1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved System Tool 2011 found on pc/Task mngr freezes

Discussion in 'Malware and Virus Removal Archive' started by Forsaken Knight, 2010/12/28.

Page 2 of 4
  1. 2010/12/31
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    OTL logfile created on: 12/31/2010 2:16:58 PM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Berta\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): D:\pagefile.sys 4092 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 60.00 Gb Total Space | 49.18 Gb Free Space | 81.97% Space Free | Partition Type: NTFS
    Drive D: | 14.52 Gb Total Space | 6.78 Gb Free Space | 46.72% Space Free | Partition Type: NTFS

    Computer Name: MICRO-XOKJPVXJY | User Name: Berta | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/31 14:15:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\OTL.exe
    PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
    PRC - [2001/11/27 06:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- D:\util\winzip\WZQKPICK.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/12/31 14:15:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2008/11/21 21:47:52 | 000,554,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2003/10/30 17:48:46 | 001,392,744 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
    SRV - [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Micro\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/12/03 04:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/04/24 00:10:54 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
    DRV - [2010/04/24 00:10:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
    DRV - [2010/04/24 00:10:50 | 000,211,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
    DRV - [2010/04/24 00:10:44 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
    DRV - [2009/11/05 14:18:00 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
    DRV - [2009/11/05 14:17:55 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2009/11/05 14:17:55 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2009/11/05 14:17:48 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
    DRV - [2009/11/05 06:40:27 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/06/05 03:24:30 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2009/06/05 03:02:46 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
    DRV - [2004/11/17 06:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/04/17 03:25:00 | 000,094,679 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2002/04/17 03:25:00 | 000,088,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2002/04/17 03:25:00 | 000,052,790 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2002/04/17 03:25:00 | 000,034,743 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2002/04/17 03:25:00 | 000,023,607 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2002/04/17 03:25:00 | 000,013,879 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2002/04/17 03:25:00 | 000,006,327 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2002/04/17 03:25:00 | 000,004,119 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2002/04/17 03:25:00 | 000,002,203 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2002/02/15 03:21:00 | 000,078,048 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2002/02/12 02:56:00 | 000,040,096 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2002/01/28 17:04:04 | 000,005,589 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2002/01/28 17:03:18 | 000,022,963 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/12/31 01:13:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\util\winzip\WZQKPICK.EXE (WinZip Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1268876358875 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Berta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Berta\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/11/04 13:56:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/31 14:15:15 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\OTL.exe
    [2010/12/30 18:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
    [2010/12/30 02:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/12/30 02:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/12/30 02:40:06 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/12/30 02:40:06 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/12/30 02:40:04 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/12/30 02:40:03 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/12/30 02:40:02 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/12/30 02:40:02 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/12/30 02:40:01 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/12/30 02:37:03 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/12/30 02:37:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/12/30 02:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/12/30 02:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/12/30 02:14:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/30 02:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/12/30 02:14:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/30 02:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/30 02:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2010/12/30 01:54:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/30 01:54:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/30 01:54:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/30 01:54:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/30 01:19:04 | 005,473,272 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Berta\Desktop\AppRemover.exe
    [2010/12/29 16:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Berta\Desktop\proof of scans first batch posted
    [2010/12/27 15:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Berta\Desktop\backups
    [2010/12/27 15:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Berta\Desktop\exe files for programs on desktop
    [2010/12/27 15:19:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Berta\Desktop\HijackThis.exe
    [2010/12/26 19:01:27 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/12/26 19:00:46 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/26 18:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Berta\Local Settings\Application Data\Sunbelt Software
    [2010/12/26 18:55:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/12/26 18:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010/12/26 16:34:57 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\TFC.exe
    [2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Berta\Desktop\TDSSKiller.exe
    [2010/12/06 22:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Berta\Desktop\Unused Desktop Shortcuts

    ========== Files - Modified Within 30 Days ==========

    [2010/12/31 14:20:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{02891422-EE8D-4F69-97A2-5B61F73FF83C}.job
    [2010/12/31 14:15:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\OTL.exe
    [2010/12/31 14:11:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/12/31 14:11:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/31 14:11:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010/12/31 14:11:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/31 14:09:13 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
    [2010/12/31 14:08:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/31 06:30:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/31 01:21:42 | 000,136,745 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\third reults from instructions from windowsbbs.JPG
    [2010/12/31 01:13:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/31 00:56:35 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\Berta\Desktop\ComboFix.exe
    [2010/12/30 02:53:15 | 000,173,378 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\untitled second results from reinstalling avast on grand parents pc.JPG
    [2010/12/30 02:44:04 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\Spybot - Search & Destroy (for blind users).lnk
    [2010/12/30 02:44:04 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/12/30 02:44:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/30 02:41:02 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/12/30 02:41:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/30 02:40:07 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/12/30 02:40:02 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/12/30 02:39:11 | 000,185,209 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\untitled second results from reinstalling avast on grand parents pc pt 2.JPG
    [2010/12/30 02:14:18 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/12/30 02:14:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/30 01:20:06 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\rkill.com
    [2010/12/30 01:19:10 | 005,473,272 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Berta\Desktop\AppRemover.exe
    [2010/12/29 16:35:15 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/12/29 16:35:15 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/12/29 16:31:54 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\tdsskiller.zip
    [2010/12/28 01:02:11 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/12/28 00:57:35 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\dds.scr
    [2010/12/28 00:56:32 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\MBRCheck.exe
    [2010/12/28 00:56:27 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\c4ezyfvq.exe
    [2010/12/27 15:20:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Berta\Desktop\HijackThis.exe
    [2010/12/27 15:15:54 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\Internet.lnk
    [2010/12/26 19:08:29 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\Windows Defender.lnk
    [2010/12/26 19:00:46 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/26 18:54:58 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/12/26 18:54:58 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/12/26 16:36:45 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2010/12/26 16:34:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\TFC.exe
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Berta\Desktop\TDSSKiller.exe
    [2010/12/16 05:06:28 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/15 22:45:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/12/03 04:05:33 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

    ========== Files Created - No Company Name ==========

    [2010/12/31 01:21:42 | 000,136,745 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\third reults from instructions from windowsbbs.JPG
    [2010/12/30 02:53:15 | 000,173,378 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\untitled second results from reinstalling avast on grand parents pc.JPG
    [2010/12/30 02:44:04 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\Spybot - Search & Destroy (for blind users).lnk
    [2010/12/30 02:44:04 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2010/12/30 02:44:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\Spybot - Search & Destroy.lnk
    [2010/12/30 02:40:07 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/12/30 02:39:10 | 000,185,209 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\untitled second results from reinstalling avast on grand parents pc pt 2.JPG
    [2010/12/30 02:20:35 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/12/30 02:14:18 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/12/30 02:14:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/30 01:54:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/30 01:54:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/30 01:54:06 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/30 01:54:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/30 01:54:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/30 01:19:56 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\rkill.com
    [2010/12/30 01:17:51 | 004,011,777 | R--- | C] () -- C:\Documents and Settings\Berta\Desktop\ComboFix.exe
    [2010/12/29 16:35:15 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    [2010/12/29 16:35:15 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    [2010/12/29 16:31:41 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\tdsskiller.zip
    [2010/12/28 00:57:12 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\dds.scr
    [2010/12/28 00:56:28 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\MBRCheck.exe
    [2010/12/28 00:56:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\c4ezyfvq.exe
    [2010/12/27 15:35:57 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\Windows Defender.lnk
    [2010/12/27 15:15:53 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Berta\Desktop\Internet.lnk
    [2010/12/26 19:37:44 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/12/26 18:54:58 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/12/26 18:54:58 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/12/26 18:46:40 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/26 18:46:39 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/12/26 16:36:45 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2010/09/01 21:26:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2009/11/07 14:33:56 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/11/07 14:26:48 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/11/05 07:03:14 | 000,000,132 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/11/05 06:55:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2009/11/05 06:55:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
    [2009/11/04 15:27:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/11/04 08:43:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2006/08/02 20:59:59 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2002/06/10 00:29:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
    [2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
    [2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
    [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/11/05 14:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/12/30 02:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/05/31 12:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
    [2009/11/05 07:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
    [2010/05/31 12:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2009/11/05 06:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/09/17 15:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
    [2010/12/26 18:55:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/12/24 13:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berta\Application Data\SoftGrid Client
    [2009/11/07 14:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Berta\Application Data\VERITAS
    [2010/12/28 01:02:11 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/12/31 14:11:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2010/12/31 14:11:20 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2010/12/31 14:20:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{02891422-EE8D-4F69-97A2-5B61F73FF83C}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/31 14:08:25 | 000,015,900 | ---- | M] () -- C:\aaw7boot.log
    [2009/11/04 13:56:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/11/13 16:41:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/03/17 20:29:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/12/31 01:19:38 | 000,013,768 | ---- | M] () -- C:\ComboFix.txt
    [2009/11/04 13:56:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/12/26 16:36:45 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2009/11/04 13:56:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/11/17 18:59:42 | 000,002,788 | ---- | M] () -- C:\JavaRa.log
    [2009/11/04 13:56:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/11/19 15:29:14 | 000,001,048 | ---- | M] () -- C:\net_save.dna
    [2009/11/04 14:12:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/11/04 14:36:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2009/12/09 12:56:47 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2009/12/09 12:56:48 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
    [2010/12/30 01:50:25 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2010/12/29 16:50:15 | 000,040,468 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_29.12.2010_16.44.53_log.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/11/04 13:56:01 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/10/14 22:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/11/04 08:41:58 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/11/04 08:41:58 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/11/04 08:41:58 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/11/04 14:41:57 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/07 14:23:59 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/11/07 14:23:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Berta\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/30 01:19:10 | 005,473,272 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Berta\Desktop\AppRemover.exe
    [2010/12/28 00:56:27 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\c4ezyfvq.exe
    [2010/12/31 00:56:35 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\Berta\Desktop\ComboFix.exe
    [2010/12/27 15:20:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Berta\Desktop\HijackThis.exe
    [2010/12/28 00:56:32 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Berta\Desktop\MBRCheck.exe
    [2010/12/31 14:15:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\OTL.exe
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Berta\Desktop\TDSSKiller.exe
    [2010/12/26 16:34:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Berta\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/11/07 14:23:57 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Berta\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/02/14 15:53:32 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Berta\Cookies\desktop.ini
    [2010/12/31 14:15:03 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Berta\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
    [2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/07/17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
    [2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
    [2004/07/17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/07/17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/07/17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
    Forsaken Knight,
    #21
  2. 2010/12/31
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    OTL Extras logfile created on: 12/31/2010 2:16:58 PM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Berta\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): D:\pagefile.sys 4092 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 60.00 Gb Total Space | 49.18 Gb Free Space | 81.97% Space Free | Partition Type: NTFS
    Drive D: | 14.52 Gb Total Space | 6.78 Gb Free Space | 46.72% Space Free | Partition Type: NTFS

    Computer Name: MICRO-XOKJPVXJY | User Name: Berta | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DoNotAllowExceptions" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DoNotAllowExceptions" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = CIS RecordNow DX Update Manager
    "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = VERITAS DLA
    "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{2D456CE5-01E4-4DBE-9797-77003A7C8271}" = Microsoft® Measurement Smart Tag Converter
    "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = CIS RecordNow DX
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
    "{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
    "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
    "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
    "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
    "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
    "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "America Online us" = America Online (Choose which version to remove)
    "AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
    "avast5" = avast! Free Antivirus
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "Google Chrome" = Google Chrome
    "HP Imaging Device Functions" = HP Imaging Device Functions 6.1
    "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "RealPlayer 6.0" = RealPlayer Basic
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm" = ZoneAlarm

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/28/2010 2:21:56 AM | Computer Name = MICRO-XOKJPVXJY | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: MICRO-XOKJPVXJY\Berta Checkpoint ID: 1 Error Code: 0x8000ffff

    Error
    description: Catastrophic failure

    Error - 12/28/2010 7:48:33 AM | Computer Name = MICRO-XOKJPVXJY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
    P2 2.1.6805.0, P3 timeout, P4 1.1.6402.0, P5 local, P6 unspecified, P7 unspecified,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/30/2010 2:11:59 AM | Computer Name = MICRO-XOKJPVXJY | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: MICRO-XOKJPVXJY\Berta Checkpoint ID: 1 Error Code: 0x80070005

    Error
    description: Access is denied.

    Error - 12/30/2010 2:11:59 AM | Computer Name = MICRO-XOKJPVXJY | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: MICRO-XOKJPVXJY\Berta Checkpoint ID: 1 Error Code: 0x8000ffff

    Error
    description: Catastrophic failure

    Error - 12/30/2010 2:22:21 AM | Computer Name = MICRO-XOKJPVXJY | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 12/30/2010 2:32:01 AM | Computer Name = MICRO-XOKJPVXJY | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
    P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

    Error - 12/30/2010 2:57:33 AM | Computer Name = MICRO-XOKJPVXJY | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 12/30/2010 3:19:45 AM | Computer Name = MICRO-XOKJPVXJY | Source = Google Update | ID = 20
    Description =

    Error - 12/30/2010 3:28:09 AM | Computer Name = MICRO-XOKJPVXJY | Source = Google Update | ID = 20
    Description =

    Error - 12/31/2010 2:00:50 AM | Computer Name = MICRO-XOKJPVXJY | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: A connection with the server could not be established

    [ System Events ]
    Error - 12/28/2010 4:35:49 PM | Computer Name = MICRO-XOKJPVXJY | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 12/28/2010 4:35:51 PM | Computer Name = MICRO-XOKJPVXJY | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 12/28/2010 4:35:53 PM | Computer Name = MICRO-XOKJPVXJY | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 12/28/2010 4:35:55 PM | Computer Name = MICRO-XOKJPVXJY | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 12/28/2010 4:35:57 PM | Computer Name = MICRO-XOKJPVXJY | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 12/29/2010 5:22:19 PM | Computer Name = MICRO-XOKJPVXJY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.2 for the Network Card with network
    address 0015F2BD4316 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 12/30/2010 6:48:36 PM | Computer Name = MICRO-XOKJPVXJY | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.3 for the Network Card with network
    address 0015F2BD4316 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 12/30/2010 7:45:27 PM | Computer Name = MICRO-XOKJPVXJY | Source = SiS315 | ID = 262252
    Description = The driver SiSGRV for the display device \Device\Video0 got stuck
    in an infinite loop. This usually indicates a problem with the device itself or with
    the device driver programming the hardware incorrectly. Please check with your hardware
    device vendor for any driver updates.

    Error - 12/30/2010 10:55:41 PM | Computer Name = MICRO-XOKJPVXJY | Source = System Error | ID = 1003
    Description = Error code 000000ea, parameter1 88cfc020, parameter2 8997ae40, parameter3
    8970d298, parameter4 00000001.

    Error - 12/31/2010 1:57:00 AM | Computer Name = MICRO-XOKJPVXJY | Source = BROWSER | ID = 8032
    Description = The browser service has failed to retrieve the backup list too many
    times on transport \Device\NetBT_Tcpip_{AFC9DCCC-3D5F-4D4D-9B69-966BAB2D0781}. The
    backup browser is stopping.


    < End of report >
     
    Forsaken Knight,
    #22


  3. to hide this advert.

  4. 2010/12/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2009/11/05 06:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 "DisableMonitoring" =-


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ===============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #23
  5. 2011/01/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    Last edited: 2011/01/01
    Forsaken Knight,
    #24
  6. 2011/01/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    JavaRa 1.15 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Nov 17 18:59:38 2009

    Found and removed: C:\Windows\System32\jpicpl32.cpl

    Found and removed: Software\JavaSoft\Java2D\1.5.0_04

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

    ------------------------------------

    Finished reporting.



    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Jan 01 17:31:54 2011

    Found and removed: C:\Program Files\Java\jre1.5.0_04

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\Classes\JavaPlugin.160_17

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_04

    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_17

    Found and removed: Software\JavaSoft\Java2D\1.5.0_04

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_17

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_17

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_17

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_17

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ------------------------------------

    Finished reporting.
     
    Forsaken Knight,
    #25
  7. 2011/01/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Berta
    ->Temp folder emptied: 919322 bytes
    ->Temporary Internet Files folder emptied: 15037680 bytes
    ->Java cache emptied: 2027 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 1623 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: Micro
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Willie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5537862 bytes
    ->Flash cache emptied: 1068 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 256 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 21.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Berta
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Micro
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Willie
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.18.2 log created on 01012011_182832

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Berta\Local Settings\Temp\~DF8DBA.tmp not found!
    File\Folder C:\Documents and Settings\Berta\Local Settings\Temp\~DF8DD1.tmp not found!
    File\Folder C:\Documents and Settings\Berta\Local Settings\Temp\~DF8E45.tmp not found!
    File\Folder C:\Documents and Settings\Berta\Local Settings\Temp\~DF8E5C.tmp not found!
    File\Folder C:\Documents and Settings\Berta\Local Settings\Temp\~DF8F87.tmp not found!
    File\Folder C:\Documents and Settings\Berta\Local Settings\Temp\~DF8F9E.tmp not found!
    C:\Documents and Settings\Berta\Local Settings\Temp\~DFA3CB.tmp moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\JWT8FEHK\ads[1].htm moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\JWT8FEHK\ads[2].htm moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\C2P7P103\97035-active-system-tool-2011-found-pc-task-mngr-freezes-2[1].html moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\7BPBQ3CS\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\6HSOURP3\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\6HSOURP3\audmeasure[1].gif moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\6HSOURP3\L[1].htm moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\6HSOURP3\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Berta\Local Settings\Temporary Internet Files\Content.IE5\6HSOURP3\p-01-0VIaSjnOLg[2].gif moved successfully.
    File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
    C:\WINDOWS\temp\ZLT07e74.TMP moved successfully.

    Registry entries deleted on Reboot...
     
    Forsaken Knight,
    #26
  8. 2011/01/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    avast! Free Antivirus
    ZoneAlarm
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 17
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 7.0.5
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Windows Defender MsMpEng.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastUI.exe
    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````
     
    Forsaken Knight,
    #27
  9. 2011/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You didn't update your Java.

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    ==============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #28
  10. 2011/01/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    I did update my java. As to your instructions, I downloaded that java file to update my java. I then did as the instructions indicated and uninstalled the previous java. I installed the java update after my last post here. I orininally came to tell you that was the only thing that I forgot to meantion in my summary up to this point per your instructions. I also should meantion that when I first tried to update java after posting my pevious last post, my grand parents pc froze. I forced a manual reset and then tried again to install java. The update went smoothly and I do not have anything other that the initial attempt pc freeze to state about java. I will now read the rest of your reply to this specific thread. Again, I am sorry that I did not include this detail earlier.
     
    Last edited: 2011/01/01
    Forsaken Knight,
    #29
  11. 2011/01/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    I will now do the instructions as indicated by the second part of your reply to this threads' recent update, the part concerning adobe.
     
    Forsaken Knight,
    #30
  12. 2011/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #31
  13. 2011/01/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    I'm at step 6 of your current instructions. I am waiting to finish downloading the windows updates on my grand parents pc. I have skipped the following steps.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!


    I would like to know if I could leave the programs you have instructed me on the pc for possibly later use? I do not know what will happen down the line, and I would like to be prepared. I do recall using combofix before, but it has been such a while that I forgot about that program and its value of use. I wll notify the ppl in my household to do as you have said and to change their passwords that they have used on my grand parents pc, and on the laptop, in my household, since the time that this problem arised. I will make sure to do the same for the limited areas that I logged into during this time frame as well. I will let you know how the rest of the steps go from step six of your recent instructions and further along your instructions.
     
    Forsaken Knight,
    #32
  14. 2011/01/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can keep any tool, you want.
     
    broni,
    #33
  15. 2011/01/02
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    I have done as you asked. I have yet done step ten as far as the defrag is concerned. I left my grand parents pc alone last night, ad woke up this morning to find out that my mom supposedly did a disk clean up. Well, she some how uninstalled internet explorer. So, luckily, I downloaded google chrome. She thought that the internet connection was deleted. Before I downloaded internet explorer 8, I recalled the restore point made earlier. So, I restored the pc to what it was before. I have to admit. I had to find ms paint online and download it after the restore point. So, still think there are some programs that I can not think of that are still not on the pc that is for my grand parents after the restore point was used. I then updated some of the programs on my grand parents pc. I will now post the two logs that were done last with the rest of the instructions you have provided me.
     
    Forsaken Knight,
    #34
  16. 2011/01/02
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5440

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/2/2011 12:51:23 AM
    mbam-log-2011-01-02 (00-51-23).txt

    Scan type: Full scan (A:\|C:\|D:\|F:\|Q:\|)
    Objects scanned: 208322
    Time elapsed: 36 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Forsaken Knight,
    #35
  17. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok, it's never a good idea to do something without asking me first (as my rules stated up front at the beginning of this topic)...
    Internet Explorer can't be uninstalled as it's a part of Windows.
    All, she probably did, she deleted IE shortcut.

    Now, depending on how far you went with system restore, we may/may not to start all over.
    IF you followed instructions from my post #28 and you performed step #1:
    ...we should be fine.
    If you didn't and you went with system restore way back, we just wasted a lot of time.

    Let me know what happened.
     
    broni,
    #36
  18. 2011/01/02
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    I did that restore point you indicated. I am aware of what you said, in regards to a restore point may undo all the work you have instructed me to perform. I did a restore point that was made on saterday january first, 2011. I would like to also point out, that I finally completed downloading all of the possible updates from microsoft update web site for my grand parents pc. After doing so, I tested if the task manager being opened would freeze the pc. Sure enough, it did, within a matter of ten seconds. First the keyboard freezes after less than five seconds. This can be told by the fact that the num pad lock light is not able to be turned on or off after task manager is opened. Within five seconds after that, the mouse cursor freezes, and no commands can be inputted. I have experimented with this is normal mode. I have not tried to open task manager in safe mode. I will try that after this post. I have taken a screen shot of the error report after relogging in after the recent freeze on my grand parents pc. Oh, and I did not ask for the disk clean up that my mom did. As I described in my earlier post about this, I woke up to find this turn of events. Here is the screen shot of the freeze report before I sent it to microsoft.

    http://img80.imageshack.us/i/28681432.jpg/
     
    Forsaken Knight,
    #37
  19. 2011/01/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    See, if same issue will happen in safe mode.

    Then...

    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

    ================================================================

    Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

    Double-click VEW.exe then under Select log to query, select:
    Application
    System

    Under Select type to list, select:
    Critical (Vista only)
    Error

    Click the radio button for Number of events
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.

    In Notepad, click Edit > Select all then Edit > Copy
    Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.
     
    broni,
    #38
  20. 2011/01/02
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    Ok, I tried opening task manager in safe mode, and nothing happened. No freezes, no nothing. I then did as you asked and downloaded that blue screen view program, opened it, and then selected all as you instructed. I then flipped back to the web page with your new instructions and when I flipped back, my grand parents pc froze. I do not know why this happened, but I had to force a shut down manually. I then logged in after turning the pc back on. I then opened up the program again, and selected all again. Nothing bad happened this time. I then went to save the report as you have asked. I will now post the log of the blue screen view as you have requested.
     
    Forsaken Knight,
    #39
  21. 2011/01/02
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    ==================================================
    Dump File : Mini010211-02.dmp
    Crash Time : 1/2/2011 4:24:25 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x88905820
    Parameter 2 : 0x897e3928
    Parameter 3 : 0x898cd358
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+f400
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini010211-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini010211-01.dmp
    Crash Time : 1/2/2011 3:11:26 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8840f620
    Parameter 2 : 0x8980ace8
    Parameter 3 : 0x89abaf48
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17f0b
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini010211-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini010111-02.dmp
    Crash Time : 1/1/2011 11:26:07 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x88e1c020
    Parameter 2 : 0x89977928
    Parameter 3 : 0x89803290
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17f0b
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini010111-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini010111-01.dmp
    Crash Time : 1/1/2011 8:20:03 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x88aa4630
    Parameter 2 : 0x89987008
    Parameter 3 : 0x89b12c38
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini010111-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini123110-01.dmp
    Crash Time : 12/31/2010 1:32:05 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x889c9020
    Parameter 2 : 0x898ff9a8
    Parameter 3 : 0x89636298
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+f276
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini123110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini123010-02.dmp
    Crash Time : 12/30/2010 6:45:28 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x88cfc020
    Parameter 2 : 0x8997ae40
    Parameter 3 : 0x8970d298
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini123010-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini123010-01.dmp
    Crash Time : 12/30/2010 2:15:33 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8920d020
    Parameter 2 : 0x89b6f368
    Parameter 3 : 0x8990e218
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini123010-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini122710-02.dmp
    Crash Time : 12/27/2010 2:17:27 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892cd020
    Parameter 2 : 0x899b1b80
    Parameter 3 : 0x89a1b238
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+ac04
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini122710-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini122710-01.dmp
    Crash Time : 12/27/2010 8:25:54 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89770a68
    Parameter 2 : 0x898332b8
    Parameter 3 : 0x89968248
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+f276
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini122710-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini122610-03.dmp
    Crash Time : 12/26/2010 5:53:57 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x893ecb60
    Parameter 2 : 0x89a3b658
    Parameter 3 : 0x89a6b4a0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+ac04
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini122610-03.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini122610-02.dmp
    Crash Time : 12/26/2010 5:31:28 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892d56f0
    Parameter 2 : 0x8998aa68
    Parameter 3 : 0x89913100
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+ac04
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini122610-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini122610-01.dmp
    Crash Time : 12/26/2010 9:33:09 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x891e8da8
    Parameter 2 : 0x89966ae0
    Parameter 3 : 0x899e0ba0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini122610-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini121510-01.dmp
    Crash Time : 12/15/2010 1:19:35 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892c0328
    Parameter 2 : 0x89963460
    Parameter 3 : 0x89a3d038
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini121510-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini121110-01.dmp
    Crash Time : 12/11/2010 7:07:52 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8913f020
    Parameter 2 : 0x899bd248
    Parameter 3 : 0x89a1ccf0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+1433e
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini121110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini120810-01.dmp
    Crash Time : 12/8/2010 6:13:13 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892d9a00
    Parameter 2 : 0x89936bd8
    Parameter 3 : 0x898adb20
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+ac04
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini120810-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini112310-01.dmp
    Crash Time : 11/23/2010 5:51:26 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x898377c0
    Parameter 2 : 0x8993fad0
    Parameter 3 : 0x8991a200
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini112310-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini110110-01.dmp
    Crash Time : 11/1/2010 3:30:15 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89253688
    Parameter 2 : 0x89962a50
    Parameter 3 : 0x89892c00
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini110110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini102810-01.dmp
    Crash Time : 10/28/2010 8:45:59 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x891a2da8
    Parameter 2 : 0x899609e8
    Parameter 3 : 0x89872110
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+ac04
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini102810-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini101910-01.dmp
    Crash Time : 10/19/2010 5:11:23 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8929f020
    Parameter 2 : 0x89959e20
    Parameter 3 : 0x89915550
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini101910-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini101610-01.dmp
    Crash Time : 10/16/2010 12:50:38 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89062a38
    Parameter 2 : 0x89924c10
    Parameter 3 : 0x89980450
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini101610-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini101410-02.dmp
    Crash Time : 10/14/2010 12:12:39 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8903c020
    Parameter 2 : 0x899b4680
    Parameter 3 : 0x898ee150
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini101410-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini101410-01.dmp
    Crash Time : 10/13/2010 7:28:13 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892369f8
    Parameter 2 : 0x89948658
    Parameter 3 : 0x899394e8
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini101410-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini101210-01.dmp
    Crash Time : 10/12/2010 4:43:29 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89202020
    Parameter 2 : 0x899dd5f8
    Parameter 3 : 0x89926b18
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini101210-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini100810-01.dmp
    Crash Time : 10/8/2010 8:16:50 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89285908
    Parameter 2 : 0x8999b428
    Parameter 3 : 0x89909510
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini100810-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini100310-01.dmp
    Crash Time : 10/3/2010 7:42:10 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x893cb020
    Parameter 2 : 0x8995af60
    Parameter 3 : 0x89991e10
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini100310-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092910-01.dmp
    Crash Time : 9/29/2010 6:49:34 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x891d6b60
    Parameter 2 : 0x89973ec0
    Parameter 3 : 0x89a87808
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092910-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092810-02.dmp
    Crash Time : 9/28/2010 9:09:17 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8925e020
    Parameter 2 : 0x8997f640
    Parameter 3 : 0x899e02b8
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092810-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092810-01.dmp
    Crash Time : 9/28/2010 8:40:34 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892dfb38
    Parameter 2 : 0x899dadf8
    Parameter 3 : 0x8995bb28
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+f276
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092810-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092610-02.dmp
    Crash Time : 9/26/2010 4:54:33 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89378910
    Parameter 2 : 0x899aa968
    Parameter 3 : 0x899881a8
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092610-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092610-01.dmp
    Crash Time : 9/25/2010 9:39:28 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892a58e0
    Parameter 2 : 0x899e76a0
    Parameter 3 : 0x89a2e2f0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092610-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092310-02.dmp
    Crash Time : 9/23/2010 12:19:48 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x891a76c0
    Parameter 2 : 0x899c8ca8
    Parameter 3 : 0x89a3e810
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092310-02.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092310-01.dmp
    Crash Time : 9/23/2010 9:29:52 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8919e838
    Parameter 2 : 0x89b0fb90
    Parameter 3 : 0x89a714e0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092310-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini092010-01.dmp
    Crash Time : 9/20/2010 10:02:14 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x891dab58
    Parameter 2 : 0x8999d478
    Parameter 3 : 0x8991e850
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini092010-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini091910-01.dmp
    Crash Time : 9/19/2010 10:24:51 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89ac46e8
    Parameter 2 : 0x899bee18
    Parameter 3 : 0x899c9da0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini091910-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini091510-01.dmp
    Crash Time : 9/14/2010 3:57:38 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8932b528
    Parameter 2 : 0x899c14a8
    Parameter 3 : 0x8994b450
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini091510-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini091110-01.dmp
    Crash Time : 9/11/2010 10:45:11 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8940a4c0
    Parameter 2 : 0x8999b1d0
    Parameter 3 : 0x89914bc0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini091110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini090410-01.dmp
    Crash Time : 9/4/2010 3:58:28 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892466e0
    Parameter 2 : 0x89995c40
    Parameter 3 : 0x899fc118
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini090410-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini090110-01.dmp
    Crash Time : 9/1/2010 9:02:49 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89133020
    Parameter 2 : 0x899af188
    Parameter 3 : 0x89a195a8
    Parameter 4 : 0x00000001
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+1984
    File Description : Multi-User Win32 Driver
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 5.1.2600.6046 (xpsp_sp3_gdr.101026-1628)
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini090110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini083110-01.dmp
    Crash Time : 8/31/2010 8:34:43 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8926c8b8
    Parameter 2 : 0x899e8da8
    Parameter 3 : 0x89a003f0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini083110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini082110-01.dmp
    Crash Time : 8/21/2010 8:26:47 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8912b020
    Parameter 2 : 0x899bf9b0
    Parameter 3 : 0x89a05d20
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+ac04
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini082110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini081210-01.dmp
    Crash Time : 8/12/2010 6:27:36 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89460020
    Parameter 2 : 0x899b3478
    Parameter 3 : 0x8993c330
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini081210-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini081110-01.dmp
    Crash Time : 8/11/2010 4:14:39 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x891ae300
    Parameter 2 : 0x898f05c8
    Parameter 3 : 0x8993b600
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini081110-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini080710-01.dmp
    Crash Time : 8/7/2010 1:16:51 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89aaa3c8
    Parameter 2 : 0x899e9558
    Parameter 3 : 0x8994e7b0
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini080710-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini080410-01.dmp
    Crash Time : 8/3/2010 10:31:40 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x89abeda8
    Parameter 2 : 0x89963e90
    Parameter 3 : 0x898ed090
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+ac04
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini080410-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini080310-01.dmp
    Crash Time : 8/2/2010 10:51:31 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x8939a020
    Parameter 2 : 0x899a7168
    Parameter 3 : 0x89a33f50
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini080310-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini080210-01.dmp
    Crash Time : 8/2/2010 8:54:44 PM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x892fd470
    Parameter 2 : 0x89920750
    Parameter 3 : 0x89977220
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini080210-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================

    ==================================================
    Dump File : Mini072410-01.dmp
    Crash Time : 7/24/2010 7:56:38 AM
    Bug Check String : THREAD_STUCK_IN_DEVICE_DRIVER
    Bug Check Code : 0x000000ea
    Parameter 1 : 0x891cc5e8
    Parameter 2 : 0x89999d30
    Parameter 3 : 0x899e2528
    Parameter 4 : 0x00000001
    Caused By Driver : SiSGRV.dll
    Caused By Address : SiSGRV.dll+17dd1
    File Description : SiS Compatible Super VGA Driver
    Product Name : SiS (R) Compatible Super VGA Dispaly Driver for Windows XP
    Company : Silicon Integrated Systems Corporation
    File Version : 6.14.10.3930
    Processor : 32-bit
    Computer Name :
    Full Path : C:\WINDOWS\Minidump\Mini072410-01.dmp
    Processors Count : 1
    Major Version : 15
    Minor Version : 2600
    Dump File Size : 65,536
    ==================================================
     
    Forsaken Knight,
    #40
Page 2 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...