Forum Home
Press F1
Thread ID: 95893	2008-12-20 08:48:00	Windows Explorer Errors_crash &freeze com	gza (13233)	Press F1

Post ID	Timestamp	Content	User
731246	2008-12-20 13:21:00	Well that was a 66% stuff up, I sent you the wrong Trojan Remover & Malwarebites scan logs. Let's see if I get it right this time.... I've noticed that some programs that I removed ages ago are still showing in the logs in the Keys section, probably drivers, and as for that iefdm2.dll file , its still there and is loading at Startup, I just saw it in Task Manager...I'll get on with booting it out asap. just got rid of it by using 'Search' and deleting it from there: then the folder it was in went without protest.: ) The correct scan logs follow now, I hope::: ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.4.2554. For information, email support@simplysup1.com [Unregistered version] Scan started at: 2:05:16 AM 21 Dec 2008 Using Database v7215 Operating System: Windows XP SP2 [Windows XP Media Center Edition Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\gza\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 2:05:16 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************** ********** 2:05:16 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************** ********** 2:05:16 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 2:06:17 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1032192 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 24576 bytes Created: 12/18/2008 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: COMODO Internet Security Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 12/1/2008 Modified: 11/29/2008 Company: Simply Super Software -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 12/12/2008 Modified: 4/16/2007 Company: Realtek Semiconductor Corp. -------------------- Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime C:\Program Files\QuickTime\QTTask.exe 286720 bytes Created: 6/29/2007 Modified: 6/29/2007 Company: Apple Inc. -------------------- Value Name: PWRISOVM.EXE Value Data: C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\PowerISO\PWRISOVM.EXE 217088 bytes Created: 1/20/2008 Modified: 1/20/2008 Company: PowerISO Computing, Inc. -------------------- Value Name: OpwareSE4 Value Data: "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe 79400 bytes Created: 2/4/2007 Modified: 2/4/2007 Company: Nuance Communications, Inc. -------------------- Value Name: NBKeyScan Value Data: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe 1828136 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 267064 bytes Created: 9/26/2007 Modified: 9/26/2007 Company: Apple Inc. -------------------- Value Name: HDInspector.exe Value Data: C:\Program Files\Hard Drive Inspector\HDInspector.exe C:\Program Files\Hard Drive Inspector\HDInspector.exe 1002248 bytes Created: 12/3/2007 Modified: 12/4/2007 Company: Altrixsoft -------------------- Value Name: GrooveMonitor Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 33648 bytes Created: 8/24/2007 Modified: 8/24/2007 Company: Microsoft Corporation -------------------- Value Name: Google Desktop Search Value Data: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 29744 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google -------------------- Value Name: EyelineRun Value Data: "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon C:\Program Files\NCH Software\Eyeline\eyeline.exe 425988 bytes Created: 12/3/2008 Modified: 12/3/2008 Company: -------------------- Value Name: ehTray Value Data: C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ehome\ehtray.exe 50176 bytes Created: 2/4/2008 Modified: 4/14/2008 Company: Microsoft Corporation -------------------- Value Name: COMODO Firewall Pro Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: -------------------- Value Name: CanonMyPrinter Value Data: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 1603152 bytes Created: 11/20/2008 Modified: 4/4/2007 Company: CANON INC. -------------------- Value Name: ATIPTA Value Data: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 344064 bytes Created: 8/29/2008 Modified: 11/30/2004 Company: ATI Technologies, Inc. -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe 40048 bytes Created: 5/11/2007 Modified: 5/11/2007 Company: Adobe Systems Incorporated -------------------- Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: MSMSGS Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background C:\Program Files\Messenger\msmsgs.exe 1694208 bytes Created: 2/3/2008 Modified: 10/14/2004 Company: Microsoft Corporation -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 203720 bytes Created: 11/23/2008 Modified: 11/23/2008 Company: Alcohol Soft Development Team -------------------- Value Name: ctfmon.exe Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: Tunebite Value Data: C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray C:\Program Files\RapidSolution\Tunebite\Tunebite.exe 4998448 bytes Created: 2/1/2008 Modified: 2/1/2008 Company: RapidSolution Software AG -------------------- Value Name: Picasa Media Detector Value Data: C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe 443968 bytes Created: 8/21/2008 Modified: 8/21/2008 Company: Google Inc. -------------------- Value Name: DAEMON Tools Lite Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun C:\Program Files\DAEMON Tools Lite\daemon.exe 490952 bytes Created: 7/25/2008 Modified: 7/25/2008 Company: DT Soft Ltd -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty ************************************************** ********** 2:06:23 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Value: Groove GFS Stub Execution Hook File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 2212224 bytes Created: 8/24/2007 Modified: 8/24/2007 Company: Microsoft Corporation ---------- ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5} File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 304128 bytes Created: 5/26/2008 Modified: 5/26/2008 Company: Microsoft Corporation ---------- ************************************************** ********** 2:06:23 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 2:06:24 AM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\ssmyst.scr C:\WINDOWS\system32\ssmyst.scr 18944 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- ************************************************** ********** 2:06:24 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {10880D85-AAD9-4558-ABDC-2AB1552D831F} Path: "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" C:\Program Files\Common Files\LightScribe\LSRunOnce.exe 451872 bytes Created: 12/5/2007 Modified: 12/5/2007 Company: Hewlett-Packard Company ---------- Key: {621FCD24-4498-4324-A81E-07D331376EDF} Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe 7680 bytes Created: 9/19/2007 Modified: 9/19/2007 Company: ---------- ************************************************** ********** 2:06:25 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************** ********** 2:06:26 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AmdK7 ImagePath: system32\DRIVERS\amdk7.sys C:\WINDOWS\system32\DRIVERS\amdk7.sys 37376 bytes Created: 12/18/2008 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: ATI Smart ImagePath: C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\system32\ati2sgag.exe 516096 bytes Created: 8/29/2008 Modified: 11/30/2004 Company: ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 155160 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: BcmSqlStartupSvc ImagePath: "C:\Program Files\msofree\Business Contact Manager\BcmSqlStartupSvc.exe" C:\Program Files\msofree\Business Contact Manager\BcmSqlStartupSvc.exe 30312 bytes Created: 1/11/2008 Modified: 1/11/2008 Company: Microsoft Corporation ---------- Key: cmdAgent ImagePath: "C:\Program Files\COMODO\Firewall\cmdagent.exe" C:\Program Files\COMODO\Firewall\cmdagent.exe 618232 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: ---------- Key: cmdGuard ImagePath: System32\DRIVERS\cmdguard.sys C:\WINDOWS\System32\DRIVERS\cmdguard.sys 101776 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: COMODO ---------- Key: cmdHlp ImagePath: System32\DRIVERS\cmdhlp.sys C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 31504 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: COMODO ---------- Key: ctac32k ImagePath: System32\drivers\ctac32k.sys C:\WINDOWS\System32\drivers\ctac32k.sys 127948 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctaud2k ImagePath: system32\drivers\ctaud2k.sys C:\WINDOWS\system32\drivers\ctaud2k.sys 837548 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctprxy2k ImagePath: System32\drivers\ctprxy2k.sys C:\WINDOWS\System32\drivers\ctprxy2k.sys 11068 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctsfm2k ImagePath: System32\drivers\ctsfm2k.sys C:\WINDOWS\System32\drivers\ctsfm2k.sys 213860 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: DfSdkS ImagePath: "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe" C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe 410976 bytes Created: 12/20/2008 Modified: 12/17/2008 Company: mst software GmbH, Germany ---------- Key: Droppix Service ImagePath: "C:\Program Files\Common Files\Droppix\DxService.exe" C:\Program Files\Common Files\Droppix\DxService.exe 147456 bytes Created: 2/9/2008 Modified: 11/22/2007 Company: Droppix ---------- Key: ehRecvr ImagePath: C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehRecvr.exe 194560 bytes Created: 2/4/2008 Modified: 8/10/2004 Company: Microsoft Corporation ---------- Key: emupia ImagePath: System32\drivers\emupia2k.sys C:\WINDOWS\System32\drivers\emupia2k.sys 156604 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: EyelineService ImagePath: "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -service C:\Program Files\NCH Software\Eyeline\eyeline.exe 425988 bytes Created: 12/3/2008 Modified: 12/3/2008 Company: ---------- Key: GoogleDesktopManager-093007-112848 ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 29744 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google ---------- Key: gusvc ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 168432 bytes Created: 2/29/2008 Modified: 11/27/2008 Company: Google ---------- Key: ha10kx2k ImagePath: system32\drivers\ha10kx2k.sys C:\WINDOWS\system32\drivers\ha10kx2k.sys 998004 bytes Created: 3/9/2008 Modified: 7/24/2002 Company: Creative Technology Ltd ---------- Key: HDDSvc ImagePath: C:\WINDOWS\system32\HDDSvc.exe C:\WINDOWS\system32\HDDSvc.exe 189704 bytes Created: 12/3/2007 Modified: 12/3/2007 Company: AltrixSoft (http://www.altrixsoft.com/) ---------- Key: HSFHWBS2 ImagePath: system32\DRIVERS\HSFBS2S2.sys C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 220032 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: HSF_DP ImagePath: system32\DRIVERS\HSFDPSP2.sys C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1041536 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 69632 bytes Created: 11/14/2005 Modified: 11/14/2005 Company: Macrovision Corporation ---------- Key: imagedrv ImagePath: System32\Drivers\imagedrv.sys C:\WINDOWS\System32\Drivers\imagedrv.sys 11304 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: imagesrv ImagePath: system32\DRIVERS\imagesrv.sys C:\WINDOWS\system32\DRIVERS\imagesrv.sys 132904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: Inspect ImagePath: System32\DRIVERS\inspect.sys C:\WINDOWS\System32\DRIVERS\inspect.sys 79504 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: COMODO ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- Key: lmimirr ImagePath: system32\DRIVERS\lmimirr.sys C:\WINDOWS\system32\DRIVERS\lmimirr.sys 10144 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: LogMeIn, Inc. ---------- Key: LMIRfsDriver ImagePath: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 46112 bytes Created: 2/24/2008 Modified: 8/3/2007 Company: LogMeIn, Inc. ---------- Key: mcdbus ImagePath: system32\DRIVERS\mcdbus.sys C:\WINDOWS\system32\DRIVERS\mcdbus.sys 116736 bytes Created: 2/22/2008 Modified: 7/28/2008 Company: MagicISO, Inc. ---------- Key: MSSQL$MSSMLBIZ ImagePath: "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 28933976 bytes Created: 4/14/2006 Modified: 4/14/2006 Company: Microsoft Corporation ---------- Key: NCHSSVAD ImagePath: system32\drivers\nchssvad.sys C:\WINDOWS\system32\drivers\nchssvad.sys 26112 bytes Created: 2/17/2008 Modified: 2/17/2008 Company: NCH Swift Sound ---------- Key: Nero BackItUp Scheduler 3 ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 836904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: NMIndexingService ImagePath: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 382248 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: Nero AG ---------- Key: ossrv ImagePath: system32\drivers\ctoss2k.sys C:\WINDOWS\system32\drivers\ctoss2k.sys 195432 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd. ---------- Key: pcouffin ImagePath: System32\Drivers\pcouffin.sys C:\WINDOWS\System32\Drivers\pcouffin.sys 47360 bytes Created: 2/20/2008 Modified: 2/20/2008 Company: VSO Software ---------- Key: PfModNT ImagePath: \??\C:\WINDOWS\system32\PfModNT.sys C:\WINDOWS\system32\PfModNT.sys 6752 bytes Created: 3/9/2008 Modified: 12/17/1999 Company: Creative Technology Ltd. ---------- Key: SANDRA ImagePath: \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Sandra.sys C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Sandra.sys 20384 bytes Created: 12/12/2008 Modified: 11/9/2006 Company: SiSoftware ---------- Key: SandraDataSrv ImagePath: C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe 123064 bytes Created: 12/12/2008 Modified: 11/16/2006 Company: SiSoftware ---------- Key: SandraTheSrv ImagePath: C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe 1138880 bytes Created: 12/12/2008 Modified: 11/16/2006 Company: SiSoftware ---------- Key: Secdrv ImagePath: system32\DRIVERS\secdrv.sys C:\WINDOWS\system32\DRIVERS\secdrv.sys 27440 bytes Created: 12/18/2008 Modified: 8/5/2004 Company: ---------- Key: SerialKeys ImagePath: C:\WINDOWS\system32\skeys.exe C:\WINDOWS\system32\skeys.exe 26112 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: sfman ImagePath: system32\drivers\sfmanm.sys C:\WINDOWS\system32\drivers\sfmanm.sys 36480 bytes Created: 3/8/2008 Modified: 8/17/2001 Company: Creative Technology Ltd. ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: spupdsvc ImagePath: C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\spupdsvc.exe 26488 bytes Created: 2/4/2008 Modified: 8/10/2007 Company: Microsoft Corporation ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 5/29/2007 Modified: 5/29/2007 Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{49616F02-7E33-43B4-9E8B-CD403DA9BBD2} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: tbhsd ImagePath: system32\drivers\tbhsd.sys C:\WINDOWS\system32\drivers\tbhsd.sys 26784 bytes Created: 12/2/2008 Modified: 12/11/2007 Company: RapidSolution Software AG ---------- Key: TVICHW32 ImagePath: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS 23600 bytes Created: 2/9/2008 Modified: 12/4/2007 Company: EnTech Taiwan ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: viaagp ImagePath: system32\DRIVERS\viaagp.sys C:\WINDOWS\system32\DRIVERS\viaagp.sys 42240 bytes Created: 12/18/2008 Modified: 8/4/2004 Company: Microsoft Corporation ---------- Key: viaagp1 ImagePath: system32\DRIVERS\viaagp1.sys C:\WINDOWS\system32\DRIVERS\viaagp1.sys 32128 bytes Created: 9/2/2008 Modified: 7/24/2002 Company: VIA Technologies, Inc. ---------- Key: winachsf ImagePath: system32\DRIVERS\HSFCXTS2.sys C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 685056 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 10/25/2007 Modified: 10/25/2007 Company: Microsoft Corporation ---------- ************************************************** ********** 2:06:38 AM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ************************************************** ********** 2:06:38 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : AtiExtEvent DLLName: Ati2evxx.dll C:\WINDOWS\system32\Ati2evxx.dll 94208 bytes Created: 12/1/2004 Modified: 12/1/2004 Company: ATI Technologies Inc. ---------- Key : LMIinit DLLName: LMIinit.dll C:\WINDOWS\system32\LMIinit.dll 87352 bytes Created: 2/24/2008 Modified: 11/15/2007 Company: LogMeIn, Inc. ---------- ************************************************** ********** 2:06:39 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll 2102568 bytes Created: 8/4/2007 Modified: 8/4/2007 Company: Nero AG ---------- Key: HexWorkshopContextMenu CLSID: {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} Path: C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll 62120 bytes Created: 1/6/2008 Modified: 1/6/2008 Company: BreakPoint Software, Inc. ---------- Key: MagicISO CLSID: {DB85C504-C730-49DD-BEC1-7B39C6103B7A} Path: C:\Program Files\MagicISO\misosh.dll C:\Program Files\MagicISO\misosh.dll 20992 bytes Created: 2/3/2008 Modified: 6/5/2006 Company: MagicISO, Inc. ---------- Key: PowerISO CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} Path: C:\Program Files\PowerISO\PWRISOSH.DLL C:\Program Files\PowerISO\PWRISOSH.DLL 208896 bytes Created: 1/20/2008 Modified: 1/20/2008 Company: PowerISO Computing, Inc. ---------- Key: {0BD4AC2F-20DA-43e6-A2BB-CCA4A39B930D} Path: C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll 253952 bytes Created: 3/2/2008 Modified: 11/22/2007 Company: Droppix ---------- Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4} Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll 255272 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {6E282BDA-5AAA-4EBF-82B3-DD21C3671189} Path: C:\PROGRA~1\Ashampoo\ASHAMP~2\CONTEX~1.DLL C:\PROGRA~1\Ashampoo\ASHAMP~2\CONTEX~1.DLL 633184 bytes Created: 12/20/2008 Modified: 12/17/2008 Company: ---------- ************************************************** ********** 2:06:40 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll 1803560 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: [CLSID does not appear to reference a file] ************************************************** ********** 2:06:40 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 440384 bytes Created: 12/18/2008 Modified: 10/26/2006 Company: Yahoo! Inc. ---------- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 10/22/2006 Modified: 10/22/2006 Company: Adobe Systems Incorporated ---------- Key: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} BHO: C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll 656696 bytes Created: 8/11/2008 Modified: 8/11/2008 Company: BitComet ---------- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 322368 bytes Created: 8/31/2006 Modified: 8/31/2006 Company: Microsoft Corporation ---------- Key: {a33fa729-d155-4b23-842b-2c665ecabdb6} BHO: C:\Program Files\The_Pirate_Bay\tbThe_.dll C:\Program Files\The_Pirate_Bay\tbThe_.dll 1470488 bytes Created: 3/3/2008 Modified: 2/28/2008 Company: Conduit Ltd. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar1.dll c:\program files\google\googletoolbar1.dll -R- 2554944 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google Inc. ---------- Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll 657904 bytes Created: 11/27/2008 Modified: 11/27/2008 Company: Google Inc. ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 544032 bytes Created: 9/27/2006 Modified: 9/27/2006 Company: Microsoft Corporation ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 34816 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- ************************************************** ********** 2:06:43 AM: Scanning ----- SHELLSERVICEOBJECTS ----- Key: WPDShServiceObj CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Path: C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\WPDShServiceObj.dll 133632 bytes Created: 10/18/2006 Modified: 10/18/2006 Company: Microsoft Corporation ---------- ************************************************** ********** 2:06:43 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** ********** 2:06:43 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** ********** 2:06:43 AM: Scanning ----- APPINIT_DLLS ----- No APPINIT_DLLS value found to check ************************************************** ********** 2:06:44 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** ********** 2:06:45 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 113664 bytes Created: 11/29/2008 Modified: 11/4/1999 Company: Adobe Systems, Inc. Adobe Gamma Loader.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 2/4/2008 Modified: 9/2/2008 Company: -------------------- Tirminal.lnk - links to C:\Program Files\Tirminal\Tirminal.exe [file not found to scan] -------------------- ************************************************** ********** 2:07:17 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 12/9/2008 Modified: 9/2/2008 Company: ---------- -------------------- Checking Startup Group for: gza [C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP] The Startup Group for gza attempts to load the following file(s): Connection Keeper.lnk - links to C:\Program Files\Connection Keeper\conkeepm.exe [file not found to scan] ---------- C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 2/3/2008 Modified: 2/3/2008 Company: ---------- C:\Program Files\MagicDisc\MagicDisc.exe 575488 bytes Created: 2/22/2008 Modified: 7/28/2008 Company: MagicISO, Inc. MagicDisc.lnk - links to C:\Program Files\MagicDisc\MagicDisc.exe ---------- OpenOffice.org 2.0.lnk - links to C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [file not found to scan] ---------- ************************************************** ********** 2:07:27 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. Parameters: -task Next Run Time: 12/27/2008 11:29:00 PM Status: The task is ready to run at its next scheduled time Creator: SYSTEM Comments: [blank] ---------- Taskname: Check Updates for Windows Live Toolbar.job File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 90624 bytes Created: 9/27/2006 Modified: 9/27/2006 Company: Microsoft Corporation Parameters: [blank] Next Run Time: 12/21/2008 2:25:00 AM Status: The task is ready to run at its next scheduled time Creator: gza Comments: [blank] ---------- Taskname: Norton Security Scan.job File: C:\Program Files\Norton Security Scan\Nss.exe Parameters: /scan-full /scheduled Next Run Time: 12/26/2008 3:00:00 PM Status: The task is ready to run at its next scheduled time Creator: gza Comments: Norton Security Scan C:\Program Files\Norton Security Scan\Nss.exe [file not found to scan] ---------- Taskname: RegFixPro Scan.job File: C:\Program Files\RegFixPro\RegFixPro.exe Parameters: scheduled Next Run Time: 12/21/2008 12:00:00 PM Status: The task has not yet run Creator: gza Comments: Runs RegFixPro to scan your computer for registry problems. C:\Program Files\RegFixPro\RegFixPro.exe [file not found to scan] ---------- Taskname: Windows Update.job File: C:\WINDOWS\system32\wupdmgr.exe C:\WINDOWS\system32\wupdmgr.exe 32256 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation Parameters: [blank] Next Run Time: Never Status: The task is ready to run at its next scheduled time Creator: gza Comments: [blank] ---------- ************************************************** ********** 2:07:28 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************** ********** 2:07:28 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/1/2008 Modified: 12/19/2008 Company: ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/1/2008 Modified: 12/19/2008 Company: ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************** ********** 2:07:29 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -------------------- C:\Program Files\msofree\Business Contact Manager\BcmSqlStartupSvc.exe - file already scanned -------------------- C:\Program Files\COMODO\Firewall\cmdagent.exe - file already scanned -------------------- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe - file already scanned -------------------- C:\WINDOWS\eHome\ehRecvr.exe - file already scanned -------------------- C:\Program Files\NCH Software\Eyeline\eyeline.exe - file already scanned -------------------- C:\WINDOWS\system32\HDDSvc.exe - file already scanned -------------------- C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -------------------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe - file already scanned -------------------- C:\WINDOWS\system32\spupdsvc.exe - file already scanned -------------------- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -------------------- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned -------------------- C:\Program Files\COMODO\Firewall\cfp.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\SOUNDMAN.EXE - file already scanned -------------------- C:\Program Files\PowerISO\PWRISOVM.EXE - file already scanned -------------------- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe - file already scanned -------------------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe - file already scanned -------------------- C:\Program Files\iTunes\iTunesHelper.exe - file already scanned -------------------- C:\Program Files\Hard Drive Inspector\HDInspector.exe - file already scanned -------------------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - file already scanned -------------------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe - file already scanned -------------------- C:\Program Files\NCH Software\Eyeline\eyeline.exe - file already scanned -------------------- C:\WINDOWS\ehome\ehtray.exe - file already scanned -------------------- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - file already scanned -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned -------------------- C:\Program Files\Messenger\msmsgs.exe - file already scanned -------------------- C:\WINDOWS\system32\SearchIndexer.exe -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\Program Files\RapidSolution\Tunebite\Tunebite.exe - file already scanned -------------------- C:\Program Files\Picasa2\PicasaMediaDetector.exe - file already scanned -------------------- C:\Program Files\DAEMON Tools Lite\daemon.exe - file already scanned -------------------- C:\WINDOWS\eHome\ehmsas.exe -------------------- C:\WINDOWS\ehome\medctrro.exe -------------------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe - file already scanned -------------------- C:\Program Files\MagicDisc\MagicDisc.exe -------------------- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe - file already scanned -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\WINDOWS\system32\wuauclt.exe -------------------- C:\Program Files\iPod\bin\iPodService.exe -------------------- C:\Program Files\Mozilla Firefox\firefox.exe -------------------- C:\WINDOWS\system32\rundll32.exe -------------------- C:\WINDOWS\system32\taskmgr.exe -------------------- C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\vkh12.exe FileSize: 2884472 [This is a Trojan Remover component] -------------------- C:\WINDOWS\system32\wscntfy.exe -------------------- ************************************************** ********** 2:07:38 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************** ********** 2:07:38 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************** ********** 2:07:38 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ********** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": about:blank HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://www.kol.co.nz HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.google.com ************************************************** ********** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 2:07:38 AM 21 Dec 2008 Total Scan time: 00:02:22 ************************************************** ********** Malwarebytes' Anti-Malware 1.30 Database version: 1445 Windows 5.1.2600 Service Pack 2 12/21/2008 12:40:33 AM mbam-log-2008-12-21 (00-40-33).txt Scan type: Quick Scan Objects scanned: 61107 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)	gza (13233)
731247	2008-12-20 19:27:00	Run hijackthis again. Tick these then tick fix checked Close browsers O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" If you didnt do this tick these O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present This maybe malware. Uninstall it O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe It looks like youre using trojan remover 6.7.4. Its upto 6.7.5 Get ccleaner (www.ccleaner.com) Install and run it then click on run cleaner. Close browsers first Then registry tab / scan for issues. Whatever comes up delete it. You can back it up, if you want	Speedy Gonzales (78)
731248	2008-12-21 05:24:00	Hi Speedy, I have performed the above as asked. I used the newest version of HJT that I could get, looks like it is still .v 6.7.4 tough. I was impressed with the clean out C Cleaner did in the Registry. I knew the Registry was full of 'missing links, and references to progams or folders that were no longer on my computer but had left remnants behind. Also, CCR removed a rather stubborn MS Office Pro 2007 Trial's remains and a mass of updates that came after installation of MS Office Trial. Perhaps now the Microsoft SQL Sever 2005 Express Edition Service Pack 2 ( KB921896) will install: its been trying to for weeks. The computer is running like a charm since iefdm2.dll was removed. Thanks for your help. I have posted here an HJT log of a scan done after the removal of chosen items and also a log of the errors that showed in Event viewer per the base of this thread: it is long and repetitive with a few variations in the fault numbers. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:51:35 PM, on 12/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\msofree\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\NCH Software\Eyeline\eyeline.exe C:\WINDOWS\system32\HDDSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\spupdsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hard Drive Inspector\HDInspector.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\NCH Software\Eyeline\eyeline.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RapidSolution\Tunebite\Tunebite.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ehome\medctrro.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kol.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ihug Internet R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [EyelineRun] "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{46766C25-4984-41FE-A35D-8BA3138A5186}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 13186 bytes .................................................. .................................................. ................. .................................................. .................................................. ........... Warning::12/21/2008--12:21:39 AM--Event: 1517-- Source:Userenv Windows saved user ******\gza registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/21/2008--12:19:09AM--Event: 1001-- Source: Application Error Fault bucket 00733296. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 30 30 37 33 33 32 39 36 00733296 0010: 0D 0A >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/21/2008--12:18:40am--Event: 1000-- Source: Applicaton Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning::12/20/2008--11:46:41PM--Event: 1517-- Source: Userenv Windows saved user *******\gza registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:42:39PM--EVent: 1001-- Source: Application Error Fault bucket 628669994. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 36 32 38 36 36 39 39 39 62866999 0010: 34 0D 0A 4.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:41:47PM--Event: 1517-- Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:41:18 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x031916d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 31 fset 031 0050: 39 31 36 64 33 0D 0A 916d3. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/20/2008--8:44:37PM--Event 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--8:44:33PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x03b916d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 62 fset 03b 0050: 39 31 36 64 33 0D 0A 916d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--5:52:40 PM--Event: 1000 Source: Application Error .. Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--5:51:57--Event: 1000-- source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module iefdm2.dll, version 637.0.0.63, fault address 0x000016d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 69 65 66 64 6D in iefdm 0038: 32 2E 64 6C 6C 20 36 33 2.dll 63 0040: 37 2E 30 2E 30 2E 36 33 7.0.0.63 0048: 20 61 74 20 6F 66 66 73 at offs 0050: 65 74 20 30 30 30 30 31 et 00001 0058: 36 64 33 0D 0A 6d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--4:55:09 PM--Event: 1000-- Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--4:53:57 PM--Event: 1000-- Source: Application Error . Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x033d16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 33 fset 033 0050: 64 31 36 64 33 0D 0A d16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/20/2008--4:51:13 PM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--4:50:31 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x028416d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 38 fset 028 0050: 34 31 36 64 33 0D 0A 416d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning::12/20/2008--4:44:23 PM--Event:1517-- Source: Userenv Windows saved user ******\gza registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--4:41:10 PM--Event: 1000-- Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--4:40:35 PM--Event: 1000-- Source: Application Error .Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x023f16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 33 fset 023 0050: 66 31 36 64 33 0D 0A f16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/20/2008--4:40:10 PM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--4:39:04 PM--Event: 1000-- Source: Application Error . Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x025d16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 35 fset 025 0050: 64 31 36 64 33 0D 0A d16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/20/2008--4:24:23 PM--Event : 1517-- Source: Userenv Windows saved user ******\gza registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--2:37:58 PM--Event: 1000-- Source: Application Eror Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--2:36:18 PM--Event: 1000-- Source: Aplication Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x028e16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 38 fset 028 0050: 65 31 36 64 33 0D 0A e16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:49:22 AM--Event: 1000- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x034216d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 34 fset 034 0050: 32 31 36 64 33 0D 0A 216d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning::12/20/2008--11:43:19 AM--Event:1517-- Source: Userenv Windows saved user ******\gza registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/20/2008--11:40:31 AM-Event: 1002-- Source: Application Hang Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 48 61 6E 67 ion Hang 0010: 20 20 72 75 6E 64 6C 6C rundll 0018: 33 32 2E 65 78 65 20 35 32.exe 5 0020: 2E 31 2E 32 36 30 30 2E .1.2600. 0028: 32 31 38 30 20 69 6E 20 2180 in 0030: 68 75 6E 67 61 70 70 20 hungapp 0038: 30 2E 30 2E 30 2E 30 20 0.0.0.0 0040: 61 74 20 6F 66 66 73 65 at offse 0048: 74 20 30 30 30 30 30 30 t 000000 0050: 30 30 00 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:35:14 AM--Event: 1000- Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:34:23 AM--Event: 1000- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00cf16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 30 63 fset 00c 0050: 66 31 36 64 33 0D 0A f16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning::12/20/2008--11:28:09 AM--Event:1517-- Source: Userenv Windows saved user ******\gza registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Fault bucket 00733296.:: 12/20/2008--11:11:37AM--Event:1001-- Source: Application Error 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 30 30 37 33 33 32 39 36 00733296 0010: 0D 0A >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:11:28 AM--Event: 1000- Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Fault bucket 627039666.--12/20/2008--11:10:19 AM-- Event: 1001--Source: Application Error 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 36 32 37 30 33 39 36 36 62703966 0010: 36 0D 0A 6.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--11:10:05 AM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02ae16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 61 fset 02a 0050: 65 31 36 64 33 0D 0A e16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/20/2008--10:23:28 AM--Event: 11706-- Source: MsiInstaller Product: MSXML 6.0 Parser -- Error 1706. An installation package for the product MSXML 6.0 Parser cannot be found. Try the installation again using a valid copy of the installation package 'msxml6.msi'. 0000: 7B 41 34 33 42 46 36 41 {A43BF6A 0008: 35 2D 44 35 46 30 2D 34 5-D5F0-4 0010: 41 41 41 2D 42 46 34 31 AAA-BF41 0018: 2D 36 35 39 39 35 30 36 -6599506 0020: 33 45 43 34 34 7D 3EC44} ( I HAVE TRIED TO INSTALL THIS BUT AM CONSTANTLY INFORMED THAT A HIGHER VERSION IS ALREADY INSTALLED--BEATS ME WHY INSTALL ATTEMPTS CONTINUE) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--11:07:48 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x032016d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 32 fset 032 0050: 30 31 36 64 33 0D 0A 016d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--9:55:01 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x032016d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 32 fset 032 0050: 30 31 36 64 33 0D 0A 016d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--8:07:18 AM--EVent: 1002-- Source: Application Hang Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 48 61 6E 67 ion Hang 0010: 20 20 66 69 72 65 66 6F firefo 0018: 78 2E 65 78 65 20 31 2E x.exe 1. 0020: 39 2E 30 2E 33 32 35 37 9.0.3257 0028: 20 69 6E 20 68 75 6E 67 in hung 0030: 61 70 70 20 30 2E 30 2E app 0.0. 0038: 30 2E 30 20 61 74 20 6F 0.0 at o 0040: 66 66 73 65 74 20 30 30 ffset 00 0048: 30 30 30 30 30 30 000000 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--1:47:10 PM--Event: 1001-- Source: Application Error Fault bucket 585799941. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 35 38 35 37 39 39 39 34 58579994 0010: 31 0D 0A 1.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 12/19/2008--1:46:30 AM--Event 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--1:46:26 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x028516d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 38 fset 028 0050: 35 31 36 64 33 0D 0A 516d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> info::12/19/2008--1:38:31 PM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--1:39:29 PM--Event: 1002-- Source: Application Hang Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 48 61 6E 67 ion Hang 0010: 20 20 65 78 70 6C 6F 72 explor 0018: 65 72 2E 65 78 65 20 36 er.exe 6 0020: 2E 30 2E 32 39 30 30 2E .0.2900. 0028: 32 31 38 30 20 69 6E 20 2180 in 0030: 68 75 6E 67 61 70 70 20 hungapp 0038: 30 2E 30 2E 30 2E 30 20 0.0.0.0 0040: 61 74 20 6F 66 66 73 65 at offse 0048: 74 20 30 30 30 30 30 30 t 000000 0050: 30 30 00 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/19/2008--1:21:12 PM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--1:19:55 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x031316d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 31 fset 031 0050: 33 31 36 64 33 0D 0A 316d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--1:19:03 PM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--1:18:57 PM--Event: 1001-- Source: Application Error Fault bucket 605538936. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 36 30 35 35 33 38 39 33 60553893 0010: 36 0D 0A 6.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--1:15:09 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02a516d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 61 fset 02a 0050: 35 31 36 64 33 0D 0A 516d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--12:46:41 PM--Event: 1001-- Source: Application Error Fault bucket 00733296. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 30 30 37 33 33 32 39 36 00733296 0010: 0D 0A >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--12:45:47 PM--Event: 1000-- Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 32 31 38 2600.218 0048: 30 20 61 74 20 6F 66 66 0 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--12:45:24 PM--Event: 11500-- Source: MsiInstaller Product: Windows Live Messenger -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one. 0000: 7B 35 37 31 37 30 30 46 {571700F 0008: 30 2D 44 42 39 44 2D 34 0-DB9D-4 0010: 42 33 41 2D 42 30 33 44 B3A-B03D 0018: 2D 33 35 41 31 34 42 42 -35A14BB 0020: 35 39 33 39 46 7D 5939F} >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--12:45:03 PM--Event: 1001-- Source: Application Error Fault bucket 611448913. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 36 31 31 34 34 38 39 31 61144891 0010: 33 0D 0A 3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--12:44:41 PM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x02ee16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 32 31 38 30 20 00.2180 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 32 65 fset 02e 0050: 65 31 36 64 33 0D 0A e16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning::12/19/2008--11:24:00 AM--Event: 5603-- Source: WinMgmt A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning::12/19/2008--11:24:00 AM--Event: 5603-- Source: WinMgmt A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: --12/19/2008--11:04:53 AM--Event: 1001-- Source: Application Error Fault bucket 786515075. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 37 38 36 35 31 35 30 37 78651507 0010: 35 0D 0A 5.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/19/2008--11:03:58 AM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--11:03:54 AM--Event1000-- SOurce: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04c616d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 35 35 31 32 20 00.5512 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 34 63 fset 04c 0050: 36 31 36 64 33 0D 0A 616d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--10:28:46 AM--Event: 1001-- Source: Application Error Fault bucket 223121472. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 32 32 33 31 32 31 34 37 22312147 0010: 32 0D 0A 2.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--10:28:16 AM--Event: 1000-- Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 64 72 77 ure drw 0018: 74 73 6E 33 32 2E 65 78 tsn32.ex 0020: 65 20 35 2E 31 2E 32 36 e 5.1.26 0028: 30 30 2E 30 20 69 6E 20 00.0 in 0030: 64 62 67 68 65 6C 70 2E dbghelp. 0038: 64 6C 6C 20 35 2E 31 2E dll 5.1. 0040: 32 36 30 30 2E 35 35 31 2600.551 0048: 32 20 61 74 20 6F 66 66 2 at off 0050: 73 65 74 20 30 30 30 31 set 0001 0058: 32 39 35 64 295d >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--10:27:30 AM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x052616d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 35 35 31 32 20 00.5512 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 35 32 fset 052 0050: 36 31 36 64 33 0D 0A 616d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> . Info::12/19/2008--12:18:57 AM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--12:18:47 AM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x068332d0. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 35 35 31 32 20 00.5512 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 36 38 fset 068 0050: 33 33 32 64 30 0D 0A 332d0.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/19/2008--9:31:32 AM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--9:31:22 AM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04e632d0. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 35 35 31 32 20 00.5512 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 34 65 fset 04e 0050: 36 33 32 64 30 0D 0A 632d0.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/19/2008--8:56:29 AM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--8:56:25 AM--Event: 1001-- Source: Application Error Fault bucket 763002331. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 37 36 33 30 30 32 33 33 76300233 0010: 31 0D 0A 1.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--8:56:06 AM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x038a16d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 35 35 31 32 20 00.5512 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 38 fset 038 0050: 61 31 36 64 33 0D 0A a16d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--8:29:53 AM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x039116d3. 0000: 41 70 70 6C 69 63 61 74 Applicat 0008: 69 6F 6E 20 46 61 69 6C ion Fail 0010: 75 72 65 20 20 65 78 70 ure exp 0018: 6C 6F 72 65 72 2E 65 78 lorer.ex 0020: 65 20 36 2E 30 2E 32 39 e 6.0.29 0028: 30 30 2E 35 35 31 32 20 00.5512 0030: 69 6E 20 75 6E 6B 6E 6F in unkno 0038: 77 6E 20 30 2E 30 2E 30 wn 0.0.0 0040: 2E 30 20 61 74 20 6F 66 .0 at of 0048: 66 73 65 74 20 30 33 39 fset 039 0050: 31 31 36 64 33 0D 0A 116d3.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--8:15:37 AM--Event: 1001-- Source: Application Error Fault bucket 757447127. 0000: 42 75 63 6B 65 74 3A 20 Bucket: 0008: 37 35 37 34 34 37 31 32 75744712 0010: 37 0D 0A 7.. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Info::12/19/2008--8:14:35 AM--Event: 1002-- Source: Winlogon The shell stopped unexpectedly and Explorer.exe was restarted. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Error:: 12/19/2008--8:15:32 AM--Event: 1000-- Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02f816d3. 0000: 41 70 70	gza (13233)
731249	2008-12-21 05:49:00	You can fix the first one by installing this (www.microsoft.com) The above will fix the error below Windows saved user ******\gza registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. Cool good to hear its running better, now FDM is uninstalled :) Uninstall Ashampoo Winoptimiser For the msi error An installation package for the product MSXML 6.0 Parser cannot be found. Try the installation again using a valid copy of the installation package 'msxml6.msi Double click on the error then click on the link down the bottom. See if it gives you any sites on how to fix it The other errors besides the fix I posted and the one above (besides the office one) probably had something to do with that FDM file. Right mouse on system and application in event viewer, and select clear all events Trojan remover is 6.75 not HJT	Speedy Gonzales (78)
731250	2008-12-21 06:08:00	Are you installing the right KB921896 file? Since, there's an install file for x32 and x64 (64 bit)? If you downloaded the whole install file What versions of .net framework are installed?	Speedy Gonzales (78)
731251	2008-12-21 06:20:00	Did you install this ? (www.microsoft.com) The first download on the site above This could be what this error is talking about An installation package for the product MSXML 6.0 Parser cannot be found. Try the installation again using a valid copy of the installation package msxml6.msi This isnt installed. Then try and install KB921896	Speedy Gonzales (78)
731252	2008-12-21 11:18:00	Cheers for all that Speedy, I'm just back @ the computer and have read your input above and will get on with it in a sec. I mentioned a few posts back about the Trial MS Office 2007 not working and was difficult to remove, that's gone now and a mass of doubled-up updates due to the fact that I had installed Office2007 Enterprise on top of it. Enterprise is all that is installed now,( I think,,hope). They were both on the computer at the same time because the Trial version refused to budge. While removing the trial version bit x bit from out of the Program Files folder in C drive, all that was left was the msxml6.msi file which would not be deleted: it is sitting an the desktop, I also have it on the Product CD. Your mention of the 32bit and the 64bit versions I understand because I did see back then, an option to choose one or the other: I may very well have installed the 64bit one.....will get on to it and the other things you have laid out above. After all the messing about before and the eventual freeing up of the 'jams', I now have a BSOD to figure out; ( 0x000000C4, 0x00000081, 0x84D684D8, 0x0000008A, 0x00000000) yeah, its a Device driver attempting to corrupt the system. Just briefly, The SQL Server 2005 Express Edition Service Pack 2 (KB921896) that I said had been in store in Auto Updates, I decided to try it again and it began to load SP3, this update wasn't in the holding bay but anyway I let it continue. Rebooted after install and lo and behold I get the BSOD. I am going looking through Event Viewer 'System' & 'Applications' for any error reports and will post them. There are a couple of Warnings there in Applications, timed about 5.30 onwards today, but that's another post, if I need to put one in. I will get on with all the above suggestions first. Let you know how I get on afterwards. Cheers yeah it was like Mana from Heaven when the computer was stickyless, still is as far as I know, haven't rebooted for the second time yet. Looking for clues and pointers to the new developments. Will reboot after doing that which is to be done first ps: I have the latest TR 6.7.5 with dataBase 7235 now. post a log later.	gza (13233)
731253	2008-12-21 12:50:00	Right, I already had WGA installed but got it again and loaded it, had a prob trying to get it to install first up, gave me error:: WGA: error creating process <C:\DOCUME~1\gza\Local~1\Temp\1XP001.TMP\PluginInst aller.exe> Reason: Access is denied Tried the alternate method, damn keyboard or whatever wouldn't produce 2nd letter of 2nd group of 5 alpha-numerals of License key. Got there in the end and all clear. Removed Ashampoo Optimiser completely. As for the the MSXML6 Parser issue, did as you said and only info given is " ID 11706" Source: MsiInstaller. Then an apology that no additional info is availabe about the issue::Use links in the Support Area. Will do shortly .net framework installed, 1.1, 2.0 plus hotfixes Net Framework PreXP; CLR; ASP.NET: Dr. Watson: CRT; CA; WinForms; NET Framework2; MCC Pack1 for Windows XP ( thought that I had 3.5 in there and added 4.0 sometime in this week but I could be confusing it with the following; MSXML 4.0 SP2 (KB936181) MXMSL 4.0 SP2 (KB954430) MSXML 6.0 Parser ( 1.46MB) is already installed, as are all the Microsoft SQL Server 2005, Server Native Client, Server Setup Support Files, Server VSS Writer packages installed. Could the version of MSXML Parser 6.0 that I have installed be the wrong one?, as you mention- hence that is why the problem installing MS SQL Server 2005 SP 2 ( KB921896) There are 3 new updates waiting now to be installed; XP Security Updates (KB954459) and (KB956802). Also an Update for Windows ( KB956802) Finally for now, I just went after the msxml6 file, d-loaded and went to install it, wouldn't install, reason being " Installation of MSXML 6 Parser failed because a higher version already axists on the machine. to proceed, uninstall the higher version and then run MSXML 6 Parser Setup again...Hmmmmm, that would compound your theory, seems straight forward enough, haha! even I should be able to not fluff it!! ; ) So far the computer hasn't jammed up or worse, I am now going to reboot after the swap of the msxml6 files and see what transpires. Thanks again... yeah, you are right about the HJT/TR mistake of mine..:<	gza (13233)
731254	2008-12-21 13:13:00	Oki doki, I've swapped the msxml6 files, went out and in no trouble. I will now reboot and allow the other updates to install. " I'm just going outside, I could be gone for some time..."	gza (13233)
731255	2008-12-22 22:17:00	All of the updates installed except the SQL Server 2005 SP2. I received a prompt to validate XP, did that & installation began but eventually failed, again. After a reboot, I ended up starting with a BSOD ( 0X000000C4)+.... I have started a new thread about this titled " BSOD_0X000000C4_ hunt for the chamellion driver". This current thread has in fact hooked up with the new thread title given above. :thumbs:	gza (13233)
1 2