# Solved: Frequent Event System Errors



## archp2007 (Oct 30, 2007)

Hello,
I am getting frequent system related errors in my Event Viewer. Typically those are related to system crashes. Here are four for starters. It is almost impossible to avoid some crashes on a daily basis. I find the M$ help over my head. Where to start??? Thanks in advance for any suggestions.

Event Type:	Error
Event Source:	SMTPSVC
Event Category:	None
Event ID:	116
Date: 4/5/2008
Time: 9:59:08 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The service metabase path '/LM/SMTPSVC/' could not be opened. The data is the error code. 
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03

-------------------------------------------------------------------------------------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 4/5/2008
Time: 8:26:15 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: 
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 4/5/2008
Time: 8:26:15 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The World Wide Web Publishing service terminated with the following error: 
The system cannot find the path specified.

-----------------------------------------------------------------------------------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/5/2008
Time: 8:26:15 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The ProtexisLicensing service failed to start due to the following error: 
Access is denied.

For m


----------



## ozrom1e (May 16, 2006)

archp2007 said:


> Hello,
> I am getting frequent system related errors in my Event Viewer. Typically those are related to system crashes. Here are four for starters that happened within *the past several hours generally while I was using Azureus and PeerGuardian2,* but it is almost impossible to avoid some crashes with any software. I find the M$ help over my head. Where to start??? Thanks in advance for any suggestions.


Using and asking for help on P2P networking is against the rules here at TSG. Please read the TSG rules

Tech Support Guy Site Rules 
http://www.techguy.org/rules.html


----------



## Cookiegal (Aug 27, 2003)

I see you edited your post to remove the reference to P2P but since I don't think these errors are necessarily specific to P2P, I'll leave this open.

Do you have IIS installed?


----------



## archp2007 (Oct 30, 2007)

Thanks. Upon reading another similar post I uninstalled the IIS service and then reinstalled it thinking that the reinstall might help. There was a problem on the reinstall in that two or three encrypted files could not be written in an encrypted format so I had to choose the option to write as unencrypted in order to get the reinstall to finish. Meanwhile today I continue to have the same errors as well as problems loading Kaspersky drivers. Here are some of the other errors that I am getting:

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/5/2008
Time: 8:26:15 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The FolderProtectService service failed to start due to the following error: 
Access is denied. 

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/7/2008
Time: 2:37:16 AM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The ProtexisLicensing service failed to start due to the following error: 
Access is denied. 

I don't know if any of these errors are repetitive or not. I wish the Microsoft recommendations were more useful.


----------



## archp2007 (Oct 30, 2007)

I am wondering if the utility I am currently using known as Hide Folders XP has been found to cause problems. I earlier had to uninstall a similar security program (can't recall the exact name) by a differerent vendor because it caused similar problems. Luckily that time the offending driver was identified.


----------



## Cookiegal (Aug 27, 2003)

Let's take a look at what you have running on your system.

*Click here* to download *HJTsetup.exe*.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Addition Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required. 

Also, open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## archp2007 (Oct 30, 2007)

Thank you very much for offering the help. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:59 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hide Folders XP 2\hfxp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Kaspersy Anti-Hacker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [hfxp] "C:\Program Files\Hide Folders XP 2\hfxp.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 8782 bytes

I've got a ton of applications installed. I'm retired and that's about all I do!

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acoustica CD/DVD Label Maker
Acronis*Disk Director Suite
Acronis*True*Image*Home
Active SMART
Active WebCam
Adobe Dreamweaver CS3
Adobe Reader 8.1.2
Adobe Shockwave Player
Aliant Internet Help & Support
Allok Video to FLV Converter 4.7.1202
Amadis Video Converter Suite V3.5.3
Apex Video Converter Super 6.39
Apple Mobile Device Support
ArcSoft PhotoImpression 4
ASUSUpdate
AusLogics BoostSpeed
AusLogics Disk Defrag
AusLogics Emergency Recovery
AusLogics Visual Styler
Automatic Windows Internet Washer
Azureus Vuze
Beyond TV DVD Burning Foundation
Brain Trainer
Camera Driver
Camtasia Studio 5
Canon MP Navigator 3.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint EX
CCleaner (remove only)
CD-LabelPrint
Chinese Traditional Fonts Support For Adobe Reader 8
Dcads Games Collection
Direct Show Ogg Vorbis Filter (remove only)
DivX Content Uploader
DivX Web Player
DriverGuide DriverScan
DriverGuide Toolkit
DSL Speed V3.6
Easy CD and DVD Cover Creator 4.0
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623
FlvRecorder
Futuremark Measurement Services Client
Game Elements SGE2910BD/37 Wireless PC Control Pad
GenuTax
GetFLV Pro 4.0
Google Earth Pro
Google SketchUp 6
Google SketchUp 6
GTA San Andreas
Hallmark Card Studio 2008 Deluxe
Hide Folders XP 2.9.2 for Windows XP/Vista
HijackThis 2.0.2
HotDog Professional 7
HotDog Professional 7
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Ipswitch WS_FTP Professional 2007
iTunes
Joost (tm) Beta 1.0.3
Kaspersky Anti-Hacker
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
KeepV Flash Converter
K-Lite Codec Pack 3.7.0 Full
Launchy 1.0
Lion King
LiveUpdate 3.2 (Symantec Corporation)
Logitech Desktop Messenger
Logitech ImageStudio
MagicDisc 2.6.85
MARS MR97310 VGA
Mavis Beacon Teaches Typing Deluxe 17
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Silverlight
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (2.0.0.12)
NewsLeecher v3.8 Final
NHL® 08
NVIDIA Drivers
ODF Add-in for Microsoft Word
OfficeRecovery
OpenOffice.org 2.3
PE Builder 3.1.10a
PowerQuest PartitionMagic 8.0
PrintFolder 1.3
Privacy Eraser Pro
Pro Evolution Soccer 6
QuickTax 2007
QuickTime
RapidTyping 1.2.0.4
RealArcade
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RegCure 1.5.0.0
Registry Clean Expert
Replay Media Catcher
Riva FLV Encoder 2.0
Roxio Drag-to-Disc
Sandboxie 3.24
ScanSoft OmniPage 16
SCRABBLE® Interactive 2007 EDITION Uninstall
Sea War The Battles 2
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shareaza
Shockwave
SMPlayer 0.5.62
SopCast 2.0.4
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
System Requirements Lab
Ten Thumbs 4.7
The Panorama Factory V4 m32 Edition
The Print Shop 20
Tiger Woods PGA TOUR 08
Total Uninstall 4.6.2
Tracks Eraser Pro v7.0
TV Software 1.5.0
TVAnts 1.0
TypingMaster Pro
Ulead iPhoto Plus 4.0
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946501-v2)
User Profile Hive Cleanup Service
Visual Studio 2005 Redist Package
vTuner Plus
WatchTV++ 1.2 EN
Webshots Desktop
Webshots!
Wheel Of Fortune
Wheel of Fortune Deluxe (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 4.0
WinRAR archiver
XnView 1.93.4
XviD MPEG-4 Codec
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.0
ZimCore 1.1.1

Thanks again!


----------



## archp2007 (Oct 30, 2007)

Hello again. My Kaspersky found a virus overnight that it was unable to remove - something called Heur.invader. I tried to do a straight system restore but all the restore points were gone!! I decided to do a system state restore froom a backup done with M$ guided registry backup. This worked but Kaspessky is still driving me nuts with warnings that everything (programs, drivers, etc.) having been changed and suspicious activity, and not letting me uninstall certain programs. I had to turn off proactive defense within Kaspersky to be able to use the computer. I tried to uninstall Kaspersky but it won't let me do that either. I do have a complete disk image on a second drive from a week ago, but I'm hesitant to try restoring that because I do have some work to do and my computer is still usable.


----------



## Cookiegal (Aug 27, 2003)

Can you post the last Kaspersky log please?

Also, since doing the backup restore, please post a new uninstall list.


----------



## archp2007 (Oct 30, 2007)

Thank you for your patience. Sorry for the pages and pages of repeated lines that I had to delete because the report was too long. Avast virus report to follow.

4/9/2008 2:59:07 AM	Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 0): attempt to perform suspicious actions was blocked.
4/9/2008 3:02:32 AM	Process C:\WINDOWS\system32\dwwin.exe (PID: 0): attempt to perform suspicious actions was blocked.
4/9/2008 3:02:32 AM	Process (PID 2988) tried to access Kaspersky Anti-Virus process (PID 888), but the action has been blocked by the Self-Defense component. No action on your part is required.
4/9/2008 6:56:40 AM	Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2172): attempt to load new or modified module was blocked.
4/9/2008 6:56:40 AM	Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2172): attempt to load new or modified module was blocked.
4/9/2008 6:56:40 AM	Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2172): attempt to load new or modified module was blocked.
4/9/2008 6:56:46 AM	Some protection components are disabled. You are advised to enable them.
4/9/2008 7:38:19 AM	Protection of your computer is not running. You are advised to resume protection.


Reports
-------
Component	Status	Start	Finish	Size
---------	------	-----	------	----
Mail Anti-Virus	running	4/9/2008 9:58:44 AM 0 bytes
File Anti-Virus	disabled	4/9/2008 9:58:44 AM	4/9/2008 11:23:26 AM	0 bytes
Web Anti-Virus	running	4/9/2008 9:58:44 AM 0 bytes


Quarantine
----------
Status	Object	Size	Added
------	------	----	-----


Backup
------
Status	Object	Size
------	------	----
Infected: virus EICAR-Test-File	C:\DOCUME~1\ARCHPA~1\LOCALS~1\Temp\Av-test.txt	72 bytes
------------------------------------------------------------------------------------------------------

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acoustica CD/DVD Label Maker
Acronis*Disk Director Suite
Acronis*True*Image*Home
Active SMART
Active WebCam
Adobe Dreamweaver CS3
Adobe Reader 8.1.2
Adobe Shockwave Player
Aliant Internet Help & Support
Allok Video to FLV Converter 4.7.1202
Amadis Video Converter Suite V3.5.3
Apex Video Converter Super 6.39
Apple Mobile Device Support
ArcSoft PhotoImpression 4
ASUSUpdate
AusLogics BoostSpeed
AusLogics Disk Defrag
AusLogics Emergency Recovery
AusLogics Visual Styler
Automatic Windows Internet Washer
Azureus Vuze
Beyond TV DVD Burning Foundation
Brain Trainer
Camera Driver
Camtasia Studio 5
Canon MP Navigator 3.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint EX
CCleaner (remove only)
CD-LabelPrint
Chinese Traditional Fonts Support For Adobe Reader 8
Dcads Games Collection
Direct Show Ogg Vorbis Filter (remove only)
DivX Content Uploader
DivX Web Player
DriverGuide DriverScan
DriverGuide Toolkit
DSL Speed V3.6
Easy CD and DVD Cover Creator 4.0
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623
FlvRecorder
Futuremark Measurement Services Client
Game Elements SGE2910BD/37 Wireless PC Control Pad
GenuTax
GetFLV Pro 4.0
Google Earth Pro
Google SketchUp 6
Google SketchUp 6
GTA San Andreas
Hallmark Card Studio 2008 Deluxe
Hide Folders XP 2.9.2 for Windows XP/Vista
HijackThis 2.0.2
HotDog Professional 7
HotDog Professional 7
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Ipswitch WS_FTP Professional 2007
iTunes
Joost (tm) Beta 1.0.3
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
KeepV Flash Converter
K-Lite Codec Pack 3.7.0 Full
Launchy 1.0
Lion King
LiveUpdate 3.2 (Symantec Corporation)
Logitech Desktop Messenger
Logitech ImageStudio
MagicDisc 2.6.85
MARS MR97310 VGA
Mavis Beacon Teaches Typing Deluxe 17
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Silverlight
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (2.0.0.12)
NewsLeecher v3.8 Final
NHL® 08
NVIDIA Drivers
ODF Add-in for Microsoft Word
OfficeRecovery
OpenOffice.org 2.3
PE Builder 3.1.10a
PowerQuest PartitionMagic 8.0
PrintFolder 1.3
Privacy Eraser Pro
Pro Evolution Soccer 6
QuickTax 2007
QuickTime
RapidTyping 1.2.0.4
RealArcade
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RegCure 1.5.0.0
Registry Clean Expert
Replay Media Catcher
Riva FLV Encoder 2.0
Roxio Drag-to-Disc
Sandboxie 3.24
ScanSoft OmniPage 16
SCRABBLE® Interactive 2007 EDITION Uninstall
Sea War The Battles 2
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shareaza
Shockwave
SMPlayer 0.5.62
SopCast 2.0.4
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
System Requirements Lab
Ten Thumbs 4.7
The Panorama Factory V4 m32 Edition
The Print Shop 20
Tiger Woods PGA TOUR 08
Total Uninstall 4.6.2
Tracks Eraser Pro v7.0
TV Software 1.5.0
TVAnts 1.0
TypingMaster Pro
Ulead iPhoto Plus 4.0
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946501-v2)
User Profile Hive Cleanup Service
Visual Studio 2005 Redist Package
vTuner Plus
WatchTV++ 1.2 EN
Webshots Desktop
Webshots!
Wheel Of Fortune
Wheel of Fortune Deluxe (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 4.0
WinRAR archiver
XnView 1.93.4
XviD MPEG-4 Codec
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.0
ZimCore 1.1.1


I also have a report from Avast which I think deleted the virus and will append as soon as I reboot (on another active partition)


----------



## archp2007 (Oct 30, 2007)

Sorry the Avast did not record any log. I don't know if that was because it was a boot scan (pre-boot) or because the Avast is a demo version. In any case I was given an option soon after the scanner started to scan the affected partition to take some action against the virus. I chose delete. It was unnecessary because I should and could have done a scan on the offending executable which I might have know was highly likely to have been infected before running it. Thanks again for your patience.


----------



## archp2007 (Oct 30, 2007)

I could add that the event system errors were going on long before this.


----------



## Cookiegal (Aug 27, 2003)

I would remove the following and any other registry cleaners as they often cause more harm than good.

*RegCure 1.5.0.0
Registry Clean Expert*

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.


----------



## archp2007 (Oct 30, 2007)

Hi again,

I ran combofix just a day before I started this thread but will repeat now. Does it cause a batch file to run a del index.dat upon shutdown? I have had that happening ever since.


----------



## Cookiegal (Aug 27, 2003)

I'm not sure what would be running that batch but please remove the version of ComboFix you have and download the latest version then run the scan and post the log.


----------



## archp2007 (Oct 30, 2007)

Strange ... this is a much larger file than the other "combofix." I installed recovery console a couple of days ago. It comes up as an option each time I reboot. Do I need to repeat this procedure?


----------



## archp2007 (Oct 30, 2007)

ComboFix 08-04-09.6 - Arch Parsons 2008-04-09 17:31:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2319 [GMT -2.5:30]
Running from: C:\Documents and Settings\Arch Parsons\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 17:04 . 2008-04-09 17:04 d--------	C:\Combo-Fix
2008-04-09 16:03 . 2008-03-29 14:57	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-09 16:03 . 2008-03-29 14:56	26,944	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-09 16:03 . 2008-03-29 14:59	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-09 16:02 . 2008-04-09 16:02 d--------	C:\Program Files\Alwil Software
2008-04-09 16:02 . 2008-03-29 15:15	1,146,232	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-04-09 16:02 . 2004-01-09 05:43	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-04-09 16:02 . 2008-03-29 14:53	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-04-09 16:02 . 2008-03-29 15:05	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-09 16:02 . 2008-01-17 13:04	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-09 16:02 . 2008-03-29 15:01	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-09 16:02 . 2008-03-29 15:05	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-09 14:42 . 2008-04-09 14:42 d--------	C:\Program Files\AVG
2008-04-09 14:42 . 2008-04-09 14:51 d--------	C:\Documents and Settings\All Users\Application Data\avg8
2008-04-09 14:40 . 2008-04-09 14:40	124,688	--a------	C:\WINDOWS\system32\MSWINSCK.OCX
2008-04-09 14:37 . 2008-04-09 14:37 d--------	C:\Program Files\Kaspersky Lab
2008-04-09 13:30 . 2008-04-09 13:30 d--h-----	C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-08 13:42 . 2008-04-08 13:42 d--------	C:\Program Files\CD-LabelPrint
2008-04-08 11:20 . 2008-04-08 11:22 d--------	C:\Documents and Settings\Arch Parsons\Application Data\dvdcss
2008-04-07 01:06 . 2001-07-21 14:23	21,791	--a------	C:\WINDOWS\system32\smtpctrs.ini
2008-04-07 01:06 . 2001-07-21 14:23	8,002	--a------	C:\WINDOWS\system32\smtpctrs.h
2008-04-07 01:06 . 2001-07-21 14:23	1,037	--a------	C:\WINDOWS\system32\ntfsdrct.ini
2008-04-07 01:06 . 2001-07-21 14:23	773	--a------	C:\WINDOWS\system32\ntfsdrct.h
2008-04-07 00:04 . 2008-04-07 11:37 d--------	C:\Program Files\PFConfig
2008-04-06 19:12 . 2008-04-07 00:05 d--------	C:\WINDOWS\vbSkinner
2008-04-06 19:06 . 2008-04-06 19:06 d--------	C:\Program Files\uTorrent
2008-04-06 19:06 . 2008-04-07 16:39 d--------	C:\Documents and Settings\Arch Parsons\Application Data\uTorrent
2008-04-06 15:12 . 2008-04-06 15:12	1,392,304	--a------	C:\WINDOWS\system32\AutoPartNt.exe
2008-04-06 15:12 . 2008-04-06 15:15	1,024	--a------	C:\WINDOWS\system32\AutoPartNt.let
2008-04-05 17:40 . 2008-04-09 14:31 d--------	C:\Program Files\ab
2008-04-05 17:40 . 2008-04-09 17:38	21,738,784	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 17:40 . 2008-04-09 17:38	471,840	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 17:40 . 2008-04-09 17:35	300,524	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-05 17:40 . 2008-04-05 17:40	91,700	--a------	C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 17:40 . 2008-04-05 17:40	85,860	--a------	C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 17:40 . 2008-04-09 17:35	49,412	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-05 17:39 . 2008-04-05 17:39 d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-05 16:27 . 2008-04-05 16:30 d--------	C:\RegBack
2008-04-05 16:26 . 2008-04-05 16:26 d--------	C:\Program Files\ACW
2008-04-05 14:26 . 2004-08-04 05:26	43,520	--a--c---	C:\WINDOWS\system32\dllcache\admwprox.dll
2008-04-05 14:26 . 2004-08-04 04:26	43,520	--a------	C:\WINDOWS\system32\admwprox.dll
2008-04-05 13:26 . 2004-08-04 04:26	2,134,528	--a--c---	C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-04 15:34 . 2008-04-09 04:46	1,355	--a------	C:\WINDOWS\imsins.BAK
2008-04-04 14:12 . 2008-04-04 14:12 d--------	C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-01 12:55 . 2008-04-09 12:50 d--------	C:\Program Files\Active SMART
2008-03-28 21:31 . 2008-03-28 21:33 d--------	C:\Documents and Settings\Arch Parsons\Application Data\XnView
2008-03-28 21:27 . 2008-03-28 21:27 d--------	C:\Program Files\XnView
2008-03-28 19:39 . 1997-01-13 16:01	11,264	--a------	C:\WINDOWS\Ulead iPhoto Plus 4.SCR
2008-03-28 19:38 . 2008-03-28 19:44 d--------	C:\WINDOWS\ULEAD.DAT
2008-03-28 19:38 . 2008-03-28 19:39 d--------	C:\Program Files\Ulead iPhoto Plus 4
2008-03-28 19:38 . 2008-03-28 19:44	808	--a------	C:\WINDOWS\ULEAD32.INI
2008-03-28 19:22 . 2008-03-28 19:22 d--------	C:\Program Files\Smoky City Design
2008-03-28 09:16 . 2008-03-28 09:18 d--------	C:\Program Files\Acoustica CD Label Maker
2008-03-26 17:40 . 2008-03-26 17:40	8,192	-ra-s----	C:\BOOTSECT.BAK
2008-03-25 16:33 . 2007-06-26 15:35	59,904	--a------	C:\WINDOWS\system32\zlib1.dll
2008-03-25 15:33 . 2001-08-17 13:53	4,992	--a------	C:\WINDOWS\system32\drivers\loop.sys
2008-03-25 15:33 . 2001-08-17 13:53	4,992	--a--c---	C:\WINDOWS\system32\dllcache\loop.sys
2008-03-25 01:15 . 2006-07-21 12:21	99,176	--a------	C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2008-03-25 01:15 . 2007-02-09 13:34	51,768	--a------	C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-03-25 01:15 . 2007-02-08 21:05	12,856	--a------	C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-03-25 01:14 . 2008-03-25 01:17 d--------	C:\WINDOWS\system32\DLA
2008-03-25 01:14 . 2008-03-25 01:14 d--------	C:\Program Files\Roxio
2008-03-25 01:14 . 2006-10-26 17:21	92,920	--a------	C:\WINDOWS\DLA.EXE
2008-03-25 01:14 . 2006-10-26 17:21	56,056	--a------	C:\WINDOWS\system32\DLAAPI_W.DLL
2008-03-25 01:14 . 2007-02-08 21:05	28,120	--a------	C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2008-03-24 20:31 . 2008-03-24 20:31	132,672	--ah-----	C:\WINDOWS\system32\mlfcache.dat
2008-03-24 13:18 . 2001-05-30 01:00	352,256	--a------	C:\WINDOWS\system32\ijl15.dll
2008-03-24 13:18 . 2001-12-20 19:20	205,824	--a------	C:\WINDOWS\system32\VIC32.DLL
2008-03-24 13:18 . 2002-05-07 13:36	147,456	--a------	C:\WINDOWS\system32\mr310ipc.dll
2008-03-24 13:18 . 2002-09-09 16:19	130,309	--a------	C:\WINDOWS\system32\drivers\MR97310c.sys
2008-03-24 13:18 . 2002-08-26 19:38	61,440	--a------	C:\WINDOWS\system32\mr310ifc.dll
2008-03-24 13:18 . 2001-10-12 11:57	36,864	--a------	C:\WINDOWS\system32\mr310exv.dll
2008-03-24 13:18 . 2001-10-12 11:58	28,672	--a------	C:\WINDOWS\system32\mr310exd.dll
2008-03-24 13:18 . 2000-12-07 11:13	15,164	--a------	C:\WINDOWS\mr310twc.ini
2008-03-24 13:18 . 2002-04-12 16:31	12,106	--a------	C:\WINDOWS\mr310twc.src
2008-03-24 12:59 . 2008-03-24 12:59 d--------	C:\Program Files\DriverGuide DriverScan
2008-03-22 21:08 . 2008-03-22 21:08 d--------	C:\Program Files\[PC GAME] Monopoly 3D(1)(1)
2008-03-21 19:25 . 2008-03-27 23:56 d--------	C:\Documents and Settings\Arch Parsons\Application Data\Acronis
2008-03-21 19:09 . 2008-03-21 19:09 d--------	C:\Documents and Settings\LocalService\Application Data\Acronis
2008-03-21 19:06 . 2008-03-22 20:47 d--------	C:\Documents and Settings\All Users\Application Data\Acronis
2008-03-21 19:06 . 2008-03-21 19:06	441,760	--a------	C:\WINDOWS\system32\drivers\timntr.sys
2008-03-21 19:06 . 2008-03-21 19:06	368,544	--a------	C:\WINDOWS\system32\drivers\tdrpman.sys
2008-03-21 19:06 . 2008-03-21 19:06	129,248	--a------	C:\WINDOWS\system32\drivers\snapman.sys
2008-03-21 19:06 . 2008-03-21 19:06	44,384	--a------	C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-03-21 19:05 . 2008-03-22 20:43 d--------	C:\Program Files\Common Files\Acronis
2008-03-21 19:05 . 2008-03-22 20:43 d--------	C:\Program Files\Acronis
2008-03-20 10:33 . 2008-02-20 21:17	40,928	--a------	C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-03-20 10:33 . 2008-02-20 21:17	27,776	--a------	C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-03-20 01:22 . 2008-03-20 01:22 d--------	C:\Program Files\Hide Folders XP 2
2008-03-20 01:22 . 2007-01-23 01:26	17,264	--a------	C:\WINDOWS\system32\drivers\hfxp2.sys
2008-03-19 22:40 . 2008-03-19 22:40 d--------	C:\Program Files\r2 Studios
2008-03-18 20:42 . 2008-04-08 12:03	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-03-18 20:42 . 2008-03-18 20:42	1,409	--a------	C:\WINDOWS\QTFont.for
2008-03-17 15:33 . 2008-03-17 15:33 d--------	C:\Program Files\Launchy
2008-03-17 15:28 . 2008-04-01 23:51 d--------	C:\Documents and Settings\Arch Parsons\Application Data\Launchy
2008-03-13 14:42 . 2008-03-20 22:29 d--------	C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-13 00:28 . 2008-03-13 00:28 d--------	C:\Documents and Settings\Arch Parsons\Application Data\CD-LabelPrint
2008-03-12 22:30 . 2008-03-12 22:30 d--------	C:\Documents and Settings\Arch Parsons\Application Data\Symantec
2008-03-12 21:41 . 2008-03-21 19:01 d--------	C:\Program Files\Symantec
2008-03-11 22:49 . 2008-04-06 14:31 d--------	C:\Program Files\Easy CD & DVD Cover Creator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:31	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 17:21	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-09 16:31	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 15:33	---------	d-----w	C:\Program Files\Registry Clean Expert
2008-04-07 19:05	---------	d-----w	C:\Program Files\PeerGuardian2
2008-04-06 21:31	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Azureus
2008-04-04 16:46	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 19:11	---------	d-----w	C:\Program Files\The Print Shop 20
2008-03-25 19:02	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-25 04:47	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Canon
2008-03-25 02:28	---------	d-----w	C:\Program Files\Canon
2008-03-24 23:06	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Apple Computer
2008-03-22 23:45	---------	d-----w	C:\Program Files\Total Uninstall 4
2008-03-22 23:38	---------	d-----w	C:\Program Files\[PC GAME] Monopoly 3D(1)(1)
2008-03-22 15:59	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 15:58	---------	d-----w	C:\Program Files\GenuTax
2008-03-21 21:31	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-20 23:35	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\LimeWire
2008-03-19 03:45	---------	d-----w	C:\Program Files\ASUS
2008-03-18 22:37	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Shareaza
2008-03-16 02:19	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-10 19:52	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\OpenOffice.org2
2008-03-08 21:52	---------	d-----w	C:\Program Files\QuickTax 2007
2008-03-08 21:27	---------	d-----w	C:\Program Files\Common Files\Intuit
2008-03-08 21:27	---------	d-----w	C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-08 16:28	---------	d-----w	C:\Program Files\OpenOffice.org 2.3
2008-03-08 15:56	---------	d-----w	C:\Program Files\Clever Age
2008-03-07 03:17	---------	d-----w	C:\Program Files\Replay Media Catcher
2008-03-06 20:34	---------	d-----w	C:\Program Files\NewsLeecher
2008-03-06 20:34	---------	d-----w	C:\Program Files\IDA
2008-03-05 22:33	---------	d-----w	C:\Program Files\PowerQuest
2008-03-05 13:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Ten Thumbs Typing Tutor
2008-03-05 03:14	---------	d-----w	C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-05 03:14	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-03-03 13:30	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Download Manager
2008-03-02 20:36	---------	d-----w	C:\Program Files\Joost
2008-03-02 19:53	---------	d-----w	C:\Program Files\SatelliteTVforPC
2008-03-02 19:45	18,017	----a-w	C:\initemp.dat
2008-03-02 15:43	---------	d-----w	C:\Program Files\Automatic Windows Internet Washer
2008-03-01 23:16	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-03-01 19:10	---------	d-----w	C:\Program Files\ScanSoft
2008-03-01 19:10	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\ScanSoft
2008-03-01 19:09	---------	d-----w	C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-02-29 03:32	---------	d-----w	C:\Program Files\Ten Thumbs Typing Tutor 4.7
2008-02-28 00:44	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\MiniDm
2008-02-27 18:06	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\IEPro
2008-02-27 02:56	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\NewsLeecher
2008-02-27 00:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Visual Styler
2008-02-26 01:38	---------	d-----w	C:\Program Files\Mindscape
2008-02-25 22:08	---------	d-----w	C:\Program Files\WinPcap
2008-02-25 22:08	---------	d-----w	C:\Program Files\FlvRecorder
2008-02-24 19:04	---------	d-----w	C:\Program Files\QuickTime
2008-02-24 18:53	---------	d-----w	C:\Program Files\QuickTime(2)
2008-02-24 18:53	---------	d-----w	C:\Program Files\MARS
2008-02-24 02:47	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Internet Download Accelerator
2008-02-24 01:46	---------	d-----w	C:\Program Files\Sandboxie
2008-02-24 00:24	---------	d-----w	C:\Program Files\Your Uninstaller 2008
2008-02-24 00:24	---------	d-----w	C:\Program Files\BitComet
2008-02-23 21:09	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\UseNeXT
2008-02-23 19:40	---------	d-----w	C:\Program Files\UseNeXT
2008-02-23 19:04	---------	d-----w	C:\Program Files\iTunes
2008-02-23 19:04	---------	d-----w	C:\Program Files\iPod
2008-02-23 15:10	---------	d-----w	C:\Program Files\Amadis Software
2008-02-23 15:09	---------	d-----w	C:\Program Files\Allok Video to FLV Converter
2008-02-23 14:15	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-23 12:06	---------	d-----w	C:\Program Files\TDU
2008-02-23 03:08	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-23 03:05	---------	d-----w	C:\Program Files\NFS.ProStreet
2008-02-23 01:19	---------	d-----w	C:\Program Files\SMPlayer
2008-02-22 14:56	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\URSoft
2008-02-22 14:51	---------	d-----w	C:\Program Files\Xvid
2008-02-22 14:51	---------	d-----w	C:\Program Files\Apex
2008-02-22 04:09	---------	d-----w	C:\Program Files\GetFLV
2008-02-21 18:01	---------	d-----w	C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-02-19 20:38	---------	d-----w	C:\Program Files\Windows Desktop Search
2008-02-19 20:08	---------	d-----w	C:\Program Files\KeepV Converter
2008-02-19 03:47	---------	d-----w	C:\Program Files\Riva
2008-02-19 03:47	---------	d-----w	C:\Program Files\Common Files\SWF Studio
2008-02-18 14:24	---------	d--h--r	C:\Documents and Settings\Arch Parsons\Application Data\SecuROM
2008-02-18 00:24	---------	d-----w	C:\Program Files\SystemRequirementsLab
2008-02-17 17:21	---------	d-----w	C:\Program Files\DSL Speed
2008-02-17 14:03	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Auslogics
2008-02-16 15:57	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Zeon
2008-02-16 15:37	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Zeon
2008-02-16 04:10	---------	d-----w	C:\Program Files\PrintFolder
2008-02-16 03:51	26	----a-w	C:\Program Files\YourDir.sys
2008-02-15 00:17	---------	d-----w	C:\Program Files\Webshots
2008-02-15 00:17	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Webshots
2008-02-13 17:02	---------	d-----w	C:\Program Files\Game Elements
2008-02-13 13:35	---------	d-----w	C:\Program Files\Lion King
2008-02-13 13:26	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Visual Styler
2008-02-13 13:25	---------	d-----w	C:\Program Files\Auslogics
2008-02-13 04:31	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-13 04:29	---------	d-----w	C:\Program Files\Uninstall Plus v4.1
2008-02-13 04:26	---------	d-----w	C:\Program Files\Yahoo!
2008-02-13 04:26	---------	d-----w	C:\Program Files\CCleaner
2008-02-12 19:46	164	----a-w	C:\install.dat
2008-02-12 19:27	---------	d-----w	C:\Program Files\Common Files\Download Manager
2008-02-12 19:23	---------	d-----w	C:\Program Files\Acesoft
2008-02-12 03:26	---------	d-----w	C:\Program Files\MagicDisc
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4


----------



## archp2007 (Oct 30, 2007)

.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 17:36 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 17:36 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@={D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@={8A814C29-D3CD-4F9E-9770-DF8704503ACA}

[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2006-12-22 17:30	57344	--a------	C:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2006-12-22 17:30	57344	--a------	C:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:26 15360]
"hfxp"="C:\Program Files\Hide Folders XP 2\hfxp.exe" [2007-06-21 19:51 94096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 21:06 2595616]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 21:07 140568]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 20:53 2209224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:26 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1757981266-1500820517-725345543-1003\Scripts\Logoff\0\0]
"Script"=C:\Program Files\Automatic Windows Internet Washer\xp.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2008.lnk]
backup=C:\WINDOWS\pss\Event Planner Reminder 2008.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^Active SMART.lnk]
backup=C:\WINDOWS\pss\Active SMART.lnkStartup
path=C:\Documents and Settings\Arch Parsons\Start Menu\Programs\Startup\Active SMART.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^Expedia Fare Alert.lnk]
backup=C:\WINDOWS\pss\Expedia Fare Alert.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^Joost.lnk]
backup=C:\WINDOWS\pss\Joost.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
--a------ 2006-07-27 21:39 415744 C:\Program Files\ASUS\AI Gear\GearHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
-ra------ 2007-01-05 18:39 597504 C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
-ra------ 2006-12-29 10:54 363008 C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:_program files_wordperfe3a]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:26 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-ra------ 2006-07-12 07:17 352256 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch PC Probe II]
--a------ 2007-01-05 18:36 2129920 C:\Program Files\ASUS\PC Probe II\Probe2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 18:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore]
C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSRKey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-04 04:26 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-07-03 13:32 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2008-01-31 03:09 604920 C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
--a------ 2008-03-05 06:59 417280 C:\Program Files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2007-04-03 21:55 839680 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-03-16 09:06 868352 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STARTRIGHT]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-23 20:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2007-12-08 13:29 1335296 C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-01-11 11:18 5288960 C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordPerfect Office 1215]
--a------ 2004-06-25 16:03 733184 C:\Program Files\WordPerfect Office 12\Programs\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTrayIcon]
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"C:\\Program Files\\AnGuest Pro\\AnGuest.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Active WebCam\\WebCam.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Zone.com Deluxe Games\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Arch Parsons\\Desktop\\TV\\viviplay.exe"=
"C:\\Program Files\\Webshots\\Swebexec.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8015:TCP"= 8015:TCP:*isabled:BitComet 8015 TCP
"8015:UDP"= 8015:UDP:*isabled:BitComet 8015 UDP
"24387:TCP"= 24387:TCP:*isabled:BitCometBeta 24387 TCP
"24387:UDP"= 24387:UDP:*isabled:BitCometBeta 24387 UDP
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"7201:TCP"= 7201:TCP:*isabled:BitCometBeta 7201 TCP
"7201:UDP"= 7201:UDP:*isabled:BitCometBeta 7201 UDP
"18901:TCP"= 18901:TCP:*isabled:BitCometBeta 18901 TCP
"18901:UDP"= 18901:UDP:*isabled:BitCometBeta 18901 UDP
"26008:TCP"= 26008:TCP:*isabled:BitCometBeta 26008 TCP
"26008:UDP"= 26008:UDP:*isabled:BitCometBeta 26008 UDP
"8380:TCP"= 8380:TCP:BitComet 8380 TCP
"8380:UDP"= 8380:UDP:BitComet 8380 UDP
"23332:TCP"= 23332:TCP:BitComet 23332 TCP
"23332:UDP"= 23332:UDP:BitComet 23332 UDP

R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2007-01-23 01:26]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-03-21 19:06]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:01]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 21:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:05]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 21:51]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-03-05 06:59]
R3 XPAD910;XPADFilter Service 910;C:\WINDOWS\system32\DRIVERS\xpad910.sys [2006-05-10 00:48]
S0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys []
S0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys []
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 15:20]
S2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe [2006-12-22 17:30]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 04:26]
S3 BIOSCHK;BIOSCHK;C:\DOCUME~1\ARCHPA~1\LOCALS~1\Temp\TII74.tmp\disk1\BIOSCHK.SYS []
S3 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCares 2007\FolderProtectDriver.sys [2006-12-12 16:25]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2002-06-10 15:20]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 13:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-09 20:07:43 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-27 10:23:50 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-11 03:34:01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-09 13:26:08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{DCB2E133-7D93-4E54-9112-DCDB801D2652}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 17:38:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-09 17:41:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 20:10:54
ComboFix2.txt 2008-04-07 14:51:41
Pre-Run: 92,544,339,968 bytes free
Post-Run: 92,530,110,464 bytes free
.
2008-04-09 07:16:43	--- E O F ---


----------



## archp2007 (Oct 30, 2007)

I notice many applications named that were uninstalled a long time ago.


----------



## archp2007 (Oct 30, 2007)

Hello again. Thanks for your continued interest. I noticed after running combofix that the Avast Icons are no longer visible in the systray. I also tried restoring the last two restore points but both failed. The XP recovery manager at boot go past the drive letter prompt. I reinstalled Avast but the icons are still not visible. I don't know if that affects the protection level or not.

Here is the log file of a partial scan done overnight and this morning. I ran the antivirus from another partition but inside Windows this time. Most of the references were to the affected partition (XP).

4/9/2008 9:51:52 AM	Arch	3776	Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A. 
4/9/2008 9:52:57 AM	Arch	3792	Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A. 
4/9/2008 12:49:02 AM	Arch	1732	Sign of "Win32:Notre" has been found in "D:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP.7.125_12.13_16.56_1d8.SRV.full.dmp" file. 
4/9/2008 12:49:30 AM	Arch	1732	Sign of "Win32:Notre" has been found in "D:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP.7.125_12.13_17.19_1d0.SRV.full.dmp" file. 
4/9/2008 12:49:41 AM	Arch	1732	Sign of "Win32:Notre" has been found in "D:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP.7.125_12.13_18.19_1d4.SRV.full.dmp" file. 
4/9/2008 12:50:10 AM	Arch	1732	Sign of "Win32:Notre" has been found in "D:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP.7.125_12.13_21.30_150.SRV.full.dmp" file. 
4/9/2008 3:23:16 AM	Arch	1732	Sign of "Win32:Notre" has been found in "D:\WINDOWS\MEMORY.DMP" file. 
4/9/2008 6:47:26 AM	Arch	1732	Sign of "Win32:Agent-SLI [Trj]" has been found in "E:\Documents and Settings\All Users\Desktop\Activation.exe" file. 
4/9/2008 10:11:31 AM	Arch	1732	Sign of "Win32:Agent-SLI [Trj]" has been found in "I:\hiberfil.sys" file.


----------



## archp2007 (Oct 30, 2007)

This is Avast I notice that it is picking up items in the Kaspersky vault whihc evidently weren't deleted. Kaspersky is awfully hard to uninstall.


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## archp2007 (Oct 30, 2007)

Hello. It's nice to see you back. Thanks for your continued assistance. Here first is the combofix report: (had to cut in two halves again)

ComboFix 08-04-09.6 - Arch Parsons 2008-04-12 14:31:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2206 [GMT -2.5:30]
Running from: C:\Documents and Settings\Arch Parsons\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arch Parsons\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 09:43 . 2008-04-12 09:43 d--------	C:\Documents and Settings\NetworkService\Application Data\Acronis
2008-04-11 00:21 . 2008-04-11 00:21	230	--a------	C:\WINDOWS\system32\spupdsvc.inf
2008-04-11 00:09 . 2008-04-11 00:09 d--------	C:\Program Files\MSXML 6.0
2008-04-10 22:40 . 2008-04-11 00:09	1,374	--a------	C:\WINDOWS\imsins.BAK
2008-04-10 13:27 . 2008-04-12 12:01 d--------	C:\Program Files\Mozilla Thunderbird
2008-04-10 13:27 . 2008-04-10 13:27 d--------	C:\Documents and Settings\Arch Parsons\Application Data\Thunderbird
2008-04-10 13:27 . 2008-04-10 13:27	0	--a------	C:\WINDOWS\nsreg.dat
2008-04-10 09:45 . 2008-04-12 14:23	4	--a------	C:\WINDOWS\system32\msdbcrpt.kar.{7a4ef142-86a0-409d-ab1d-7e17d45357b9}
2008-04-10 09:45 . 2008-04-12 14:23	4	--a------	C:\WINDOWS\system32\fsdbcrpt.kar.{7a4ef142-86a0-409d-ab1d-7e17d45357b9}
2008-04-10 09:44 . 2008-04-10 09:44 d--------	C:\Program Files\GFI
2008-04-10 00:03 . 2008-03-29 15:01	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-10 00:03 . 2008-03-29 15:05	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-09 23:58 . 2008-03-29 14:57	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-09 23:58 . 2008-03-29 14:56	26,944	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-09 23:58 . 2008-03-29 14:59	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-09 23:57 . 2008-03-29 15:15	1,146,232	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-04-09 23:57 . 2004-01-09 05:43	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-04-09 23:57 . 2008-03-29 14:53	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-04-09 23:57 . 2008-03-29 15:05	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-09 23:57 . 2008-01-17 13:04	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-09 17:04 . 2008-04-09 20:37 d--------	C:\Combo-Fix
2008-04-09 16:02 . 2008-04-09 16:02 d--------	C:\Program Files\Alwil Software
2008-04-09 14:42 . 2008-04-09 14:42 d--------	C:\Program Files\AVG
2008-04-09 14:42 . 2008-04-09 14:51 d--------	C:\Documents and Settings\All Users\Application Data\avg8
2008-04-09 14:40 . 2008-04-09 14:40	124,688	--a------	C:\WINDOWS\system32\MSWINSCK.OCX
2008-04-09 13:30 . 2008-04-09 13:30 d--h-----	C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-08 13:42 . 2008-04-08 13:42 d--------	C:\Program Files\CD-LabelPrint
2008-04-08 11:20 . 2008-04-10 20:03 d--------	C:\Documents and Settings\Arch Parsons\Application Data\dvdcss
2008-04-07 01:06 . 2001-07-21 14:23	21,791	--a------	C:\WINDOWS\system32\smtpctrs.ini
2008-04-07 01:06 . 2001-07-21 14:23	8,002	--a------	C:\WINDOWS\system32\smtpctrs.h
2008-04-07 01:06 . 2001-07-21 14:23	1,037	--a------	C:\WINDOWS\system32\ntfsdrct.ini
2008-04-07 01:06 . 2001-07-21 14:23	773	--a------	C:\WINDOWS\system32\ntfsdrct.h
2008-04-07 00:04 . 2008-04-07 11:37 d--------	C:\Program Files\PFConfig
2008-04-06 19:12 . 2008-04-07 00:05 d--------	C:\WINDOWS\vbSkinner
2008-04-06 19:06 . 2008-04-06 19:06 d--------	C:\Program Files\uTorrent
2008-04-06 19:06 . 2008-04-10 15:27 d--------	C:\Documents and Settings\Arch Parsons\Application Data\uTorrent
2008-04-06 15:12 . 2008-04-06 15:12	1,392,304	--a------	C:\WINDOWS\system32\AutoPartNt.exe
2008-04-06 15:12 . 2008-04-06 15:15	1,024	--a------	C:\WINDOWS\system32\AutoPartNt.let
2008-04-05 17:40 . 2008-04-09 14:31 d--------	C:\Program Files\ab
2008-04-05 17:40 . 2008-04-12 14:36	30,510,624	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-05 17:40 . 2008-04-12 14:36	567,072	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-05 17:40 . 2008-04-12 14:33	418,004	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-05 17:40 . 2008-04-05 17:40	91,700	--a------	C:\WINDOWS\system32\drivers\klin.dat
2008-04-05 17:40 . 2008-04-05 17:40	85,860	--a------	C:\WINDOWS\system32\drivers\klick.dat
2008-04-05 17:40 . 2008-04-12 14:33	59,384	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-05 17:39 . 2008-04-05 17:39 d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-05 16:27 . 2008-04-05 16:30 d--------	C:\RegBack
2008-04-05 16:26 . 2008-04-05 16:26 d--------	C:\Program Files\ACW
2008-04-05 14:26 . 2004-08-04 05:26	43,520	--a--c---	C:\WINDOWS\system32\dllcache\admwprox.dll
2008-04-05 14:26 . 2004-08-04 04:26	43,520	--a------	C:\WINDOWS\system32\admwprox.dll
2008-04-05 13:26 . 2004-08-04 04:26	2,134,528	--a--c---	C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-04 14:12 . 2008-04-04 14:12 d--------	C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-01 12:55 . 2008-04-09 12:50 d--------	C:\Program Files\Active SMART
2008-03-28 21:31 . 2008-03-28 21:33 d--------	C:\Documents and Settings\Arch Parsons\Application Data\XnView
2008-03-28 21:27 . 2008-03-28 21:27 d--------	C:\Program Files\XnView
2008-03-28 19:39 . 1997-01-13 16:01	11,264	--a------	C:\WINDOWS\Ulead iPhoto Plus 4.SCR
2008-03-28 19:38 . 2008-03-28 19:44 d--------	C:\WINDOWS\ULEAD.DAT
2008-03-28 19:38 . 2008-03-28 19:39 d--------	C:\Program Files\Ulead iPhoto Plus 4
2008-03-28 19:38 . 2008-04-12 10:54	872	--a------	C:\WINDOWS\ULEAD32.INI
2008-03-28 19:22 . 2008-03-28 19:22 d--------	C:\Program Files\Smoky City Design
2008-03-28 09:16 . 2008-03-28 09:18 d--------	C:\Program Files\Acoustica CD Label Maker
2008-03-26 17:40 . 2008-03-26 17:40	8,192	-ra-s----	C:\BOOTSECT.BAK
2008-03-25 16:33 . 2007-06-26 15:35	59,904	--a------	C:\WINDOWS\system32\zlib1.dll
2008-03-25 15:33 . 2001-08-17 13:53	4,992	--a------	C:\WINDOWS\system32\drivers\loop.sys
2008-03-25 15:33 . 2001-08-17 13:53	4,992	--a--c---	C:\WINDOWS\system32\dllcache\loop.sys
2008-03-25 01:15 . 2006-07-21 12:21	99,176	--a------	C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2008-03-25 01:15 . 2007-02-09 13:34	51,768	--a------	C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-03-25 01:15 . 2007-02-08 21:05	12,856	--a------	C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-03-25 01:14 . 2008-03-25 01:17 d--------	C:\WINDOWS\system32\DLA
2008-03-25 01:14 . 2008-03-25 01:14 d--------	C:\Program Files\Roxio
2008-03-25 01:14 . 2006-10-26 17:21	92,920	--a------	C:\WINDOWS\DLA.EXE
2008-03-25 01:14 . 2006-10-26 17:21	56,056	--a------	C:\WINDOWS\system32\DLAAPI_W.DLL
2008-03-25 01:14 . 2007-02-08 21:05	28,120	--a------	C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2008-03-24 20:31 . 2008-03-24 20:31	132,672	--ah-----	C:\WINDOWS\system32\mlfcache.dat
2008-03-24 13:18 . 2001-05-30 01:00	352,256	--a------	C:\WINDOWS\system32\ijl15.dll
2008-03-24 13:18 . 2001-12-20 19:20	205,824	--a------	C:\WINDOWS\system32\VIC32.DLL
2008-03-24 13:18 . 2002-05-07 13:36	147,456	--a------	C:\WINDOWS\system32\mr310ipc.dll
2008-03-24 13:18 . 2002-09-09 16:19	130,309	--a------	C:\WINDOWS\system32\drivers\MR97310c.sys
2008-03-24 13:18 . 2002-08-26 19:38	61,440	--a------	C:\WINDOWS\system32\mr310ifc.dll
2008-03-24 13:18 . 2001-10-12 11:57	36,864	--a------	C:\WINDOWS\system32\mr310exv.dll
2008-03-24 13:18 . 2001-10-12 11:58	28,672	--a------	C:\WINDOWS\system32\mr310exd.dll
2008-03-24 13:18 . 2000-12-07 11:13	15,164	--a------	C:\WINDOWS\mr310twc.ini
2008-03-24 13:18 . 2002-04-12 16:31	12,106	--a------	C:\WINDOWS\mr310twc.src
2008-03-24 12:59 . 2008-03-24 12:59 d--------	C:\Program Files\DriverGuide DriverScan
2008-03-22 21:08 . 2008-03-22 21:08 d--------	C:\Program Files\[PC GAME] Monopoly 3D(1)(1)
2008-03-21 19:25 . 2008-03-27 23:56 d--------	C:\Documents and Settings\Arch Parsons\Application Data\Acronis
2008-03-21 19:09 . 2008-03-21 19:09 d--------	C:\Documents and Settings\LocalService\Application Data\Acronis
2008-03-21 19:06 . 2008-03-22 20:47 d--------	C:\Documents and Settings\All Users\Application Data\Acronis
2008-03-21 19:06 . 2008-03-21 19:06	441,760	--a------	C:\WINDOWS\system32\drivers\timntr.sys
2008-03-21 19:06 . 2008-03-21 19:06	368,544	--a------	C:\WINDOWS\system32\drivers\tdrpman.sys
2008-03-21 19:06 . 2008-03-21 19:06	129,248	--a------	C:\WINDOWS\system32\drivers\snapman.sys
2008-03-21 19:06 . 2008-03-21 19:06	44,384	--a------	C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-03-21 19:05 . 2008-03-22 20:43 d--------	C:\Program Files\Common Files\Acronis
2008-03-21 19:05 . 2008-03-22 20:43 d--------	C:\Program Files\Acronis
2008-03-20 10:33 . 2008-02-20 21:17	40,928	--a------	C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-03-20 10:33 . 2008-02-20 21:17	27,776	--a------	C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-03-20 01:22 . 2008-03-20 01:22 d--------	C:\Program Files\Hide Folders XP 2
2008-03-20 01:22 . 2007-01-23 01:26	17,264	--a------	C:\WINDOWS\system32\drivers\hfxp2.sys
2008-03-19 22:40 . 2008-03-19 22:40 d--------	C:\Program Files\r2 Studios
2008-03-18 20:42 . 2008-04-12 10:48	54,156	--ah-----	C:\WINDOWS\QTFont.qfn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 17:57	---------	d-----w	C:\Program Files\PeerGuardian2
2008-04-10 12:51	---------	d-----w	C:\Program Files\Microsoft.NET
2008-04-10 12:14	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-09 19:31	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 17:21	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-09 15:33	---------	d-----w	C:\Program Files\Registry Clean Expert
2008-04-09 03:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 21:31	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Azureus
2008-04-06 17:01	---------	d-----w	C:\Program Files\Easy CD & DVD Cover Creator
2008-04-04 16:46	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-28 19:11	---------	d-----w	C:\Program Files\The Print Shop 20
2008-03-25 04:47	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Canon
2008-03-25 02:28	---------	d-----w	C:\Program Files\Canon
2008-03-24 23:06	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Apple Computer
2008-03-22 23:45	---------	d-----w	C:\Program Files\Total Uninstall 4
2008-03-22 23:38	---------	d-----w	C:\Program Files\[PC GAME] Monopoly 3D(1)(1)
2008-03-22 15:59	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 15:58	---------	d-----w	C:\Program Files\GenuTax
2008-03-21 21:31	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-20 23:35	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\LimeWire
2008-03-19 03:45	---------	d-----w	C:\Program Files\ASUS
2008-03-18 22:37	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Shareaza
2008-03-16 02:19	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-10 19:52	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\OpenOffice.org2
2008-03-10 18:31	---------	d-----w	C:\Program Files\OfficeRecovery
2008-03-09 23:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\GenuTax
2008-03-08 21:52	---------	d-----w	C:\Program Files\QuickTax 2007
2008-03-08 21:27	---------	d-----w	C:\Program Files\Common Files\Intuit
2008-03-08 21:27	---------	d-----w	C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-08 16:28	---------	d-----w	C:\Program Files\OpenOffice.org 2.3
2008-03-08 15:56	---------	d-----w	C:\Program Files\Clever Age
2008-03-07 03:17	---------	d-----w	C:\Program Files\Replay Media Catcher
2008-03-06 20:34	---------	d-----w	C:\Program Files\NewsLeecher
2008-03-06 20:34	---------	d-----w	C:\Program Files\IDA
2008-03-05 22:33	---------	d-----w	C:\Program Files\PowerQuest
2008-03-05 13:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Ten Thumbs Typing Tutor
2008-03-05 03:14	---------	d-----w	C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-05 03:14	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-03-03 13:30	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Download Manager
2008-03-02 20:36	---------	d-----w	C:\Program Files\Joost
2008-03-02 19:53	---------	d-----w	C:\Program Files\SatelliteTVforPC
2008-03-02 19:45	18,017	----a-w	C:\initemp.dat
2008-03-02 15:43	---------	d-----w	C:\Program Files\Automatic Windows Internet Washer
2008-03-01 23:16	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-03-01 19:10	---------	d-----w	C:\Program Files\ScanSoft
2008-03-01 19:10	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\ScanSoft
2008-03-01 19:09	---------	d-----w	C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-02-29 03:32	---------	d-----w	C:\Program Files\Ten Thumbs Typing Tutor 4.7
2008-02-28 00:44	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\MiniDm
2008-02-27 18:06	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\IEPro
2008-02-27 02:56	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\NewsLeecher
2008-02-27 00:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Visual Styler
2008-02-26 01:38	---------	d-----w	C:\Program Files\Mindscape
2008-02-25 22:08	---------	d-----w	C:\Program Files\WinPcap
2008-02-25 22:08	---------	d-----w	C:\Program Files\FlvRecorder
2008-02-24 19:04	---------	d-----w	C:\Program Files\QuickTime
2008-02-24 18:53	---------	d-----w	C:\Program Files\QuickTime(2)
2008-02-24 18:53	---------	d-----w	C:\Program Files\MARS
2008-02-24 02:47	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Internet Download Accelerator
2008-02-24 01:46	---------	d-----w	C:\Program Files\Sandboxie
2008-02-24 00:24	---------	d-----w	C:\Program Files\Your Uninstaller 2008
2008-02-24 00:24	---------	d-----w	C:\Program Files\BitComet
2008-02-23 21:09	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\UseNeXT
2008-02-23 19:40	---------	d-----w	C:\Program Files\UseNeXT
2008-02-23 19:04	---------	d-----w	C:\Program Files\iTunes
2008-02-23 19:04	---------	d-----w	C:\Program Files\iPod
2008-02-23 15:10	---------	d-----w	C:\Program Files\Amadis Software
2008-02-23 15:09	---------	d-----w	C:\Program Files\Allok Video to FLV Converter
2008-02-23 14:15	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-23 12:06	---------	d-----w	C:\Program Files\TDU
2008-02-23 03:08	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-23 03:05	---------	d-----w	C:\Program Files\NFS.ProStreet
2008-02-23 01:19	---------	d-----w	C:\Program Files\SMPlayer
2008-02-22 14:56	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\URSoft
2008-02-22 14:51	---------	d-----w	C:\Program Files\Xvid
2008-02-22 14:51	---------	d-----w	C:\Program Files\Apex
2008-02-22 04:09	---------	d-----w	C:\Program Files\GetFLV
2008-02-21 18:01	---------	d-----w	C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-02-19 20:38	---------	d-----w	C:\Program Files\Windows Desktop Search
2008-02-19 20:08	---------	d-----w	C:\Program Files\KeepV Converter
2008-02-19 03:47	---------	d-----w	C:\Program Files\Riva
2008-02-19 03:47	---------	d-----w	C:\Program Files\Common Files\SWF Studio
2008-02-18 14:24	---------	d--h--r	C:\Documents and Settings\Arch Parsons\Application Data\SecuROM
2008-02-18 00:24	---------	d-----w	C:\Program Files\SystemRequirementsLab
2008-02-17 17:21	---------	d-----w	C:\Program Files\DSL Speed
2008-02-17 14:03	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Auslogics
2008-02-16 15:57	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Zeon
2008-02-16 15:37	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Zeon
2008-02-16 04:10	---------	d-----w	C:\Program Files\PrintFolder
2008-02-16 03:51	26	----a-w	C:\Program Files\YourDir.sys
2008-02-15 00:17	---------	d-----w	C:\Program Files\Webshots
2008-02-15 00:17	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Webshots
2008-02-13 17:02	---------	d-----w	C:\Program Files\Game Elements
2008-02-13 13:35	---------	d-----w	C:\Program Files\Lion King
2008-02-13 13:26	---------	d-----w	C:\Documents and Settings\Arch Parsons\Application Data\Visual Styler
2008-02-13 13:25	---------	d-----w	C:\Program Files\Auslogics
2008-02-13 04:31	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-13 04:29	---------	d-----w	C:\Program Files\Uninstall Plus v4.1
2008-02-13 04:26	---------	d-----w	C:\Program Files\Yahoo!
2008-02-13 04:26	---------	d-----w	C:\Program Files\CCleaner
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 17:36 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 17:36 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@={D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@={8A814C29-D3CD-4F9E-9770-DF8704503ACA}

[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2006-12-22 17:30	57344	--a------	C:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2006-12-22 17:30	57344	--a------	C:\Program Files\Spotmau WinCares 2007\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:26 15360]
"hfxp"="C:\Program Files\Hide Folders XP 2\hfxp.exe" [2007-06-21 19:51 94096]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 21:06 2595616]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 21:07 140568]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 20:53 2209224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-23 20:54 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:26 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1757981266-1500820517-725345543-1003\Scripts\Logoff\0\0]
"Script"=C:\Program Files\Automatic Windows Internet Washer\xp.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""


----------



## archp2007 (Oct 30, 2007)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2008.lnk]
backup=C:\WINDOWS\pss\Event Planner Reminder 2008.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
backup=C:\WINDOWS\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^Active SMART.lnk]
backup=C:\WINDOWS\pss\Active SMART.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^Expedia Fare Alert.lnk]
backup=C:\WINDOWS\pss\Expedia Fare Alert.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^Joost.lnk]
backup=C:\WINDOWS\pss\Joost.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arch Parsons^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
--a------ 2006-07-27 21:39 415744 C:\Program Files\ASUS\AI Gear\GearHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
-ra------ 2007-01-05 18:39 597504 C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
-ra------ 2006-12-29 10:54 363008 C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:_program files_wordperfe3a]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
\ /c C:\Combo-Fix\Combobatch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:26 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-ra------ 2006-07-12 07:17 352256 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch PC Probe II]
--a------ 2007-01-05 18:36 2129920 C:\Program Files\ASUS\PC Probe II\Probe2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-12-10 19:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-12-10 19:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 18:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGServer]
C:\Program Files\Symantec\Ghost\ngserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore]
C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSRKey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-08-04 04:26 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-07-03 13:32 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF4 Registry Controller]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2008-01-31 03:09 604920 C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
--a------ 2008-03-05 06:59 417280 C:\Program Files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2007-04-03 21:55 839680 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-03-16 09:06 868352 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergency.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STARTRIGHT]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-23 20:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2007-12-08 13:29 1335296 C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-01-11 11:18 5288960 C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordPerfect Office 1215]
--a------ 2004-06-25 16:03 733184 C:\Program Files\WordPerfect Office 12\Programs\Registration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTrayIcon]
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"C:\\Program Files\\AnGuest Pro\\AnGuest.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Active WebCam\\WebCam.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Zone.com Deluxe Games\\Wheel of Fortune Deluxe\\Wheel of Fortune Deluxe.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Arch Parsons\\Desktop\\TV\\viviplay.exe"=
"C:\\Program Files\\Webshots\\Swebexec.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8015:TCP"= 8015:TCP:*isabled:BitComet 8015 TCP
"8015:UDP"= 8015:UDP:*isabled:BitComet 8015 UDP
"24387:TCP"= 24387:TCP:*isabled:BitCometBeta 24387 TCP
"24387:UDP"= 24387:UDP:*isabled:BitCometBeta 24387 UDP
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"7201:TCP"= 7201:TCP:*isabled:BitCometBeta 7201 TCP
"7201:UDP"= 7201:UDP:*isabled:BitCometBeta 7201 UDP
"18901:TCP"= 18901:TCP:*isabled:BitCometBeta 18901 TCP
"18901:UDP"= 18901:UDP:*isabled:BitCometBeta 18901 UDP
"26008:TCP"= 26008:TCP:*isabled:BitCometBeta 26008 TCP
"26008:UDP"= 26008:UDP:*isabled:BitCometBeta 26008 UDP
"8380:TCP"= 8380:TCP:BitComet 8380 TCP
"8380:UDP"= 8380:UDP:BitComet 8380 UDP
"23332:TCP"= 23332:TCP:BitComet 23332 TCP
"23332:UDP"= 23332:UDP:BitComet 23332 UDP

R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2007-01-23 01:26]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-03-21 19:06]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:01]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 21:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:05]
R2 EventsManager Processor Agent Service;GFI EventsManager;C:\Program Files\GFI\EventsManager 8\esmproc.exe [2008-03-19 02:39]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 21:51]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-03-05 06:59]
R3 XPAD910;XPADFilter Service 910;C:\WINDOWS\system32\DRIVERS\xpad910.sys [2006-05-10 00:48]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 15:20]
S2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe [2006-12-22 17:30]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 04:26]
S3 BIOSCHK;BIOSCHK;C:\DOCUME~1\ARCHPA~1\LOCALS~1\Temp\TII74.tmp\disk1\BIOSCHK.SYS []
S3 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCares 2007\FolderProtectDriver.sys [2006-12-12 16:25]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2002-06-10 15:20]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D49A2992-890A-0494-1101-C070EA64EF23}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 13:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-12 17:06:13 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-27 10:23:50 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-11 03:34:01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 14:36:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-12 14:40:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 17:09:58
ComboFix2.txt 2008-04-09 20:11:04
ComboFix3.txt 2008-04-07 14:51:41
Pre-Run: 94,637,424,640 bytes free
Post-Run: 94,617,358,336 bytes free
.
2008-04-11 11:10:07	--- E O F ---


----------



## archp2007 (Oct 30, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:51 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hide Folders XP 2\hfxp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost
O2 - BHO: (no name) - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [hfxp] "C:\Program Files\Hide Folders XP 2\hfxp.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207880985718
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GFI EventsManager (EventsManager Processor Agent Service) - GFi Software Ltd - C:\Program Files\GFI\EventsManager 8\esmproc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 9621 bytes


----------



## archp2007 (Oct 30, 2007)

Hello again, The computer seems to be running better now. I finally stopped the Kaspersky erros by running a couple of Kaspsersky uninstall programs, but I also had to go into msconfig in safe mode and turn off Kaspersky Service. I also started getting IE script errors when trying to access Admin Tools. I got rid of those by uninstalling IE7 and going back to IE6. Actually I'm using Firefox most of the time now. I seem to have ascertained that, at this point, the errors, which occur in bunches of five or six happen only at shutdown and/or startup. Here's the five errors I get in order of sequence each time I restart. I could point out that it takes 90 seconds to shut down.

1. The service metabase path '/LM/W3SVC/' could not be opened.
2. The FolderProtectService service failed to start due to the following error: Access is denied. \par
3. The ProtexisLicensing service failed to start due to the following error: Access is denied.\par
4. The World Wide Web Publishing service terminated with the following error: The system cannot find the path specified\par
5.The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: The system cannot find the path specified.


----------



## archp2007 (Oct 30, 2007)

Hello, Can you tell me how to get my antivirus systray icons back without uninstalling and reinstalling Avast? They disappear after running Combofix. I find them convenient to click on to shut down or update Avast, etc.


----------



## Cookiegal (Aug 27, 2003)

Are you still getting those errors after reverting back to IE6?

I don't think ComboFix is responsible for the Avast icons disappearing. Here is a possible solution for that:

http://www.avast.com/eng/faq-blue-ball-icons.html


----------



## archp2007 (Oct 30, 2007)

Thanks Cookiegal! The ashdisp.exe brought back the blue ball icons instantaneously!
I have a couple of other strange problems which may have started before the Combofix run. I'm not sure. One is that email links no longer work. Nothing happend when I click on them. Mozilla will work if I copy and paste the link into the address bar. The other quirk is that IE6 no longer works. When I click on a favourite or paste in a link it get this error (attached).


----------



## Cookiegal (Aug 27, 2003)

Try this please:

Click *Start * *Run* - copy and paste the following and click OK. :

*regsvr32 urlmon.dll* .

When you receive the "DllRegisterServer in urlmon.dll succeeded" message, click OK.

If this does not resolve the problem, repeat the above process for each of the following files:


Shdocvw.dll
Actxprxy.dll
Oleaut32.dll
Mshtml.dll
Browseui.dll
Shell32.dll

Let me know if the links work after doing the above please.


----------



## archp2007 (Oct 30, 2007)

I forgot to answer your question. Yes, I was able to get into Administrative Tools Services without getting those IE Script errors when I downgraded to IE6, but now I have a totally dysfunctional IE6. All it does is open! I wonder is it possible to reinstall IE6?


----------



## Cookiegal (Aug 27, 2003)

Have you tried my last instructions? We were posting around the same time.


----------



## archp2007 (Oct 30, 2007)

Sorry, missed that. I just ran each of these and the problem persists. Is a reboot needed?


----------



## archp2007 (Oct 30, 2007)

There is one more thing that I have noticed today, and that is an extra line or two in that batch file that runs at shutdown. Besides the del /f /s /h index.dat, it also attempts to delete data from a folder called IE5. That sounds like some security program I installed this past week. Will have to check recently installed programs.


----------



## archp2007 (Oct 30, 2007)

I'm thinking that was probably content.ie5 whatever that is


----------



## Cookiegal (Aug 27, 2003)

archp2007 said:


> Sorry, missed that. I just ran each of these and the problem persists. Is a reboot needed?


Try rebooting.

Can you post the entire contents of the batch file please.


----------



## archp2007 (Oct 30, 2007)

How do I do that? I don't know how to do a screen capture outside of Windows and the lines only appear for a split second in a cmd window just at the start of shut down. I can take a video clip.


----------



## archp2007 (Oct 30, 2007)

I couldn't read either a video or a still image taken of the CRT screen. Here is the best I could get which is not readable. I'll reboot a few times and try to copy down what I see. Is there a shutdown log which I can read to find out the name of this batch file?


----------



## Cookiegal (Aug 27, 2003)

ComboFix clears the Content.Ie5 folder but it shouldn't be happened on every shutdown.

Let's try running this tool that may fix IE:

http://www.majorgeeks.com/download4899.html


----------



## archp2007 (Oct 30, 2007)

Thanks

Yes, I think that's the problem. The same thing happens with Avast in that every shutdown I have to rerun that avshdisp.exe file to get the blue icons back. Whatever my problems are they seem to revolve around shutdown issues. The two lines that run are something like this:

del /f /s /q c:/documents~1/myname/Index.dat

and then only recently the confirmation line is also appearing

deleted file c:/documents_1/local settings/temporary internet files/conent.ie5\index.dat

I will try that link you suggested and get back to you.

I appreciate all this time you are spending for me.


----------



## archp2007 (Oct 30, 2007)

I think this is one of those programs that you scan and then you have to pay for it to get rid of the many supposed bad entries. I find Registry cleaners cause more problems than they fix. I'd sooner just reformat. Out of 115 "errors" it is willing to remove 15 for free. Thanks anyway.


----------



## Cookiegal (Aug 27, 2003)

I didn't recommend any registry cleaner. I never do as I don't believe in them and you are correct, they cause more problems than they fix.

I wanted you to run Dial-A-Fix.


----------



## archp2007 (Oct 30, 2007)

I do apologize. I will have another look on that page. I think it was the ad I saw!!!


----------



## archp2007 (Oct 30, 2007)

What do I check off before I click GO?


----------



## Cookiegal (Aug 27, 2003)

No problem. The ad is overpowering. 

There should be a "check all" option. I would go with that one.

It might be a good idea to create a new restore point before running the tool just as a precaution but I don't expect any problems.


----------



## archp2007 (Oct 30, 2007)

Hi again,
Well, it didn't cause any problems such as requiring a system restore. It ran normally and stopped and started all the various services. I rebooted at the end and tried email links but nothing had changed. I am still getting the 5 or 6 event errors on every reboot as well. I have to paste the links into Firefox. I tried setting program access defaults to all microsoft and custom and now all non-microsoft but nothing can bring back the links, and nothing can bring back a functioning IE. I still get that this file does not have an associated program error when I try to open a site. Firefox is working perfectly, but not IE and not the email links. Frustrating!


----------



## Cookiegal (Aug 27, 2003)

I"m going to take a break for most of the rest of the evening but will review this thread and post back in the morning.


----------



## archp2007 (Oct 30, 2007)

No problem. I went back to IE7 which is working as well as the email links. Let me check admin tools. Yes, they're working too. It looks like something got fixed. I'll check the errors and post back for you to read tomorrow. Thanks for all that you have done.


----------



## archp2007 (Oct 30, 2007)

I just did a reboot. I still get those five or six access denied system events on reboot. I'm guessing it's on shutdown because there are a lot of other events without error after that. It's a matter of figuring out what could be going on during shutdown to cause access denied messages with regard to services. Maybe it's during startup. Why would services need to be accessed anyhow if the computer is shutting down and Windows is no longer needed? On a positive note, these errors may be academic. None of them seems to be related to system or application crashes at this time. I wonder how to get rid of the combofix index.dat file delete process on shutdown, or is that important? I inserted ashdisp.exe in startup programs so I would get the Avast icons to show automatically on each reboot, but that's a bandaid fix. Hope to talk to you tomorrow. Thanks.


----------



## Cookiegal (Aug 27, 2003)

Go to Start - Run and copy and paste the following then click OK. This will uninstall ComboFix and all of its components.

*ComboFix /u*

Now let's disable your folder hiding program as a test to see if it could be responsible for the errors.

Go to Start - Run - type in msconfig - click OK and click on the startup tab.

Uncheck the following item and then click "Apply" and OK.

*hfxp*

Then let me know if you're still getting those errors please.


----------



## archp2007 (Oct 30, 2007)

Good Day. Thank you for your continued assistance. Actually the streak of errors on the first reboot was the highest I can recall seeing. I clenared the system events before rebooting Between 5:46 and 5:48pm (locat time) there was a consecutive string of 14 errors. All that being said I can't say I experienced any abnormailities other than the usual long restart time. If you have an .evt reader I can send you the event file. I could point out that for many months I had the problem of XP not shutting down. It would reboot or give a stop BSOD message. I haven't had a BSOD for several weeks now. I fixed the reboot at shutdown error by renaming a roxio driver that somehow got on there and remained there after the uninstall. I think the program was likely a recent demo of a very large Roxio Photo Suite. It tended to crash and I had to uninstall. I seem to think the name of the driver was UDFRDR.DLL which M$ suiggested to rename to UDFRDR.OLD. That got rid of the problem. Later I installed Roxio Drag and Drop which was supposed to fix the same issue automatically. I still have the latter installed. It seems to enable me to read RW cd's written with Adaptec Direct to CD software and to copy and paste files to them. I have had BSOD's while running since then but not in the past two weeks. I mention all this in the event that you may want me to unisnall drag 'n drop. Thanks again.


----------



## Cookiegal (Aug 27, 2003)

Did you try what I suggested in my last post?

Please copy and paste the errors to Notepad and then post them here (or attach them).


----------



## archp2007 (Oct 30, 2007)

Hi Cookiegal,
I notice in my root directory that there are a combofix folder with only two files lett in it. I assume that this is the one that I just uninstalled. Thre is another folder called combo-fix (with a hyphen). I believe this is the one that I installed before I started this thread following someone else's thread perhaps on a different forum. You gave me the instructions to uninstall the newer larger version of combofix. Do you have any idea how I might go about uninstalling the other one. I have an idea that it's the other one that has been causing the del /f /s /q index.dat etc. This is still happening, so I'm thinking it must be the former one.
I can do a folder list and paste in here:

Directory of C:\Combo-Fix\

112 file(s)
Total filesize 4045 KB
2 folder(s)
88.82 GB free


----------



## archp2007 (Oct 30, 2007)

I cleared them and saved them from inside Event Viewer as I cleared t them. I expected an .evt extesnion but it was saved without an extension. Is there such a thing as an .evt reader? They are not decipherable in notepad.


----------



## archp2007 (Oct 30, 2007)

sorry are posings are getting out of sync. Yes, of course, I did the combofix unintall as well as uncheck hfxp in msconfig. I will reboot now and copy and paste error by error and paste in here.


----------



## archp2007 (Oct 30, 2007)

First I'll post the screen in event viewer this time. Better this time.


----------



## archp2007 (Oct 30, 2007)

Here are the five error details from bottom to top (chronological)

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/13/2008
Time: 8:23:04 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The FolderProtectService service failed to start due to the following error: 
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/13/2008
Time: 8:23:04 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The ProtexisLicensing service failed to start due to the following error: 
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
------------------------
Event Type:	Error
Event Source:	W3SVC
Event Category:	None
Event ID:	116
Date: 4/13/2008
Time: 8:23:04 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The service metabase path '/LM/W3SVC/' could not be opened. The data is the error code. 
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 00 00 .... 
--------------------------
Event Type:	Error
Event Source:	SMTPSVC
Event Category:	None
Event ID:	116
Date: 4/13/2008
Time: 8:23:04 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The service metabase path '/LM/SMTPSVC/' could not be opened. The data is the error code. 
For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 00 00 .... 
------------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 4/13/2008
Time: 8:23:04 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The World Wide Web Publishing service terminated with the following error: 
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7023
Date: 4/13/2008
Time: 8:23:05 PM
User: N/A
Computer:	HOME-D309DBCB8C
Description:
The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: 
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## archp2007 (Oct 30, 2007)

It looks like the last one is there twice.


----------



## Cookiegal (Aug 27, 2003)

Delete this entire folder:

C:\*Combo-Fix*

Are those the only errors (red) that are showing now?


----------



## archp2007 (Oct 30, 2007)

Those were the only ones there when I cleared the events and rebooted once. That was probably the fewest for awhile. I'll look and see if any have appeared since... There are no events listed since 8:23 pm. It is now 9:01 pm. I have been mostly browsing since.


----------



## archp2007 (Oct 30, 2007)

I deleted that entire folder but the del line still appears after each shutdown/restart. Evidently, there must be some entries in the registry. The last three restarts are identical in event viewer in that for all three there are six errors in a row (presumably all the same six each time).


----------



## archp2007 (Oct 30, 2007)

Hello,
I am down to three errors on reboot now, although one of them appears twice. Folderprotectservice error was removed by uninstalling Spotmau WinCare FlexNet Licensing error no longer appears since I re-enabled reader-sl service in msconfig startup(related to licensing of Adobe Reader 8). The three remaiing are: 

1. The service metabase path '/LM/W3SVC/' could not be opened. (this error occurs under the source W3SV as well as under the Event Source SMTPSVC). 

2. The World Wide Web Publishing service terminated with the following error: 
The system cannot find the path specified. This occurs under the event source Service Control Manager.

3. The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: 
The system cannot find the path specified. The Event Source is also listed as Service Control Manager.


----------



## archp2007 (Oct 30, 2007)

I seem to have a corrupted metabase in IIS. I had a look at this link http://www.iisfaq.com/Default.aspx?tabid=2910 and I ran the command cscript adsutil.vbs enum from inside the C:\Inetpub\Adminscripts folder and it did return the error -2146893792 (0x80090020). I need to restore the metabase. I don't know how to ascertain if there is a backup or not.


----------



## Cookiegal (Aug 27, 2003)

Unfortunately, this is not my area of expertise. I suggest you start a new thread and mention these errors and the IIS error and I'm sure someone will be able to help you.

There's no use moving this thread as there are too many replies already.


----------



## archp2007 (Oct 30, 2007)

Fine. I appreciate all the time that you spend helping me.


----------



## Cookiegal (Aug 27, 2003)

You're welcome and good luck.


----------



## archp2007 (Oct 30, 2007)

Hi Cookiegal,

For the benefit of anyone who could have been following this thread. I just got rid of all the system errors by following the steps outlined in this page: http://support.microsoft.com/?id=271865


----------



## Cookiegal (Aug 27, 2003)

That's great! Thanks for posting back with the solution. :up:


----------

