Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Recovery From A Serious Error


  • Please log in to reply
2 replies to this topic

#1 mjpwld

mjpwld

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Utah
  • Local time:05:26 PM

Posted 27 January 2006 - 08:28 PM

several months ago i was hijacked. sorry, dont remember the browser redirect. found info on-line to clean. apparently successful, but since then my computer constantly gives me error message "recoverd from a serious error", or just reboots itself without warning, lots of hang ups as well. did get off quite a few send error to microsoft messages with three main replies:

device error but cant tell which one,
ram error (ran microsofts ram checker tool with intermittant error failures),
and a stop error but dont know why.

this all started happening after i got the hijack eliminated(?). i have used spybot, ad-aware, and zone alarm with nothing to report except these:

spybot- whenU and (bundled with i'm sure) bearshare (free edition);
ad-aware- whenU;
zone alarm (today)- whenU universal installer and Win32.Winshow(nothing more specific except mfcxk.dll in windows\system32 tied to the winshow. note: zone alarm crashed (something about a c++ error) and restarted before i could quarantine it and this dll disapeared. scaned again and did not show up).

norton enterprise show no viruses. i realize the errors and hangs and reboots are most likely caused by some intermittantly bad ram, but just in case that hijack left behind something i would really appreciate a looksee at this hijack log. by the way this is the first time using this software so please forgive.
p.s. my wife loves pogo.

Logfile of HijackThis v1.99.1
Scan saved at 2:03:03 PM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HighJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by The Great And Powerful Oz
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O15 - Trusted Zone: http://www.turbotax.intuit.com
O15 - Trusted Zone: http://www.militaryonesource.com
O15 - Trusted Zone: http://www.pogo.com
O15 - Trusted Zone: http://www.turbotax.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.1.53/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.3.28/aces...s-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://www.pogo.com/applet-6.4.2.30/animal...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.4.3.36/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.4.27/batt...x-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.5.1.24/blac...kjack-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.2.30/chec...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.5.1.24/ches...hess2-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.4.1.53/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.2.30/domi...o-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.4.3.36/bing...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.2.30/supe...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.4.3.36/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.4.3.36/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.5.0.45/pool...l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.5.1.24/gin/gin-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.2.30/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.5.1.24/mahj...hjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.4.4.34/mlsl...s-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.5.1.24/paig...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.4.3.36/pebb...e-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.2.30/peng...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.4.2.30/flin...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.4.2.30/pino...e-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.28/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.2.30/popp...a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.4.27/popp...2-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.1.24/hots...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.4.34/squa...s-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.5.1.24/ride/ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.5.0.45/slot...2-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.0.45/spad...s-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.4.2.30/sque...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.24/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.1.46/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.5.1.24/hold...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.4.3.28/peak...s-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.4.34/turb...1-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.1.24/memo...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.4.34/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.2.30/whac...n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.1.53/worl...s-ob-assets.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-tu...l/java/RntX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\System32\FreezeScreenSaver.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


StartupList report, 1/27/2006, 2:44:28 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HighJackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================


Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HighJackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner.PAVILION\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Winter Fun Wallpaper Changer.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
KBD = C:\HP\KBD\KBD.EXE
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
masqform.exe = C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
vptray = C:\Program Files\NavNT\vptray.exe
snpstd = C:\WINDOWS\vsnpstd.exe
Lexmark X1100 Series = "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
CoolSwitch = C:\WINDOWS\system32\taskswitch.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{c23dd370-cb79-11d2-898a-00c04f80a47f}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[6th Street Omaha Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.1.53/omah...a-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\6th Street Omaha Poker by pogo.osd

[Aces Up! by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.28/aces...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Aces Up! by pogo.osd

[Animal Ark by pogo]
CODEBASE = http://www.pogo.com/applet-6.4.2.30/animal...l-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Animal Ark by pogo.osd

[Backgammon by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.36/back...n-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Backgammon by pogo.osd

[Battle Phlinx by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.27/batt...x-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Battle Phlinx by pogo.osd

[Blackjack by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/blac...kjack-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Blackjack by pogo.osd

[Canasta by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Canasta by pogo.osd

[Checkers by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/chec...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Checkers by pogo.osd

[Chess by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/ches...hess2-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Chess by pogo.osd

[Dice Derby by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.1.53/chec...g-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dice Derby by pogo.osd

[Dominoes by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/domi...o-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dominoes by pogo.osd

[EZ Win Bingo by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.36/bing...e-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\EZ Win Bingo by pogo.osd

[First Class Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\First Class Solitaire by pogo.osd

[Fortune Bingo by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/supe...o-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Fortune Bingo by pogo.osd

[Greenback Bayou by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.36/gree...k-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Greenback Bayou by pogo.osd

[Harvest Mania by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.36/harv...t-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Harvest Mania by pogo.osd

[Hearts by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Hearts by pogo.osd

[High Stakes Pool by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.0.45/pool...l-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\High Stakes Pool by pogo.osd

[Jigsaw Detective by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jigsaw Detective by pogo.osd

[Jungle Gin by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/gin/gin-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Jungle Gin by pogo.osd

[Lottso by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/lott...o-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Lottso by pogo.osd

[Mah Jong Garden by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/mahj...hjong-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Mah Jong Garden by pogo.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Multiline Slots by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.34/mlsl...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Multiline Slots by pogo.osd

[Pai Gow by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/paig...aigow-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pai Gow by pogo.osd

[Payday FreeCell by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Payday FreeCell by pogo.osd

[Pebble Beach Golf by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.36/pebb...e-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pebble Beach Golf by pogo.osd

[Penguin Blocks by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/peng...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Penguin Blocks by pogo.osd

[Perfect Pair Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.23/wate...l-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Perfect Pair Solitaire by pogo.osd

[Phlinx by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/flin...r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd

[Pinochle by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/pino...e-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pinochle by pogo.osd

[Pop Fu by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.28/popf...u-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Pop Fu by pogo.osd

[PoppaZoppa by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/popp...a-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\PoppaZoppa by pogo.osd

[Poppit by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.27/popp...2-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Poppit by pogo.osd

[Quick Quack by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/hots...treak-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Quick Quack by pogo.osd

[QWERTY by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.34/squa...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\QWERTY by pogo.osd

[Ride The Tide by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/ride/ride-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Ride The Tide by pogo.osd

[Showbiz Slots 2 by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.0.45/slot...2-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Showbiz Slots 2 by pogo.osd

[Spades by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.0.45/spad...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spades by pogo.osd

[Spider Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.27/spid...r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Spider Solitaire by pogo.osd

[Squelchies by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/sque...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Squelchies by pogo.osd

[Stax by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/stax/stax-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Stax by pogo.osd

[Stellar Sweeper by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Stellar Sweeper by pogo.osd

[Sweet Tooth TM by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.1.46/swee...h-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Sweet Tooth TM by pogo.osd

[Texas Hold'em Poker by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/hold...oldem-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Texas Hold'em Poker by pogo.osd

[Tri-Peaks by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.3.28/peak...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tri-Peaks by pogo.osd

[Turbo 21 TM by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.34/turb...1-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Turbo 21 TM by pogo.osd

[Wonderland Memories by pogo]
CODEBASE = http://game1.pogo.com/applet-6.5.1.24/memo...ories-en_US.cab
OSD = C:\WINDOWS\Downloaded Program Files\Wonderland Memories by pogo.osd

[Word Whomp by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.4.34/word...2-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Word Whomp by pogo.osd

[Word Whomp Whackdown by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/whac...n-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\Word Whomp Whackdown by pogo.osd

[WordJong by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\WordJong by pogo.osd

[World Class Solitaire by pogo]
CODEBASE = http://game1.pogo.com/applet-6.4.1.53/worl...s-ob-assets.cab
OSD = C:\WINDOWS\Downloaded Program Files\World Class Solitaire by pogo.osd

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Live Collaboration]
InProcServer32 = C:\WINDOWS\DOWNLO~1\RntX.dll
CODEBASE = https://livewc01.custhelp.com/7520-b289h-tu...l/java/RntX.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DefWatch: "C:\Program Files\NavNT\defwatch.exe" (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
FreezeScreenSaver: C:\WINDOWS\System32\FreezeScreenSaver.exe (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Net

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,715 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:26 PM

Posted 03 February 2006 - 10:27 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

If you have already followed these steps, then just post a new log as a reply.

#3 mjpwld

mjpwld
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Utah
  • Local time:05:26 PM

Posted 07 February 2006 - 07:40 AM

Well, i think i may have figured this out. One of microsofts crash responses was about a device driver but the usual dont know which one. Upon further reading of the response i noticed something about a graphics controller. Well i reinstalled intels drivers (they were not updates, same drivers) and a few inf files they offered and so far for 4 days i have had no crashes. Fingers crossed. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users