Codec Problems - can only work in safe mode?

M

miss spooky

New member
Afternoon,

My partner was trying to DL K-lite Codec Pk full to use instead of Windows Media Player. He chose this as the reviews for this pack were quite good... He Downloaded it, rebooted the computer and from here things went wrong.
All we get is a blue screen with the following error msg (sorry it's so long):-

***STOP:OXOOOOOOCE (OXF7ODOEO, OXOOOOOOOO, OXF7D02FE0, OXOOOOOOOO DRIVER - UNLOADED-WITHOUT-CANCELLING-PENDING-OPERATIONS***ADDRESS F70D02E0 BASE @ F70D02E0 DATESTAMP 00000000-COLR4-2K.sys

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps
1) Check to make sure any mew hardware /software is properly installed. If this is a new installation ask your hardware / software manufacture for any windows 2000k updates you may need.
2) If problems cantinue disable or remove any new installed hard/software. Disable BLOS Memory Options such as caching or shadowing. If you need to use safemode to remove or disable components restart your computer, press F8 to select advanced Setup options & then select Safe mode.

refer to your Getting Started Manual for more information on troubleshooting stop errors"

He rebooted a couple of times & kept getting same error message. Restarted again in safemode & uninstalled the program he downloaded.

Still unable to restart in normal mode.

Would appreciate your help.

Here's HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 3:16:43 PM, on 12/18/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O15 - Trusted Zone: http://www.freewebs.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130231909123
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131100914278
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zan...ceb99c2a5c7e:844a4f713710b4d6fd84c831d43d35df
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
 
Hello miss spooky,

Welcome to Safer Networking Forums :)

Youch! :sick:

Please download, install, and update AVG Anti-Spyware (formerly Ewido)
  1. Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  2. After the update finishes (the status bar at the bottom will display "Update successful")
  3. Close AVG. Do not run it yet.

I'm assuming you'll still be in safe mode at this point. Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O1 - Hosts: 205.238.40.52 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.1 cache0.winmx.com test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 cache1.winmx.com test3202.winmx.com test3206.winmx.com
O1 - Hosts: 82.43.224.20 cache2.winmx.com test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.204.21.111 cache3.winmx.com test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.204.21.111 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zang...84c831d43d35df

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

  • In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode, if you can.


Download the Hoster Here
http://www.funkytoad.com/download/hoster.zip

Unzip Hoster to your desktop

Open up the Hoster program.

* Make sure that the "make hosts writable?" button in the upper right corner is enabled.
* Click back up Host files
* then click Restore orginal host files
* close program

In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

Thanks,
tea
 
Hello Teacup61,

Thank you for helping me.

Updated AVG. Checked items listed above in HJT, on fixing items I had 2 error messages. I've done a screen dump if you want to see first one as it was quite long... following message read " HiJackThis could not write the selected changes to your host file. The probable cause is that some program is denying access to it, or that your user account does not have the rights to write it". The check in question was:-
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zang...84c831d43d35df

althought it has gone.

Ran AVG, no infections found, therfore no report.

Unable to restart in normal mode as blue screen with original stop message still appears so still in "Safe Mode Directory Service Repair". Therefore I have not run Hoster as I wasn't sure if this was just to be run in normal mode.

HJT Log 23.12.06:-

Logfile of HijackThis v1.99.1
Scan saved at 10:00:31 PM, on 12/23/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O15 - Trusted Zone: http://www.freewebs.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130231909123
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131100914278
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Happy Christmas.:present:
 
Hello,

AVG AntiVirus and AVG AntiSpyware are 2 different things. :) Please download AVG AntiSpyware per my directions above. I'll bet the farm that you get a good long report from it. ;) :spider:

Thanks for the holiday wishes. Merry Christmas to you too.
Gifts1.gif
 
Hi Teacup61,

Hope you've got a farm! Lol.
Here's the AVG Spyware report:-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:41:50 AM 12/24/2006

+ Scan result:



C:\Documents and Settings\Administrator\Local Settings\Temp\ICD1.tmp\SAIX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify.1 -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CLSID -> Adware.CometCursor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CurVer -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\ADZAP -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\AUTOSEARCH -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\ERRORSEARCH -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\FUNBUTTON -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\HistZap -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\REFBUTTON -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\RELATEDSEARCH -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\SEARCHASSIST -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\SMILEYTOWN -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\SUPERCURSORS -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\TRAVELASSIST -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\TRAVELBUTTON -> Adware.CometCursor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-920026266-1957994488-500\Software\Comet Systems\Features\WEBBUTTON -> Adware.CometCursor : Cleaned with backup (quarantined).
C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup (quarantined).
C:\temp\WebRebates_Auto_InstallSilent_Euro.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\temp\WinAdCtlInstPack.exe -> Adware.WinAD : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Adware.WinAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\UDConn.UDConnect -> Dialer.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\UDConn.UDConnect.1 -> Dialer.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\UDConn.UDConnect\CLSID -> Dialer.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\UDConn.UDConnect\CurVer -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgliokazsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-autotrader.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-deltatre.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Tried to reboot into normal mode again but stop message still appears. Haven't run Hoster again for this reason.

Do you guys work over Xmas? Hope not, you all need a break!!

Speak soon.
 
Hello,
Hope you've got a farm! Lol.
Click to expand...
I do actually! :eek: I have goats and chickens.:laugh: With that combination I just discovered the best, freshest egg nog ever! :D:

Could I see an uninstall list, please?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

I'd also need a new HijackThis log, please ma'am. ;)

Thank you!
tea
 
Hello miss spooky,

Could you do a couple of other things for me also, please?

I'd like for you to search for a file. It may be hidden, if it's there, so make sure your search includes hidden files and folders. Search for COLR4-2K.sys. If it's there, right click on it, choose properties, and tell me who the maker is, and version, if any.

Create a Startup List

  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notepad into your next post

Thanks,
tea
 
Morning,

I've never tried eggnog?!?

I ran a search for COLRA-2K.sys but never found anything.:sad:

Uninstall log:-

ABBYY FineReader 5.0 Sprint Plus
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 6.0.1
AMATEURCAMgb
ArcSoft PhotoImpression 4
aspi
AVG Anti-Spyware 7.5
AVG Free Edition
BlueSoleil
BroadJump Client Foundation
CR2
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ESSTUTOR
Freecom Personal Media Suite 1.34
GPL MPEG-1/2 DirectShow Decoder Filter
HijackThis 1.99.1
IncrediMail Xe
IncrediMail Xe
iTunes
Kaspersky On-line Scanner
Kodak EasyShare software
Lexmark X6100 Series
Macromedia Flash Player 8
Microsoft Office 2000 Premium
Microsoft VGX Q833989
Microsoft XML Parser and SDK
MSN Messenger 7.0
MSN Toolbar
My DSC
Nokia Connectivity Cable Driver
Nokia PC Suite
Notifier
QuickTime
Security Update for Windows 2000 (KB904706)
Spybot - Search & Destroy 1.4
Update Rollup 1 for Windows 2000 SP4
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player system update (9 Series)
Windows SR 2.0
WinMX
WinZip
ZipItFast Pro 3.01 - A Free, Fast All in One Archive Utility!

Start Up Log to follow in next post...
 
Cont.

Start up Log:-

StartupList report, 12/25/2006, 9:39:17 AM
StartupList version: 1.52.2
Started from : C:\Antispyware\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Antispyware\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
Lexmark X6100 Series = "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
MPFTray = C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
MISAggregator =
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
msnappau = "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
PCSuiteTrayApplication = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
DataLayer = C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

MigrateMMDrivers = rundll32.exe mmsys.cpl,mmseRunOnce

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c
Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
PcSync = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\WINDOWS\system32\shmgrate.exe" OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "C:\WINDOWS\system32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI file not found*
run=*INI file not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI file not found*
SCRNSAVE.EXE=*INI file not found*
drivers=*INI file not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe is MISSING!
- .reg open command is normal (regedit.exe %1)
- Unable to retrieve file info on regedit.exe!

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

[Shockwave ActiveX Control]
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=48835

[Malicious Software Removal Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebCleaner.dll
CODEBASE = http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130231909123

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131100914278

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.0963773148

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/msnmessengersetupdownloader.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab

[IncrediMail]
CODEBASE = http://www5.incredimail.com/contents/setup/downloader/imloader.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/controls/msnchat45.cab

Cont...
 
Start up log cont...

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\rnr20.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
Protocol #1: C:\WINDOWS\system32\msafd.dll
Protocol #2: C:\WINDOWS\system32\msafd.dll
Protocol #3: C:\WINDOWS\system32\msafd.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
atirage3: System32\DRIVERS\atimpab.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Resident Driver NT: \SystemRoot\System32\Drivers\avg7rsnt.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (autostart)
Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start)
BlueSoleil Hid Service: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (autostart)
Bonifay: System32\DRIVERS\Bonifay.sys (manual start)
Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)
Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start)
Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start)
Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)
Bluetooth Network Filter: \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start)
Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)
DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)
dcptp: system32\DRIVERS\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
ESS Audio Driver (WDM): system32\drivers\ess.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Exportit: system32\DRIVERS\exportit.sys (system)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel(R) 536EP V.92 Modem: System32\DRIVERS\Intels51.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT Apm/Legacy Interface Driver: System32\DRIVERS\NtApm.sys (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
ptssvc: C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe (autostart)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
ScsiAccess: C:\WINDOWS\system32\ScsiAccess.EXE (autostart)
SecDrv: \??\C:\WINDOWS\system32\drivers\SECDRV.SYS (manual start)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
EZ Connect USB to Dual Speed Ethernet Converter: System32\DRIVERS\SMCUSB.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)
Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINDOWS\system32\NETSHELL.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 31,493 bytes
Report generated in 0.691 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Couldn't find COLR4-2K.sys either...

HJT log:-

Logfile of HijackThis v1.99.1
Scan saved at 9:37:45 AM, on 12/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Antispyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O15 - Trusted Zone: http://www.freewebs.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130231909123
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131100914278
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
 
Hi miss spooky,

Teacup is taking some time off but will be back. In the meantime I have been asked to look in. I have been reading this thread.

There's a possibility that you had a typo. So let's dop a search for all sys files and see.


Copy the bold print to notepad. Name the file look.bat SAve it on your desktop.
Then double click on look.bat to run it. When finished, it will create and open a file named results.txt on your desktop. Please post the contents of results.txt into your next reply here.

cd \
dir /s /a *.sys >results.txt
Start notepad results.txt


I hope you're still with us. There are a couple of things we can try to get you back into Windows. One is not difficult at all, if it works. But I would really like to see what this file is first and then take it from there.


Mosaic1
 
Last edited:
Hi Mosaic1,

Thank you for taking over. I guessed Teacup was taking a Xmas break. :coffee:

I've done the scan & here are the results:-

Volume in drive C has no label.
Volume Serial Number is 3869-1805

Directory of C:\

10/09/2004 01:12p 0 MSDOS.SYS
04/23/1999 10:22p 222,390 IO.SYS
12/24/2006 10:51a 419,430,400 PAGEFILE.SYS
3 File(s) 419,652,790 bytes

Directory of C:\WINDOWS\SYSTEM32

05/08/2001 12:00p 9,029 ansi.sys
10/06/2005 09:33a 1,638,672 WIN32K.SYS
05/08/2001 12:00p 4,768 himem.sys
06/19/2003 08:05p 42,537 KEYBOARD.SYS
05/08/2001 12:00p 29,370 ntdos411.sys
05/08/2001 12:00p 29,274 ntdos412.sys
05/08/2001 12:00p 29,146 ntdos404.sys
05/08/2001 12:00p 29,146 ntdos804.sys
06/19/2003 08:05p 33,824 NTIO.SYS
05/08/2001 12:00p 27,097 country.sys
05/08/2001 12:00p 27,866 ntdos.sys
06/19/2003 08:05p 42,809 key01.sys
06/19/2003 08:05p 34,544 ntio404.sys
06/19/2003 08:05p 35,648 ntio411.sys
06/19/2003 08:05p 35,408 ntio412.sys
06/19/2003 08:05p 34,544 ntio804.sys
06/19/2003 08:05p 187,024 spcmdcon.sys
17 File(s) 2,270,706 bytes

Directory of C:\WINDOWS\SYSTEM32\DRIVERS

06/19/2003 08:05p 93,360 ndiswan.sys
05/10/2005 09:20a 513,424 ntfs.sys
06/19/2003 08:05p 37,552 nmnt.sys
09/06/2004 06:06a 161,072 nwrdr.sys
06/19/2003 08:05p 91,408 NWLNKIPX.SYS
06/19/2003 08:05p 65,520 nwlnknb.sys
04/21/2005 08:03a 183,248 rdbss.sys
06/19/2003 08:05p 60,208 parallel.sys
06/19/2003 08:05p 25,104 parport.sys
06/19/2003 08:05p 22,064 pciidex.sys
06/19/2003 08:05p 109,584 pcmcia.sys
06/19/2003 08:05p 60,496 psched.sys
06/19/2003 08:05p 17,680 ptilink.sys
06/19/2003 08:05p 19,920 rasirda.sys
12/02/2004 01:07p 63,280 udfs.sys
05/12/2005 10:25a 320,176 tcpip.sys
06/19/2003 08:05p 62,736 serial.sys
06/19/2003 08:05p 22,064 sonydcam.sys
04/21/2005 08:03a 127,568 AFD.SYS
05/03/2005 09:10a 238,928 SRV.SYS
06/19/2003 08:05p 16,240 tdi.sys
04/14/2005 06:59a 136,880 fltmgr.sys
06/19/2003 08:05p 50,640 videoprt.sys
06/19/2003 08:05p 173,232 UPDATE.SYS
06/19/2003 08:05p 57,264 mf.sys
06/19/2003 08:05p 29,168 modem.sys
06/19/2003 08:05p 59,312 pci.sys
06/19/2003 08:05p 21,776 mouclass.sys
06/19/2003 08:05p 40,176 usbhub.sys
12/12/2002 12:14a 5,248 mspclock.sys
06/19/2003 08:05p 20,688 usbd.sys
06/19/2003 08:05p 32,848 uhcd.sys
07/14/2005 12:24p 74,384 SCSIPORT.SYS
06/19/2003 08:05p 35,344 redbook.sys
06/19/2003 08:05p 34,704 msgpc.sys
05/08/2001 12:00p 57,904 atmarpc.sys
05/08/2001 12:00p 4,080 beep.sys
05/08/2001 12:00p 19,088 cdaudio.sys
04/08/2005 11:51a 175,632 netbt.sys
06/19/2003 08:05p 170,928 ndis.sys
05/08/2001 12:00p 272,496 cinemst2.sys
05/08/2001 12:00p 12,880 class2.sys
06/19/2003 08:05p 9,200 ndistapi.sys
06/19/2003 08:05p 11,792 partmgr.sys
05/08/2001 12:00p 10,064 dxapi.sys
04/30/2005 02:50p 11,860 vbtenum.sys
06/19/2003 08:05p 52,112 rasl2tp.sys
06/19/2003 08:05p 48,464 raspptp.sys
06/19/2003 08:05p 14,160 serenum.sys
05/08/2001 12:00p 34,416 ipfltdrv.sys
05/08/2001 12:00p 19,984 ipinip.sys
06/19/2003 08:05p 10,384 sfloppy.sys
06/19/2003 08:05p 148,400 sfmatalk.sys
05/08/2001 12:00p 4,240 mnmdd.sys
05/08/2001 12:00p 21,328 msfs.sys
07/09/2004 02:58a 15,104 mpe.sys
05/08/2001 12:00p 102,160 nbf.sys
06/19/2003 08:05p 53,552 swmidi.sys
05/08/2001 12:00p 40,432 ndproxy.sys
05/08/2001 12:00p 33,456 netbios.sys
05/08/2001 12:00p 9,680 netdtect.sys
05/08/2001 12:00p 37,040 npfs.sys
05/08/2001 12:00p 2,800 null.sys
05/08/2001 12:00p 12,560 nwlnkflt.sys
05/08/2001 12:00p 35,344 nwlnkfwd.sys
05/08/2001 12:00p 58,480 nwlnkspx.sys
06/19/2003 08:05p 47,568 sysaudio.sys
05/08/2001 12:00p 6,512 parvdm.sys
05/08/2001 12:00p 8,016 rasacd.sys
06/19/2003 08:05p 10,928 tape.sys
06/19/2003 08:05p 32,272 wanarp.sys
05/08/2001 12:00p 16,880 raspti.sys
05/08/2001 12:00p 35,024 rawwan.sys
05/08/2001 12:00p 21,712 rca.sys
05/08/2001 12:00p 6,032 rootmdm.sys
06/19/2003 08:05p 73,872 wdmaud.sys
06/19/2003 08:05p 57,296 irda.sys
06/19/2003 08:05p 10,288 irenum.sys
05/08/2001 12:00p 14,832 smclib.sys
06/19/2003 08:05p 20,208 msircomm.sys
05/08/2001 12:00p 105,840 streams.sys
08/28/2004 10:52p 28,624 SECDRV.SYS
06/19/2003 08:05p 11,984 ndisuio.sys
05/08/2001 12:00p 52,048 tosdvd.sys
05/08/2001 12:00p 22,000 tsbvcap.sys
05/08/2001 12:00p 23,888 usbcamd.sys
05/08/2001 12:00p 59,280 vdmindvd.sys
05/08/2001 12:00p 13,968 vga.sys
06/19/2003 08:05p 19,728 usbehci.sys
05/08/2001 12:00p 4,240 wmilib.sys
05/08/2001 12:00p 12,016 ws2ifsl.sys
05/08/2001 12:00p 12,368 fsvga.sys
05/08/2001 12:00p 88,816 lvcam.sys
05/08/2001 12:00p 79,120 lvcodek.sys
05/08/2001 12:00p 17,424 lvsound.sys
05/08/2001 12:00p 15,120 usbintel.sys
06/19/2003 08:05p 49,776 usbhub20.sys
06/19/2003 08:05p 138,288 usbport.sys
09/21/2003 01:32a 71,888 ksecdd.sys
04/08/2005 11:51a 432,976 mrxsmb.sys
10/27/2006 08:34a 26,912 avg7rsnt.sys
05/20/2004 08:21a 36,918 DcCam.sys
05/20/2004 08:39a 8,022 DcLps.sys
05/20/2004 08:41a 61,564 DcFpoint.sys
06/02/2004 01:17p 151,985 ExportIt.sys
01/16/2006 09:33p 4,288 avg7rsw.sys
10/04/1999 03:03p 13,904 hidusb.sys
05/08/2001 12:00p 33,616 fips.sys
06/02/2004 01:19p 38,705 DCFS2k.sys
06/19/2003 08:05p 21,872 usbprint.sys
06/19/2003 08:05p 12,592 usbscan.sys
12/12/2002 12:14a 5,504 mstee.sys
12/12/2002 12:14a 4,096 swenum.sys
07/09/2004 02:58a 11,392 bdasup.sys
11/15/2006 09:01p 36,592 pxhelp20.sys
11/10/1999 03:34p 71,632 atimpab.sys
05/20/2004 08:45a 68,950 DcPtp.sys
12/12/2002 12:14a 7,424 mskssrv.sys
07/09/2004 02:58a 14,976 streamip.sys
07/09/2004 02:58a 10,112 ndisip.sys
12/02/2004 01:07p 89,328 mup.sys
04/08/2005 11:51a 63,248 cdfs.sys
07/09/2004 02:58a 10,880 slip.sys
09/30/1999 05:26p 64,144 ess.sys
03/30/2004 09:05p 11,904 Bonifay.sys
10/27/2006 08:34a 27,904 avg7rsxp.sys
09/25/1999 10:36a 9,104 NtApm.sys
07/09/2004 02:58a 83,968 nabtsfec.sys
07/09/2004 02:58a 16,384 ccdecode.sys
09/25/1999 10:35a 2,896 audstub.sys
07/09/2004 02:58a 18,688 wstcodec.sys
07/09/2004 02:58a 56,832 msdv.sys
07/19/2005 10:44a 142,288 fastfat.sys
12/12/2002 12:14a 130,304 ks.sys
06/19/2003 08:05p 148,208 portcls.sys
01/16/2006 09:33p 4,992 avgtdi.sys
10/28/1999 03:24p 51,152 DMusic.sys
12/02/2004 01:00p 116,400 ftdisk.sys
08/11/2004 10:42p 67,344 ipnat.sys
08/16/2005 08:40a 30,160 mountmgr.sys
02/02/2005 01:21a 14,408 GEARAspiWDM.sys
06/19/2003 08:05p 21,552 USBSTOR.SYS
01/10/2003 09:30a 25,449 SQCamD.sys
01/10/2003 10:56a 30,921 SQCaptur.sys
12/16/2004 04:32p 13,304 BTNetFilter.sys
10/27/2006 08:34a 778,656 avg7core.sys
06/19/2003 08:05p 42,000 stream.sys
09/25/1999 10:36a 4,816 MSPQM.sys
05/31/2005 03:40p 20,480 blueletaudio.sys
04/28/2003 06:31p 51,169 OXSER.SYS
05/10/2002 01:31p 633,220 Intels51.sys
04/30/2005 02:50p 28,271 BTHidMgr.sys
09/25/1999 10:34a 16,144 MODEMCSA.sys
06/21/2002 09:36a 25,260 SMCUSB.sys
03/21/2004 06:28p 23,420 cdralw2k.sys
03/21/2004 06:28p 58,000 cdr4_2K.sys
03/25/2005 05:18p 82,148 VcommMgr.sys
06/19/2003 08:05p 21,008 agp440.sys
06/19/2003 08:05p 17,840 asyncmac.sys
06/19/2003 08:05p 86,672 atapi.sys
06/19/2003 08:05p 48,496 atmlane.sys
06/19/2003 08:05p 331,088 atmuni.sys
10/19/2004 01:37p 61,312 VComm.sys
06/19/2003 08:05p 27,984 cdrom.sys
06/19/2003 08:05p 34,832 classpnp.sys
06/19/2003 08:05p 30,768 DISK.SYS
06/19/2003 08:05p 14,288 diskdump.sys
06/19/2003 08:05p 7,728 diskperf.sys
06/19/2003 08:05p 56,112 DLC.SYS
06/19/2003 08:05p 369,104 dmboot.sys
06/19/2003 08:05p 137,936 dmio.sys
06/19/2003 08:05p 7,312 dmload.sys
06/19/2003 08:05p 27,440 efs.sys
09/05/2006 04:03p 3,968 AvgAsCln.sys
06/19/2003 08:05p 26,256 fdc.sys
06/19/2003 08:05p 19,312 flpydisk.sys
06/19/2003 08:05p 7,600 fs_rec.sys
06/19/2003 08:05p 24,752 hidclass.sys
06/19/2003 08:05p 23,056 hidparse.sys
06/19/2003 08:05p 46,992 i8042prt.sys
06/19/2003 08:05p 4,624 intelide.sys
06/19/2003 08:05p 64,304 ipsec.sys
06/19/2003 08:05p 19,952 irsir.sys
06/19/2003 08:05p 46,992 isapnp.sys
06/19/2003 08:05p 24,528 kbdclass.sys
06/19/2003 08:05p 148,304 kmixer.sys
02/11/2004 06:29a 48,076 Sio9502k.sys
03/23/2004 03:26a 48,556 SktBt2k.sys
07/03/2003 07:58p 63,488 wssbtr1f.sys
05/31/2005 09:42a 23,000 btcusb.sys
09/21/2004 06:18p 116,021 fw203x.sys
04/30/2005 02:48p 10,804 BtNetDrv.sys
09/21/2004 06:18p 148,830 bcbthub.sys
04/30/2005 02:50p 11,736 VHIDMini.sys
194 File(s) 12,081,621 bytes

Directory of C:\WINDOWS\SYSTEM32\dllcache

05/03/2005 09:10a 238,928 srv.sys
06/19/2003 08:05p 148,208 portcls.sys
06/19/2003 08:05p 42,000 stream.sys
05/08/2001 12:00p 33,616 fips.sys
04/21/2005 08:03a 127,568 afd.sys
04/08/2005 11:51a 63,248 cdfs.sys
07/19/2005 10:44a 142,288 fastfat.sys
10/06/2005 09:33a 1,638,672 win32k.sys
09/21/2003 01:32a 71,888 ksecdd.sys
06/19/2003 08:05p 33,824 NTIO.SYS
05/10/2005 09:20a 513,424 ntfs.sys
07/14/2005 12:24p 74,384 scsiport.sys
12/02/2004 01:07p 63,280 udfs.sys
06/19/2003 08:05p 21,872 usbprint.sys
06/19/2003 08:05p 12,592 usbscan.sys
10/04/1999 03:03p 13,904 hidusb.sys
05/08/2001 12:00p 9,029 ansi.sys
12/12/2002 12:14a 130,304 ks.sys
12/12/2002 12:14a 5,248 mspclock.sys
12/12/2002 12:14a 7,424 mskssrv.sys
12/12/2002 12:14a 4,096 swenum.sys
12/12/2002 12:14a 5,504 mstee.sys
07/09/2004 02:58a 16,384 ccdecode.sys
05/08/2001 12:00p 57,904 atmarpc.sys
07/09/2004 02:58a 56,832 msdv.sys
06/19/2003 08:05p 21,552 usbstor.sys
05/08/2001 12:00p 4,080 beep.sys
05/08/2001 12:00p 11,376 busmouse.sys
04/08/2005 11:51a 175,632 netbt.sys
05/08/2001 12:00p 27,097 country.sys
06/19/2003 08:05p 16,240 tdi.sys
08/16/2005 08:40a 30,160 mountmgr.sys
06/19/2003 08:05p 34,544 ntio404.sys
06/19/2003 08:05p 35,648 ntio411.sys
06/19/2003 08:05p 35,408 ntio412.sys
05/08/2001 12:00p 12,880 class2.sys
06/19/2003 08:05p 34,544 ntio804.sys
09/06/2004 06:06a 161,072 nwrdr.sys
04/14/2005 06:59a 136,880 fltmgr.sys
12/02/2004 01:00p 116,400 ftdisk.sys
08/11/2004 10:42p 67,344 ipnat.sys
10/24/2004 01:10p 77,680 mqac.sys
05/08/2001 12:00p 10,064 dxapi.sys
04/08/2005 11:51a 432,976 mrxsmb.sys
12/02/2004 01:07p 89,328 mup.sys
04/21/2005 08:03a 183,248 rdbss.sys
05/12/2005 10:25a 320,176 tcpip.sys
05/08/2001 12:00p 4,768 himem.sys
05/08/2001 12:00p 34,416 ipfltdrv.sys
05/08/2001 12:00p 19,984 ipinip.sys
05/08/2001 12:00p 4,240 mnmdd.sys
05/08/2001 12:00p 21,328 msfs.sys
05/08/2001 12:00p 40,432 ndproxy.sys
05/08/2001 12:00p 33,456 netbios.sys
05/08/2001 12:00p 9,680 netdtect.sys
05/08/2001 12:00p 37,040 npfs.sys
05/08/2001 12:00p 3,216 mwsetupk.sys
05/08/2001 12:00p 29,146 ntdos404.sys
05/08/2001 12:00p 29,370 ntdos411.sys
05/08/2001 12:00p 27,866 ntdos.sys
05/08/2001 12:00p 29,274 ntdos412.sys
09/24/1999 11:10a 39,200 mwwdm.sys
05/08/2001 12:00p 29,146 ntdos804.sys
05/08/2001 12:00p 102,160 nbf.sys
05/08/2001 12:00p 6,512 parvdm.sys
05/08/2001 12:00p 2,800 null.sys
05/08/2001 12:00p 12,560 nwlnkflt.sys
05/08/2001 12:00p 35,344 nwlnkfwd.sys
05/08/2001 12:00p 58,480 nwlnkspx.sys
05/08/2001 12:00p 8,016 rasacd.sys
05/08/2001 12:00p 16,880 raspti.sys
05/08/2001 12:00p 35,024 rawwan.sys
05/08/2001 12:00p 6,032 rootmdm.sys
05/08/2001 12:00p 14,832 smclib.sys
05/08/2001 12:00p 105,840 streams.sys
05/08/2001 12:00p 9,328 synth.sys
05/08/2001 12:00p 42,736 sndblst.sys
05/08/2001 12:00p 10,800 tcarc.sys
05/08/2001 12:00p 18,864 trident.sys
05/08/2001 12:00p 12,336 spud.sys
05/08/2001 12:00p 4,240 wmilib.sys
05/08/2001 12:00p 13,968 vga.sys
05/08/2001 12:00p 12,016 ws2ifsl.sys
09/25/1999 10:34a 16,144 modemcsa.sys
84 File(s) 6,504,224 bytes

Cont
 
Cont-

Directory of C:\WINDOWS\ServicePackFiles\i386

06/19/2003 08:05p 59,312 pci.sys
06/19/2003 08:05p 17,520 ppa.sys
06/19/2003 08:05p 27,440 efs.sys
06/19/2003 08:05p 56,112 dlc.sys
06/19/2003 08:05p 26,256 fdc.sys
06/19/2003 08:05p 120,240 afd.sys
06/19/2003 08:05p 85,776 ibmfent5.sys
06/19/2003 08:05p 85,776 hptxnt5.sys
06/19/2003 08:05p 85,776 e100bnt5.sys
06/19/2003 08:05p 87,888 mup.sys
06/19/2003 08:05p 57,264 mf.sys
06/19/2003 08:05p 113,744 ks.sys
06/19/2003 08:05p 16,240 tdi.sys
06/19/2003 08:05p 33,824 ntio.sys
06/19/2003 08:05p 244,944 srv.sys
06/19/2003 08:05p 534,192 ntfs.sys
06/19/2003 08:05p 37,552 nmnt.sys
06/19/2003 08:05p 75,536 mqac.sys
06/19/2003 08:05p 16,048 ppa3.sys
06/19/2003 08:05p 55,920 msdv.sys
06/19/2003 08:05p 29,264 mountmgr.sys
06/19/2003 08:05p 50,640 videoprt.sys
06/19/2003 08:05p 170,928 ndis.sys
06/19/2003 08:05p 12,688 dot4prt.sys
06/19/2003 08:05p 9,968 adicvls.sys
06/19/2003 08:05p 57,296 irda.sys
06/19/2003 08:05p 12,912 hpmc.sys
06/19/2003 08:05p 44,208 dot4.sys
06/19/2003 08:05p 137,936 dmio.sys
06/19/2003 08:05p 30,768 disk.sys
06/19/2003 08:05p 24,752 hidclass.sys
06/19/2003 08:05p 148,208 portcls.sys
05/08/2001 12:00p 33,616 fips.sys
06/19/2003 08:05p 163,120 acpi.sys
06/19/2003 08:05p 61,680 cdfs.sys
06/19/2003 08:05p 62,672 udfs.sys
06/19/2003 08:05p 6,608 dlttape.sys
06/19/2003 08:05p 32,848 uhcd.sys
06/19/2003 08:05p 10,928 tape.sys
06/19/2003 08:05p 21,776 mouclass.sys
06/19/2003 08:05p 23,056 hidparse.sys
06/19/2003 08:05p 20,688 usbd.sys
06/19/2003 08:05p 29,168 modem.sys
06/19/2003 08:05p 24,784 openhci.sys
06/19/2003 08:05p 9,392 seaddsmc.sys
06/19/2003 08:05p 9,680 ddsmc.sys
06/19/2003 08:05p 10,256 nsmmc.sys
06/19/2003 08:05p 18,928 hidbatt.sys
06/19/2003 08:05p 5,168 mstee.sys
06/19/2003 08:05p 34,704 msgpc.sys
06/19/2003 08:05p 11,856 examc.sys
06/19/2003 08:05p 168,624 netbt.sys
06/19/2003 08:05p 140,016 icam3.sys
06/19/2003 08:05p 9,968 jvcmc.sys
06/19/2003 08:05p 9,776 snyaitmc.sys
06/19/2003 08:05p 9,424 atlmc.sys
06/19/2003 08:05p 42,809 key01.sys
06/19/2003 08:05p 86,672 atapi.sys
06/19/2003 08:05p 67,120 ipnat.sys
06/19/2003 08:05p 19,952 irsir.sys
06/19/2003 08:05p 27,984 cdrom.sys
06/19/2003 08:05p 64,304 ipsec.sys
06/19/2003 08:05p 7,184 battc.sys
06/19/2003 08:05p 332,144 tcpip.sys
06/19/2003 08:05p 161,072 nwrdr.sys
05/08/2001 12:00p 27,866 ntdos.sys
06/19/2003 08:05p 10,928 4mmdat.sys
06/19/2003 08:05p 10,288 stkmc.sys
06/19/2003 08:05p 9,808 pnrmc.sys
06/19/2003 08:05p 9,200 ndistapi.sys
06/19/2003 08:05p 34,544 ntio804.sys
06/19/2003 08:05p 34,544 ntio404.sys
06/19/2003 08:05p 35,648 ntio411.sys
06/19/2003 08:05p 35,408 ntio412.sys
06/19/2003 08:05p 174,800 rdbss.sys
06/19/2003 08:05p 4,624 intelide.sys
06/19/2003 08:05p 35,760 sbp2port.sys
06/19/2003 08:05p 74,192 scsiport.sys
06/19/2003 08:05p 11,632 scsiprnt.sys
06/19/2003 08:05p 9,808 gameenum.sys
06/19/2003 08:05p 73,872 wdmaud.sys
06/19/2003 08:05p 42,000 stream.sys
06/19/2003 08:05p 10,160 spctramc.sys
06/19/2003 08:05p 22,416 viaagp.sys
06/19/2003 08:05p 173,232 update.sys
06/19/2003 08:05p 32,272 wanarp.sys
06/19/2003 08:05p 22,768 usbser.sys
06/19/2003 08:05p 40,176 usbhub.sys
06/19/2003 08:05p 8,848 qntmmc.sys
06/19/2003 08:05p 65,520 nwlnknb.sys
05/04/2001 12:05p 27,120 symc8xx.sys
06/19/2003 08:05p 17,840 asyncmac.sys
06/19/2003 08:05p 1,717,936 win32k.sys
06/19/2003 08:05p 10,768 qlstrmc.sys
06/19/2003 08:05p 109,584 pcmcia.sys
06/19/2003 08:05p 3,088 pciide.sys
06/19/2003 08:05p 62,736 serial.sys
06/19/2003 08:05p 34,832 classpnp.sys
06/19/2003 08:05p 11,120 plasmc.sys
06/19/2003 08:05p 53,552 swmidi.sys
06/19/2003 08:05p 11,792 partmgr.sys
06/19/2003 08:05p 11,632 mouhid.sys
06/19/2003 08:05p 25,104 parport.sys
06/19/2003 08:05p 37,680 ohci1394.sys
06/19/2003 08:05p 187,024 spcmdcon.sys
06/19/2003 08:05p 12,432 sonymc.sys
06/19/2003 08:05p 22,064 pciidex.sys
06/19/2003 08:05p 10,384 sfloppy.sys
06/19/2003 08:05p 60,496 psched.sys
06/19/2003 08:05p 382,128 setupdd.sys
06/19/2003 08:05p 48,496 atmlane.sys
06/19/2003 08:05p 418,640 mrxsmb.sys
06/19/2003 08:05p 148,400 sfmatalk.sys
06/19/2003 08:05p 71,888 ksecdd.sys
05/04/2001 12:05p 104,720 ibmtrp.sys
06/19/2003 08:05p 14,160 serenum.sys
06/19/2003 08:05p 21,872 usbprint.sys
06/19/2003 08:05p 60,208 parallel.sys
06/19/2003 08:05p 14,288 diskdump.sys
06/19/2003 08:05p 68,336 i81xnt5.sys
06/19/2003 08:05p 9,392 breecemc.sys
06/19/2003 08:05p 46,992 i8042prt.sys
06/19/2003 08:05p 369,104 dmboot.sys
06/19/2003 08:05p 7,312 dmload.sys
05/08/2001 12:00p 27,097 country.sys
06/19/2003 08:05p 35,344 redbook.sys
06/19/2003 08:05p 91,408 nwlnkipx.sys
06/19/2003 08:05p 21,552 usbstor.sys
06/19/2003 08:05p 22,064 sonydcam.sys
06/19/2003 08:05p 138,288 usbport.sys
06/19/2003 08:05p 12,592 usbscan.sys
06/19/2003 08:05p 47,568 sysaudio.sys
06/19/2003 08:05p 17,680 ptilink.sys
06/19/2003 08:05p 46,992 isapnp.sys
06/19/2003 08:05p 10,288 irenum.sys
06/19/2003 08:05p 11,984 ndisuio.sys
06/19/2003 08:05p 49,776 usbhub20.sys
06/19/2003 08:05p 19,728 usbehci.sys
06/19/2003 08:05p 93,360 ndiswan.sys
06/19/2003 08:05p 10,448 discmc.sys
06/19/2003 08:05p 27,376 smbbatt.sys
06/19/2003 08:05p 148,304 kmixer.sys
06/19/2003 08:05p 9,776 elmsmc.sys
06/19/2003 08:05p 115,504 ftdisk.sys
06/19/2003 08:05p 7,600 fs_rec.sys
06/19/2003 08:05p 7,728 diskperf.sys
06/19/2003 08:05p 24,528 kbdclass.sys
06/19/2003 08:05p 9,904 adicsc.sys
06/19/2003 08:05p 24,176 agpcpq.sys
06/19/2003 08:05p 21,008 agp440.sys
06/19/2003 08:05p 33,328 lp6nds35.sys
06/19/2003 08:05p 11,536 acpiec.sys
06/19/2003 08:05p 9,264 compbatt.sys
06/19/2003 08:05p 40,752 1394bus.sys
06/19/2003 08:05p 42,537 keyboard.sys
06/19/2003 08:05p 10,992 cpqarray.sys
05/04/2001 12:05p 597,776 altnd5.sys
06/19/2003 08:05p 331,088 atmuni.sys
05/04/2001 12:05p 104,656 skfpwin.sys
06/19/2003 08:05p 64,432 adpu160m.sys
06/19/2003 08:05p 19,312 flpydisk.sys
06/19/2003 08:05p 140,496 fastfat.sys
06/19/2003 08:05p 48,464 raspptp.sys
06/19/2003 08:05p 52,112 rasl2tp.sys
06/19/2003 08:05p 19,920 rasirda.sys
06/19/2003 08:05p 20,208 msircomm.sys
06/19/2003 08:05p 9,904 cmbatt.sys
167 File(s) 12,137,189 bytes

Directory of C:\WINDOWS\inf

05/08/2001 12:00p 32,528 wbfirdma.sys
1 File(s) 32,528 bytes

Directory of C:\WINDOWS\twain_32\MyDSC

01/10/2003 09:30a 25,449 SQCamD.sys
01/10/2003 10:56a 30,921 SQCaptur.sys
2 File(s) 56,370 bytes

Directory of C:\Program Files\Common Files\Kodak\kodak_dr

06/02/2004 01:19p 38,705 DCFS2k.sys
05/20/2004 08:39a 8,022 DcLps.sys
05/20/2004 08:45a 68,950 DcPtp.sys
06/02/2004 01:17p 151,985 ExportIt.sys
05/20/2004 08:41a 61,564 DcFpoint.sys
05/20/2004 08:21a 36,918 DcCam.sys
6 File(s) 366,144 bytes

Directory of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

09/05/2006 04:03p 3,968 avgascln.sys
09/28/2006 02:13p 4,096 guard.sys
2 File(s) 8,064 bytes

Directory of C:\Program Files\Nokia\Connectivity Cable Driver

02/15/2005 04:57p 9,021 nmwcdcm.sys
02/17/2005 01:48p 140,619 nmwcd.sys
02/15/2005 04:57p 6,300 nmwcdc.sys
3 File(s) 155,940 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k

09/21/2004 06:18p 116,021 fw203x.sys
04/30/2005 02:50p 28,271 BTHidMgr.sys
04/30/2005 02:48p 10,804 BtNetDrv.sys
09/21/2004 06:18p 148,830 bcbthub.sys
04/30/2005 02:50p 11,860 VBTEnum.sys
10/19/2004 01:37p 61,312 VComm.sys
03/25/2005 05:18p 82,148 VcommMgr.sys
04/30/2005 02:50p 11,736 VHIDMini.sys
05/31/2005 03:40p 20,480 blueletaudio.sys
12/16/2004 04:32p 13,304 BTNetFilter.sys
10 File(s) 504,766 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\driver\USB

05/31/2005 09:42a 23,000 btcusb.sys
1 File(s) 23,000 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\driver\PCMCIA

05/30/2001 05:21a 31,677 Btpcmcia.sys
11/25/2002 01:23a 12,240 wppcmcia.sys
2 File(s) 43,917 bytes

Directory of C:\Program Files\IVT Corporation\BlueSoleil\driver\PCMCIA\socket

03/23/2004 10:26a 48,556 SktBt2k.sys
1 File(s) 48,556 bytes

Directory of C:\Documents and Settings\Administrator\My Documents\Misc

04/01/2003 02:39a 211,788 PL2507U.SYS
10/05/2001 01:54p 33,669 tpp300.sys
10/05/2001 01:54p 8,650 tppiosmp.sys
3 File(s) 254,107 bytes

Directory of C:\MSDOS7

04/23/1999 10:22p 9,719 ansi.sys
04/23/1999 10:22p 30,742 country.sys
04/23/1999 10:22p 17,175 display.sys
04/23/1999 10:22p 33,191 himem.sys
04/23/1999 10:22p 3,708 ifshlp.sys
04/23/1999 10:22p 34,566 keyboard.sys
04/23/1999 10:22p 31,942 keybrd2.sys
7 File(s) 161,043 bytes

Total Files Listed:
503 File(s) 454,300,965 bytes
0 Dir(s) 2,493,640,704 bytes free
 
Hi miss spooky,

You're welcome. I see nothing there.

I'd like to see if that file is losted in the bootlog please.

If you go into your windows folder and find this file:
Ntbtlog.txt

Open it up and it will be long. Each successful boot to safe mode adds to it.

Go to the last set of entries:

For example, search for the date you last started and then copy and paste only anything listed after that.



I have to go out for most of the afternoon. But I'll be back later. We can search for a rootkit. But it doesn't seem to be running in safe mode so I am not sure how successful we'll be.

And don't give up. There's another option where we start the last known good configuration from the boot menu and see if that gets you in. But I'd like to wait a little bit on that one.
 
Evening,

Heres the log. There was only one date so I've copied everything:-

Service Pack 412 23 2006 21:49:57.500
Loaded driver \WINDOWS\System32\ntoskrnl.exe
Loaded driver \WINDOWS\System32\hal.dll
Loaded driver \WINDOWS\System32\BOOTVID.dll
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver intelide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver Diskperf.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver PxHelp20.sys
Loaded driver Fastfat.sys
Loaded driver KSecDD.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys053
?Loaded driver BTHidMgr.sys
Loaded driver agp440.sys
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver Standard PC
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Did not load driver Intel(R) 536EP V.92 Modem
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Loaded driver \SystemRoot\system32\DRIVERS\vbtenum.sys
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Loaded driver \SystemRoot\System32\DRIVERS\parallel.sys
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Intel(R) 536EP V.92 Modem
Loaded driver \SystemRoot\System32\Drivers\Cdr4_2K.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\DRIVERS\Bonifay.sys
Loaded driver \SystemRoot\System32\DRIVERS\uhcd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver EZ Connect USB to Dual Speed Ethernet Converter
Did not load driver ISSC Bluetooth Device
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbprint.sys
Did not load driver Lexmark X6100 Series
Did not load driver Lexmark X6100 Series
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\system32\DRIVERS\DcCam.sys
Did not load driver \SystemRoot\system32\DRIVERS\exportit.sys
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Did not load driver \SystemRoot\System32\Drivers\sglfb.SYS
Did not load driver \SystemRoot\System32\Drivers\tga.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Did not load driver mnmdd.SYS
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Did not load driver RasAcd.SYS
Did not load driver Tcpip.SYS
Did not load driver NetBT.SYS
Did not load driver Parport.SYS
Did not load driver Serial.SYS
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver \SystemRoot\System32\DRIVERS\redbook.sys
Did not load driver Avg7Core.SYS
Did not load driver Avg7RsW.SYS
Did not load driver Avg7RsNT.SYS
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Intel(R) 536EP V.92 Modem
Did not load driver ISSC Bluetooth Device
Did not load driver Lexmark X6100 Series
Did not load driver Lexmark X6100 Series
Did not load driver EZ Connect USB to Dual Speed Ethernet Converter
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Did not load driver Bluetooth HID Manager
Did not load driver Bluetooth VComm Manager
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPTP)
Did not load driver Direct Parallel
Did not load driver Bluetooth PAN Network Adapter
Did not load driver NT Apm/Legacy Interface Node
Did not load driver ATI Technologies Inc. 3D RAGE PRO AGP 2X
Did not load driver Intel(R) 536EP V.92 Modem
Did not load driver ISSC Bluetooth Device
Did not load driver Lexmark X6100 Series
Did not load driver Lexmark X6100 Series
Did not load driver EZ Connect USB to Dual Speed Ethernet Converter
Did not load driver ES1869 Control Interface (WDM)
Did not load driver ES1869 Plug and Play AudioDrive (WDM)
Did not load driver ECP Printer Port
Did not load driver Communications Port
Did not load driver Communications Port
Did not load driver Microsoft WINMM WDM Audio Compatibility Driver
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Aslo my partner has just said that he has tried to reboot from last known good reboot, but we still end up at blue screen & error msg.

I'm working tonight so won't be back now until tom afternoon / evening.

Speak soon.

Thanks.
 
We can try booting another style. Like not loading the video or sound and seeing if that gets you into regular windows. That would be a way of narrowing down the conflict.
But what really bothers me is that you have an error mentioning a sys file and we can't find that file or any information on it on Google.


You can only start in Safe Mode. I have not been posting to the logs in a long time, but I do research.

So I am going to ask you to run a rootkit detector program. However, I am not sure it will run in safe mode. Let's try anyway.

Download gmer from this link:

http://www.majorgeeks.com/GMER_d5198.html

Unzip and double click the gmer.exe file
Select rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Press scan
When it has finished press save.

Post back the log it creates.
Repeat the process with the Autostarts tab and do the same.
__________________


Do you have an install CD? And /or do you already have Recovery Console installed?

The reason I ask is that we might be able to find that file by booting to Recovery console. Then a copy of the file to another location so we can examine it.


-------------------------

Let's try gmer fisrt and take it fom there. Let me know about the install CD please.

--------------------
 
Last edited:
I also noticed that your startuplist shows regedit.exe as missing.

That is a file you need.
 
Evening,

No more nights for a while now!!

I downloaded gmer.exe but when I went to unzip it then open it the comp rebooted itself. It is doing this everytime I try to open file.

The error message clears to quick to read but I mamaged to get ***stop.....
kmode exception_not_handled

With regards to an install cd, I bought the comp from the paper a cpouple of years ago, but I never got the cd's. I could probably get hold of one if we need to. I'm not sure about recovery console.

I do have rootkitreviver installed but I haven't tried that as I'm not sure whether it's the same sort of program...
 
Buying a computer without the install CD is not a good idea. Now you can't format and reinstall if you ever have a major problem if you don't have an install CD. And I am reluctant to try anything dramatic.

I see this computer was actually upgraded from a windows 98 system. That means we may be able to use DOS. That is, if the File system was never changed to NTFS.

Let's find out. Double click on My Computer. Right click on the C:\ drive icon and then click on Properties. You'll see File System there, Is it FAT32 or NTFS?


Go ahead and run Rootkit Revealer. Again, I'm not sure it will run. But let's see.

I'd also like to see if we can get you into normal widnows mode, but using the VGA drivers like those used in Safe mode. That will require an edit of boot.ini.

But again, No CD, No Recovery Console = Not good. If you can use Dos, I prefer that. We'll have to see what filesystem is on that disc.

I'd like to have a look in
Event Viewer for system and application errors too please. It may e easier for me to just go through those.

When Event Viewer opens Right click on Application and click
Save Log file as And give the file a name like apps. Leave the file type alone.
By default it will save as .evt

Find apps.evt and email it to me as an attachment please.

Do the same for system Right click on system and save the log file as sys.evt

I'll load these files into my event viewer and see if there's any information we are in need of.

My email is: edited out now.

Replace the AT with an @ for the email to work please.


-------------

Finally, I need to look at your boot.ini

Can you copy that and send it along too please? That will be found in C:\ too

We'll edit it to add a menu item to load windows with basevideo. And I want to see if there is an MSDOS item on your bootmenu too.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top