01/11 12:48:52 | 001,961,638 | ---- | M] () -- C:\lxcgUNST.csv
[2010/12/17 10:44:52 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/14 16:55:54 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2011/01/14 16:55:31 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2011/01/14 09:19:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/14 09:19:06 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/14 09:19:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/14 09:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/01/14 09:18:56 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/14 09:18:56 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/01/11 13:04:53 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/01/11 13:04:50 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/01/11 13:04:49 | 000,000,432 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2011/01/10 19:52:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/08 13:30:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/05/17 20:05:13 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2010/04/28 04:35:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/04/25 09:41:33 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/31 21:10:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/01/11 19:17:02 | 000,000,596 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/26 14:02:16 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/01 10:42:46 | 000,000,560 | ---- | C] () -- C:\Program Files\Global.sw
[2008/12/01 10:34:43 | 000,000,140 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/09/22 21:08:58 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/09/22 21:08:58 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/09/22 21:08:58 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/08/30 21:58:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/01 19:40:26 | 000,000,333 | ---- | C] () -- C:\WINDOWS\ICompose.INI
[2008/04/21 19:07:09 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/04/21 19:07:09 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/04/21 19:06:56 | 001,483,776 | ---- | C] () -- C:\WINDOWS\MGXRDR32.DLL
[2008/04/20 13:37:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/04/20 13:37:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/04/20 13:16:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/19 08:32:17 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/19 07:55:45 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/04/19 01:24:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[1999/01/23 05:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/18 15:34:15 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 23:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 21:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/01 10:43:58 | 000,000,560 | ---- | M] () -- C:\Program Files\Global.sw

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/08 21:59:13 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start

Zeena
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-01-15
Gender Gender : Female
OS OS : XP
Protection Protection : Zone Alarm - needs updating
Points Points : 21539
# Likes # Likes : 0

View user profile

Back to top Go down

Zeena - Blue Screen Message - Pt.2

Post by Zeena on Sat Jan 15, 2011 10:52 pm

Part 2...
Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >
[2008/12/01 10:43:58 | 000,000,560 | -H-- | M] () -- C:\WINDOWS\Config\desktop.idf

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/11 11:25:13 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/11 11:25:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/11 11:25:16 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/12/11 11:25:17 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/19 01:23:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/19 01:23:07 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/19 01:23:06 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 23:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 23:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 23:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 23:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 23:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 23:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 23:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 23:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 23:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 23:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 23:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 23:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 23:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 23:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 23:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2009/03/31 20:20:54 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys
[2008/04/14 05:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/10/27 00:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 11:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 11:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 11:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 11:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 11:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 11:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 11:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 11:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 11:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 11:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 11:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 11:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 11:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 11:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/14 11:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 11:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 23:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2008/04/18 15:34:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/11 18:49:37 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2008/04/20 13:34:07 | 000,000,242 | ---- | M] () -- C:\CDFE.log
[2008/04/18 15:34:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/04/18 15:34:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/11 12:48:38 | 000,029,116 | ---- | M] () -- C:\lxcg.log
[2008/04/20 13:34:03 | 000,000,000 | ---- | M] () -- C:\lxcgfire.csv
[2008/04/20 13:35:00 | 000,000,291 | ---- | M] () -- C:\LXCGINST.csv
[2011/01/11 12:48:37 | 000,003,881 | ---- | M] () -- C:\lxcgscan.log
[2010/05/25 10:28:49 | 000,979,508 | ---- | M] () -- C:\lxcgUNST.000
[2011/01/11 12:48:52 | 001,961,638 | ---- | M] () -- C:\lxcgUNST.csv
[2008/04/18 15:34:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/08 21:54:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/16 09:17:07 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/08/21 21:38:21 | 000,008,741 | ---- | M] () -- C:\playground.log
[2009/10/05 09:21:59 | 000,002,073 | ---- | M] () -- C:\rollback.ini
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/07/10 20:29:22 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2008/07/17 17:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010/07/24 12:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/01/29 22:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\Alawar
[2010/11/19 11:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\bfgclient
[2010/02/21 18:38:00 | 000,000,000 | ---D | M] -- C:\Program Files\Born Into Darkness
[2009/02/20 18:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\Broken Sword Trilogy
[2010/01/30 11:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Campfire Legends The Hookman
[2008/05/02 23:59:47 | 000,000,000 | ---D | M] -- C:\Program Files\Can You See What I See
[2010/05/17 19:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/01/11 13:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/04/18 15:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/04/18 16:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/02/18 20:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue
[2010/01/09 14:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/04/02 21:47:09 | 000,000,000 | ---D | M] -- C:\Program Files\Doors of the Mind - Inner Mysteries
[2008/11/24 17:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
[2010/04/25 09:46:05 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/04/25 09:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2010/09/25 22:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/16 17:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\Heroes of Kalevala
[2011/01/15 11:55:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/12/17 10:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/09 15:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/27 22:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\KODAK
[2011/01/11 13:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2010/12/28 09:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Lx_cats
[2010/09/17 21:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Magic Tale
[2010/05/16 22:05:49 | 000,000,000 | ---D | M] -- C:\Program Files\Magicville - Art of Magic
[2008/10/08 22:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/04/21 19:06:35 | 000,000,000 | ---D | M] -- C:\Program Files\Micrografx
[2008/04/20 13:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/02/09 10:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/04/20 13:15:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/02/12 10:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/02/09 10:19:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/12/05 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mortimer Beckett And The Time Paradox
[2010/08/13 11:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/01/14 20:56:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/06/12 15:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mr Smoozles Goes Nutso
[2008/07/21 00:39:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/02/09 10:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/04/19 00:40:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/04/18 15:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/08/31 22:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/21 00:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/05/14 19:21:09 | 000,000,000 | ---D | M] -- C:\Program Files\Murder She Wrote
[2008/12/19 09:12:15 | 000,000,000 | ---D | M] -- C:\Program Files\Navman
[2008/04/18 15:48:11 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/10/08 21:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/04/27 21:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2010/07/30 20:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Nightfall Mysteries - Asylum Conspiracy
[2010/01/09 14:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/10/29 20:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2011/01/14 09:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2008/11/07 19:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\OLYMPUS
[2008/04/18 15:31:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/11 00:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/12/17 10:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/09/27 22:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger
[2010/01/09 14:29:39 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/05/14 23:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Penny Dreadfuls Sweeney Todd
[2008/12/01 15:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\PlayFirst
[2008/11/07 19:39:18 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/01/29 17:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\Rasputins Curse
[2010/11/11 23:04:56 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2008/04/18 15:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/12/01 11:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\Redoubt
[2008/07/21 00:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/05/01 22:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2010/05/27 22:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\Robinson Crusoe and the Cursed Pirates
[2008/12/05 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\SKIPBO Castaway Caper
[2010/11/07 12:29:57 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/12/01 10:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\SoftwrapLicense
[2008/04/19 22:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\SonicWallES
[2009/11/25 11:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/07/25 15:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2008/12/05 12:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Telstra
[2008/12/05 11:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\The Mystery Of The Crystal Portal
[2009/02/27 20:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2010/02/09 19:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Trapped The Abduction
[2008/12/01 12:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2010/10/15 11:44:30 | 000,000,000 | ---D | M] -- C:\Program Files\Twisted Lands - Shadow Town Collector's Edition
[2008/06/25 22:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall
[2008/04/18 15:37:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/24 19:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/02/24 19:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/10/08 21:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/04/18 15:33:44 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/04/18 15:34:40 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/07/10 20:29:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/04/19 07:55:43 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2010/04/05 13:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games

< %appdata%\*.* >
[2008/04/19 01:24:18 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 23:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 05:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 05:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\Win2K\sata_ide\nvata.sys
[2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\WinXP\sata_ide\nvata.sys
[2006/08/21 21:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\Win2K\legacy\nvatabus.sys
[2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\Win2K\sataraid\nvatabus.sys
[2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\WinXP\legacy\nvatabus.sys
[2005/08/18 18:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\6.70\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/10/08 21:50:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/14 05:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 05:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-13 09:15:24

========== Alternate Data Streams ==========

@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC855C73
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48081133
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64170090
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66FC2E6F
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E67073E
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AA3DAA3
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:329BA65B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81410B90
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32FFF2D1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708AB985
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21BB9E99
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43ECEA33
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1610EDC
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EE6560D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76953F21
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB6D0B2
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FBB2B9B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:008586AE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0692342
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50B14AA6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC20549D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E4F05ED
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3651A580
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7857F06
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6407DD2D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB7898D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E68A2AA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DB31C20
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99A29126
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CD8F28F
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF251D87
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5197985B
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D271B34
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2907225
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E667B1E3
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A055C81F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC95B5ED
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7158CB97
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A

< End of report >

Zeena
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-01-15
Gender Gender : Female
OS OS : XP
Protection Protection : Zone Alarm - needs updating
Points Points : 21539
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Zeena - Blue Screen Message - Pt.1

Post by Belahzur on Sun Jan 16, 2011 1:53 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Zeena - Blue Screen Message - not resolved

Post by Zeena on Tue Jan 18, 2011 8:22 am

Did as instructed downloaded Malwarebytes' Anti-Malware and only one showed - logged off and re-started in normal mode, still getting screen going on and off, some dots show on screen.
Also tried;
* Installing printer Epson TX600FW (told me the software you are installing for this hardware has not passed windows logo etc.. (contact the hardware vendor for software that has passed windows logo)
* Message - RPC Server unavailable (I installed the NVIDA graphics driver V260.99)

* Message - Direct 3D functionality not available, you should verify that the driver is a final version from the hardware manf.

* Message - Stop error video device driver

I hope this helps in some way - anything else I can try?

Report from Malwarebytes' Anti-Malware ...
Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5530

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

16/01/2011 7:45:07 PM
mbam-log-2011-01-16 (19-45-07).txt

Scan type: Quick scan
Objects scanned: 156297
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Zeena
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-01-15
Gender Gender : Female
OS OS : XP
Protection Protection : Zone Alarm - needs updating
Points Points : 21539
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Zeena - Blue Screen Message - Pt.1

Post by Belahzur on Wed Jan 19, 2011 2:03 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Zeena - Blue Screen Message - Pt.1

Post by Zeena on Wed Jan 19, 2011 9:04 am

Can you please advise me on how to turn Zone Alam off - I did go into Zone Alarm settings and turned everything to off, but combofix still found it to be active?

Instructions would help heaps.... thank you!

Zeena
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-01-15
Gender Gender : Female
OS OS : XP
Protection Protection : Zone Alarm - needs updating
Points Points : 21539
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Zeena - Blue Screen Message - Pt.1

Post by Belahzur on Thu Jan 20, 2011 1:43 am

Hello.
If needs be, uninstall zonealarm temporarily.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum