Windows Explorer malfunction? [Archive] - www.tombraiderforums.com

View Full Version : Windows Explorer malfunction?

stranger1992

21-05-08, 11:56

Hello All.

yesterdays my brother copied a lot of music onto my hardrive (4 GB!) and from now my PC isnt working correctly. Windows Explorer won't stay for much longer then a minute without going away then rebooting itself and it is a real pain. I defrag'd the hard disk after and ran Advanced Windows Care but hasn't made a difference. What could it be? Also none of my start-up items are running (Windows Messenger ect)
------------------------------------------------------
Diagnostic tool developed for www.tombraiderforums.com (http://www.tombraiderforums.com)
------------------------------------------------------
Version : 2.44
Author : Simulation

Select All (Ctrl A) then Copy (Ctrl C) and paste (Ctrl V) the text in Notepad into a reply on the forum.

Operating System

Windows XP Detected

COMMAND.COM
COMMAND.COM has been installed

Autoexec.NT
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

Config.NT
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

Programs Currently Running

Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 240 K
smss.exe 492 Console 0 392 K
csrss.exe 544 Console 0 5,156 K
winlogon.exe 568 Console 0 2,308 K
services.exe 612 Console 0 3,768 K
lsass.exe 624 Console 0 7,600 K
svchost.exe 836 Console 0 5,164 K
svchost.exe 924 Console 0 4,832 K
svchost.exe 992 Console 0 35,980 K
svchost.exe 1088 Console 0 3,668 K
svchost.exe 1172 Console 0 6,784 K
spoolsv.exe 1296 Console 0 5,996 K
AppleMobileDeviceService. 1400 Console 0 2,200 K
mDNSResponder.exe 1436 Console 0 2,912 K
DevSvc.exe 1464 Console 0 5,668 K
command.exe 1480 Console 0 12,440 K
ehrecvr.exe 1684 Console 0 30,548 K
ehSched.exe 1756 Console 0 2,952 K
svchost.exe 1888 Console 0 3,532 K
IAANTMon.exe 1976 Console 0 1,560 K
KService.exe 204 Console 0 13,592 K
netmon.exe 1012 Console 0 2,360 K
nvsvc32.exe 1096 Console 0 4,260 K
HPZipm12.exe 1348 Console 0 1,856 K
PnkBstrA.exe 1456 Console 0 2,536 K
PSIService.exe 1084 Console 0 2,816 K
svchost.exe 1788 Console 0 6,004 K
svchost.exe 1896 Console 0 4,888 K
Tablet.exe 2064 Console 0 2,884 K
TRAISVCS.EXE 2120 Console 0 3,060 K
TabUserW.exe 2196 Console 0 3,288 K
ULCDRSvr.exe 2256 Console 0 924 K
Tablet.exe 2268 Console 0 5,328 K
mcrdsvc.exe 2384 Console 0 3,140 K
wmpnetwk.exe 2496 Console 0 21,724 K
dllhost.exe 3404 Console 0 6,352 K
alg.exe 3636 Console 0 3,648 K
wscntfy.exe 3648 Console 0 3,096 K
Awcl.exe 536 Console 0 49,684 K
ctfmon.exe 2360 Console 0 4,164 K
firefox.exe 2016 Console 0 71,276 K
taskmgr.exe 444 Console 0 5,728 K
explorer.exe 1316 Console 0 26,328 K
imapi.exe 3816 Console 0 4,176 K
diagnose.exe 3184 Console 0 4,900 K
ns11.tmp 348 Console 0 2,424 K
cmd.exe 2772 Console 0 2,668 K
tasklist.exe 2632 Console 0 5,204 K
wmiprvse.exe 3492 Console 0 5,816 K
System Event Log - Warning and Errors Only (last 24hrs)

Event Log from 08:00am on the 20/05/2008
Tomb Raider Game Setup Information

Tomb Raider 1 Installed
TOMB.EXE File Size = 873739 bytes - Glide Emulator version installed by ATR Installer

trai.dat
[TRUB]
TRAIVersion=1.0.6.92
OpticalDevice=D:\
UseGlidos=False
GlidosFolder=Not configured
UseDgVoodoo=True
DgVoodooVersion=140
DgVoodooVDDMode=Not configured
UseVDMSound=True
VDMSoundVersion=2.1.0
VDMSoundFolder=C:\Program Files\VDMSound\
VDMSoundType=Stereo
VDMSoundIRQ=7
SetAffinity=True
DesktopShortcut=Tomb Raider Gold (Glide).VLP
PifShortcut=Not configured
IdlePriority=50
VDDMode=False
[TR1]
TRAIVersion=1.0.6.92
OpticalDevice=D:\
UseGlidos=False
GlidosFolder=Not configured
UseDgVoodoo=True
DgVoodooVersion=140
DgVoodooVDDMode=Not configured
UseVDMSound=True
VDMSoundVersion=2.1.0
VDMSoundFolder=C:\Program Files\VDMSound\
VDMSoundType=Stereo
VDMSoundIRQ=7
SetAffinity=True
DesktopShortcut=Tomb Raider (Glide).VLP
PifShortcut=Not configured
IdlePriority=50
VDDMode=False

hmiset.cfg

[DIGITAL]
DeviceName = Sound Blaster 16/AWE32
DeviceIRQ = 7
DeviceDMA = 1
DevicePort = 0x220
DeviceID = 0xe016

[MIDI]
DeviceName = No MIDI Device
DevicePort = 0xffffffff
DeviceID = 0xffffffff

NTVDM.EXE .COM
NTVDM.EXE has been installed

VDMSound
VDMSound Version = 2.1.0 Installed in C:\Program Files\VDMSound
[SB Controller]
CLSID = EmuSBCompat.SBCompatCtl
Path = EmuSBCompat.dll

[SB Controller.depends]
VDMSrv = VDMServicesProvider
DMACtl = DMA Transfer Manager
WaveOut = SB Wave Player
AdLib = AdLib Controller

[SB Controller.config]
version = 4.15 ; 1.05 for SB1.x, 2.01 for SB2, 3.02 for SBPro, 4.05 for SB16
port = 0x220 ; usually 0x220 (can also be 210, 230, 240, 250, 260 or 280)
IRQ = 7 ; usually 5 or 7
DMA8 = 1 ; usually 1
DMA16 = 5 ; usually 5

;; forceSampleRate = 22050
;; forceNumBits = 16
;; forceChannels = 2

VLP Files on Desktop

Tomb Raider (Glide).VLP
[program]
workdir=C:\Tombraid
params=
executable=C:\Tombraid\TOMB.EXE
icon=C:\TOMBRAID\tr1.ico,0
[winnt.pmode]
useCLIPOPF=no
[winnt.dos]
autoexec=c:\tombraid\sapucdex.exe
useAutoexec=yes
[vdms.midi]
sysExLed=Scroll Lock
[winnt.dosbox]
exitClose=yes
[vdms.gameport]
enabled=no
[winnt.storage]
useCDROM=yes
[winnt.scheduling]
detectIdle=yes
idlePrio=50
compatHWEmu=yes
[vdms.sb.fm]
enabled=no
[winnt.video]
useVESA=yes

Tomb Raider Gold (Glide).VLP
[program]
workdir=C:\Tombraid
params=
executable=C:\Tombraid\TOMBUB.EXE
icon=C:\TOMBRAID\tr1gold.ico,0
[winnt.pmode]
useCLIPOPF=no
[winnt.dos]
autoexec=c:\tombraid\sapucdex.exe
useAutoexec=yes
[vdms.midi]
sysExLed=Scroll Lock
[winnt.dosbox]
exitClose=yes
[vdms.gameport]
enabled=no
[winnt.storage]
useCDROM=yes
[winnt.scheduling]
detectIdle=yes
idlePrio=50
compatHWEmu=yes
[vdms.sb.fm]
enabled=no
[winnt.video]
useVESA=yes

VLP Files in C:\TOMBRAID

tomb.vlp
[program]
workdir=C:\Tombraid
params=
executable=C:\Tombraid\TOMB.EXE
icon=C:\TOMBRAID\tr1.ico,0
[winnt.pmode]
useCLIPOPF=no
[winnt.dos]
autoexec=c:\tombraid\sapucdex.exe
useAutoexec=yes
[vdms.midi]
sysExLed=Scroll Lock
[winnt.dosbox]
exitClose=yes
[vdms.gameport]
enabled=no
[winnt.storage]
useCDROM=yes
[winnt.scheduling]
detectIdle=yes
idlePrio=50
compatHWEmu=yes
[vdms.sb.fm]
enabled=no
[winnt.video]
useVESA=yes

tombub.vlp
[program]
workdir=C:\Tombraid
params=
executable=C:\Tombraid\TOMBUB.EXE
icon=C:\TOMBRAID\tr1gold.ico,0
[winnt.pmode]
useCLIPOPF=no
[winnt.dos]
autoexec=c:\tombraid\sapucdex.exe
useAutoexec=yes
[vdms.midi]
sysExLed=Scroll Lock
[winnt.dosbox]
exitClose=yes
[vdms.gameport]
enabled=no
[winnt.storage]
useCDROM=yes
[winnt.scheduling]
detectIdle=yes
idlePrio=50
compatHWEmu=yes
[vdms.sb.fm]
enabled=no
[winnt.video]
useVESA=yes

Tomb Raider 1 Gold - Unfinished Business Installed
TOMBUB.EXE File Size = 867563 bytes - Glide Emulator version installed

Tomb Raider II Installed
Installed in C:\Program Files\Core Design\Tomb Raider II
Compatibility Layer Enabled = WIN98
Tomb2.exe File Size = 912896 bytes - Tomb Raider Patch v1.1 - Core Design
C:\Program Files\Core Design\Tomb Raider II\winplay.dll - Version 2.0.0.6
C:\WINDOWS\system32\winplay.dll - Version 2.0.0.12
C:\Program Files\Core Design\Tomb Raider II\winstr.dll - Version 2.0.0.4
C:\WINDOWS\system32\winstr.dll - Version 2.0.0.13

Tomb Raider III Installed
Installed in C:\Program Files\Core Design\Tomb Raider III
Compatibility Layer Disabled
Tomb3.exe File Size = 966656 bytes - TombRaiderChronicles Vista/XP Version
C:\Program Files\Core Design\Tomb Raider III\winplay.dll - Version 2.0.0.6
C:\WINDOWS\system32\winplay.dll - Version 2.0.0.12
C:\Program Files\Core Design\Tomb Raider III\winstr.dll - Version 2.0.0.4
C:\WINDOWS\system32\winstr.dll - Version 2.0.0.13

Tomb Raider Level Editor Installed - TRC Vista Installer
Installed in C:\Program Files\TRLE3
Compatibility Layer Disabled
TOMB4.EXE File Size = 794624 bytes - Unknown version (29907878-917725184)

Tomb Raider: Anniversary Installed
Properties Version 1.0
Installed in C:\Program Files\Tomb Raider - Anniversary
tra.exe File Size = 9369752 bytes - Version - Original Version (1.0)

Registry Settings
Full Install - True
Version 256
Language - English
EAXSupport Disabled
Combat Mode.................... Manual
Disable 32Bit Textures......... Off
Disable Driver Management...... Off
Disable Dynamic Textures....... On
Disable Hardware DXTC.......... Off
Disable Hardware Shadow Maps... Off
Disable Hardware VP............ Off
Disable Non Pow2 Textures...... Off
Disable Null Render Targets.... Off
Dont Defer Shader Creation..... Off
Enable Depth Of Field.......... On
Enable FSAA.................... 2xAA
Enable Full screen Effects..... On
EnableReflection............... On
Enable Shadows................. On
Enable VSync................... On
Enable Water FX................ On
Full screen.................... On
UseD3DFPUPreserve.............. Off
Use Low Res Depth Of Field..... Off
Use Ref Device................. Off
Use Shader20................... Off
Use Shader30................... On
DirectX Diagnostics Report

------------------
System Information
------------------
Time of this report: 5/21/2008, 12:55:48
Machine name: DESKTOPSTAIRS
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp.080413-2111)
Language: English (Regional Setting: English)
System Manufacturer: INTELR
System Model: AWRDACPI
BIOS: Phoenix - AwardBIOS v6.00PG
Processor: Intel(R) Pentium(R) D CPU 3.40GHz (2 CPUs)
Memory: 2048MB RAM
Page File: 377MB used, 3559MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: NVIDIA GeForce 7950 GT
Manufacturer: NVIDIA
Chip type: GeForce 7950 GT
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_0295&SUBSYS_2A68107D&REV_A1
Display Memory: 256.0 MB
Current Mode: 1280 x 1024 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: nv4_disp.dll
Driver Version: 6.14.0011.7516 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 5/2/2008 22:46:00, 6108160 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: nv4_mini.sys
Mini VDD Date: 5/2/2008 22:46:00, 6554496 bytes
Device Identifier: {D7B71E3E-41D5-11CF-916E-630A00C2CB35}
Vendor ID: 0x10DE
Device ID: 0x0295
SubSys ID: 0x2A68107D
Revision ID: 0x00A1
Revision ID: 0x00A1
Video Accel: ModeMPEG2_A ModeMPEG2_B ModeMPEG2_C ModeMPEG2_D ModeWMV9_B ModeWMV9_A
Deinterlace Caps: {6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: Realtek HD Audio output
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_1019E601&REV_1008
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: RtkHDAud.sys
Driver Version: 5.10.0000.5591 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 3/26/2008 18:37:26, 4713472 bytes
Other Files:
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: Yes, Yes
I3DL2(tm) Listen/Src: Yes, Yes
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: Realtek HDA Primary input
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: RtkHDAud.sys
Driver Version: 5.10.0000.5591 (English)
Driver Attributes: Final Retail
Date and Size: 3/26/2008 18:37:26, 4713472 bytes
Cap Flags: 0x0
Format Flags: 0x0

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Wacom Virtual Hid Driver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x056A, 0x1001
FF Driver: n/a

Device Name: Wacom Virtual Hid Driver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x056A, 0x1001
FF Driver: n/a

Device Name: Wacom Virtual Hid Driver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x056A, 0x1001
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x27C9
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 4/14/2008 00:15:38, 59520 bytes
| Driver: usbd.sys, 8/10/2004 13:00:00, 4736 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 4/14/2008 00:48:02, 52480 bytes
| Driver: kbdclass.sys, 4/14/2008 00:09:48, 24576 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 4/14/2008 05:43:22, 40840 bytes
| Driver: kbdclass.sys, 4/14/2008 00:09:48, 24576 bytes
|
+ Microsoft PS/2 Port Mouse (IntelliPoint)
| Matching Device ID: *pnp0f13
| Upper Filters: Point32
| Service: i8042prt
| Driver: i8042prt.sys, 4/14/2008 00:48:02, 52480 bytes
| Driver: mouclass.sys, 4/14/2008 00:09:48, 23040 bytes
| Driver: point32.sys, 11/8/2006 08:02:34, 21760 bytes
|
+ Wacom Mouse
| Matching Device ID: hid\wacomvirtualhid&col03
| Upper Filters: wacommousefilter
| Service: mouhid
| Driver: mouhid.sys, 8/17/2001 14:48:00, 12160 bytes
| Driver: mouclass.sys, 4/14/2008 00:09:48, 23040 bytes
| Driver: wacommousefilter.sys, 2/16/2007 20:12:36, 11312 bytes
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 4/14/2008 05:43:22, 40840 bytes
| Driver: mouclass.sys, 4/14/2008 00:09:48, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Serial Service Provider: COM1
DirectPlay8 Serial Service Provider: COM3
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 202.3 GB
Total Space: 281.5 GB
File System: NTFS
Model: Maxtor 6V300F0

Drive: D:
Model: PHILIPS DVDR1660P1
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/14/2008 00:10:48, 62976 bytes

--------------
System Devices
--------------
Name: Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_1B761019&REV_01\3&2411E6FE&0&FB
Driver: n/a

Name: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_1B761019&REV_01\3&2411E6FE&0&D8
Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 4/13/2008 22:06:06, 144384 bytes

Name: Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0
Device ID: PCI\VEN_8086&DEV_27D0&SUBSYS_00000000&REV_01\3&2411E6FE&0&E0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 00:06:46, 68224 bytes

Name: Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
Device ID: PCI\VEN_8086&DEV_27CC&SUBSYS_1B761019&REV_01\3&2411E6FE&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:36, 30208 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 05:42:10, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 59520 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/14/2008 05:41:56, 7168 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB
Device ID: PCI\VEN_8086&DEV_27CB&SUBSYS_1B761019&REV_01\3&2411E6FE&0&EB
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:36, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 05:42:10, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 59520 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA
Device ID: PCI\VEN_8086&DEV_27CA&SUBSYS_1B761019&REV_01\3&2411E6FE&0&EA
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:36, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 05:42:10, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 59520 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9
Device ID: PCI\VEN_8086&DEV_27C9&SUBSYS_1B761019&REV_01\3&2411E6FE&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:36, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 05:42:10, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 59520 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8
Device ID: PCI\VEN_8086&DEV_27C8&SUBSYS_1B761019&REV_01\3&2411E6FE&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:36, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 05:42:10, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:38, 59520 bytes

Name: Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0
Device ID: PCI\VEN_8086&DEV_27C0&SUBSYS_1B761019&REV_01\3&2411E6FE&0&FA
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/10/2004 13:00:00, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.5512 (English), 4/14/2008 00:10:30, 24960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.5512 (English), 4/14/2008 00:10:32, 96512 bytes

Name: Intel(R) 82801GH (ICH7DH) LPC Interface Controller - 27B0
Device ID: PCI\VEN_8086&DEV_27B0&SUBSYS_00000000&REV_01\3&2411E6FE&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/14/2008 00:06:42, 37248 bytes

Name: Intel(R) 945G/GZ/P/PL PCI Express Root Port - 2771
Device ID: PCI\VEN_8086&DEV_2771&SUBSYS_00000000&REV_81\3&2411E6FE&0&08
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 00:06:46, 68224 bytes

Name: Intel(R) 945G/GZ/P/PL Processor to I/O Controller - 2770
Device ID: PCI\VEN_8086&DEV_2770&SUBSYS_00000000&REV_81\3&2411E6FE&0&00
Driver: n/a

Name: Intel(R) 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_E1\3&2411E6FE&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 00:06:46, 68224 bytes

Name: Intel(R) Active Management Technology - SOL (COM3)
Device ID: PCI\VEN_8086&DEV_108F&SUBSYS_00001019&REV_03\4&1B41B794&0&03E0
Driver: n/a

Name: Intel(R) Active Management Technology - KCS
Device ID: PCI\VEN_8086&DEV_108E&SUBSYS_00001019&REV_03\4&1B41B794&0&04E0
Driver: C:\WINDOWS\system32\DRIVERS\IAMTXP.sys, 1.01.0024.0000 (English), 8/21/2005 00:31:58, 38528 bytes
Driver: C:\WINDOWS\system32\IAMT.din, 6/29/2005 03:57:00, 2570 bytes

Name: Standard Dual Channel PCI IDE Controller
Device ID: PCI\VEN_8086&DEV_108D&SUBSYS_00001019&REV_03\4&1B41B794&0&02E0
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.5512 (English), 4/14/2008 00:10:30, 24960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.5512 (English), 4/14/2008 00:10:32, 96512 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/10/2004 13:00:00, 3328 bytes

Name: Intel(R) PRO/1000 PM Network Connection
Device ID: PCI\VEN_8086&DEV_108C&SUBSYS_1B761019&REV_03\4&1B41B794&0&00E0
Driver: C:\WINDOWS\system32\DRIVERS\e1e5132.sys, 9.02.0024.0000 (English), 9/14/2005 10:24:08, 179200 bytes
Driver: C:\WINDOWS\system32\Prounstl.exe, 8.00.0007.0000 (English), 6/15/2005 06:27:42, 126976 bytes
Driver: C:\WINDOWS\system32\e1e5132.din, 7/13/2005 10:06:44, 2790 bytes
Driver: C:\WINDOWS\system32\NicCo32.dll, 1.00.0005.0000 (English), 6/14/2005 15:08:42, 20480 bytes
Driver: C:\WINDOWS\system32\NicIn32.dll, 9.00.0002.0000 (English), 5/19/2005 00:28:12, 21504 bytes
Driver: C:\WINDOWS\system32\e1000msg.dll, 8.06.0010.0000 (English), 7/6/2005 09:12:00, 163840 bytes
Driver: C:\WINDOWS\system32\EtCo32.dll, 2.02.0001.0000 (English), 6/23/2005 03:59:00, 17408 bytes

Name: 802.11g PCI Turbo Wireless Adapter
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_B8341462&REV_00\4&1AF1648C&0&10F0
Driver: C:\WINDOWS\system32\DRIVERS\rt61.sys, 1.01.0000.0000 (English), 3/9/2006 11:33:22, 366080 bytes

Name: Conexant 2388x AVStream TS Capture (DVB-T)
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_49131554&REV_05\4&1AF1648C&0&1AF0
Driver: n/a

Name: Conexant 2388x Audio Capture
Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_49131554&REV_05\4&1AF1648C&0&19F0
Driver: C:\WINDOWS\system32\kstvtune.ax, 5.03.2600.5512 (English), 4/14/2008 05:42:44, 61952 bytes
Driver: C:\WINDOWS\system32\ksxbar.ax, 5.03.2600.5512 (English), 4/14/2008 05:42:44, 43008 bytes
Driver: C:\WINDOWS\system32\kswdmcap.ax, 5.03.2600.5512 (English), 4/14/2008 05:42:44, 91136 bytes
Driver: C:\WINDOWS\system32\vidcap.ax, 5.01.2600.5512 (English), 4/14/2008 05:42:44, 28672 bytes
Driver: C:\WINDOWS\system32\vfwwdm32.dll, 5.01.2600.5512 (English), 4/14/2008 05:42:10, 53760 bytes
Driver: C:\WINDOWS\system32\iyuv_32.dll, 5.01.2600.5512 (English), 4/14/2008 05:41:56, 47616 bytes
Driver: C:\WINDOWS\system32\msh263.drv, 5.01.2600.5512 (English), 4/14/2008 05:42:46, 294912 bytes
Driver: C:\WINDOWS\system32\msyuv.dll, 5.03.2600.5512 (English), 4/14/2008 05:42:02, 16896 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.5512 (English), 4/14/2008 00:15:16, 60160 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.5512 (English), 4/14/2008 00:49:42, 146048 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.5512 (English), 4/14/2008 00:15:16, 49408 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.5512 (English), 4/14/2008 05:42:46, 23552 bytes
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.5512 (English), 4/14/2008 05:41:58, 4096 bytes
Driver: C:\WINDOWS\system32\tsbyuv.dll, 5.01.2600.0000 (English), 8/17/2001 23:36:34, 8192 bytes
Driver: C:\WINDOWS\system32\drivers\cxavsaud.sys, 4.00.0112.0000 (English), 10/25/2005 02:56:00, 11008 bytes

Name: Conexant 2388x Video Capture (PAL/DVB-T)
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_49131554&REV_05\4&1AF1648C&0&18F0
Driver: n/a

Name: VIA OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_1106&DEV_3044&SUBSYS_30441106&REV_80\4&1AF1648C&0&20F0
Driver: C:\WINDOWS\system32\DRIVERS\ohci1394.sys, 5.01.2600.5512 (English), 4/14/2008 00:16:20, 61696 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394bus.sys, 5.01.2600.5512 (English), 4/14/2008 00:16:20, 53376 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys, 5.01.2600.5512 (English), 4/14/2008 00:21:26, 61824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys, 5.01.2600.5512 (English), 4/14/2008 00:21:26, 60800 bytes
Driver: C:\WINDOWS\system32\DRIVERS\enum1394.sys, 5.01.2600.0000 (English), 8/17/2001 21:46:40, 6400 bytes

Name: NVIDIA GeForce 7950 GT
Device ID: PCI\VEN_10DE&DEV_0295&SUBSYS_2A68107D&REV_A1\4&11C8B129&0&0008
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 6554496 bytes
Driver: C:\WINDOWS\system32\nv4_disp.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 6108160 bytes
Driver: C:\WINDOWS\system32\nvsvc32.exe, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 159812 bytes
Driver: C:\WINDOWS\system32\nvapi.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 425984 bytes
Driver: C:\WINDOWS\system32\nvcuda.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 1241088 bytes
Driver: C:\WINDOWS\system32\nvoglnt.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 8769536 bytes
Driver: C:\WINDOWS\system32\nvcpl.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 13529088 bytes
Driver: C:\WINDOWS\system32\nvmctray.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 86016 bytes
Driver: C:\WINDOWS\system32\nvwddi.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 81920 bytes
Driver: C:\WINDOWS\system32\nvnt4cpl.dll, 6.14.0010.11173 (English), 5/2/2008 22:46:00, 286720 bytes
Driver: C:\WINDOWS\system32\nvmccs.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 229376 bytes
Driver: C:\WINDOWS\system32\nvdisps.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 6582272 bytes
Driver: C:\WINDOWS\system32\nvgames.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 3391488 bytes
Driver: C:\WINDOWS\system32\nvmccss.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 188416 bytes
Driver: C:\WINDOWS\system32\nvmobls.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 1257472 bytes
Driver: C:\WINDOWS\system32\nvvitvs.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 3776512 bytes
Driver: C:\WINDOWS\system32\nvwss.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 2629632 bytes
Driver: C:\WINDOWS\help\nvcpl.hlp, 5/2/2008 22:46:00, 177897 bytes
Driver: C:\WINDOWS\help\nvwcplen.hlp, 5/2/2008 22:46:00, 55444 bytes
Driver: C:\WINDOWS\system32\nvcod.dll, 1.03.0000.0014 (English), 5/2/2008 22:46:00, 41984 bytes
Driver: C:\WINDOWS\system32\nvcodins.dll, 1.03.0000.0014 (English), 5/2/2008 22:46:00, 41984 bytes

------------------

EscondeR

21-05-08, 12:16

Copied from Flash or external HDD I presume... :rolleyes:

You most likely have a virus.
1. Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report here.

2. Reboot in the Safe Mode and run full system antivirus scan (I recommend Kaspersky Antivirus (http://www.kaspersky.com)).

3. In Safe Mode:
Go to Start > Run, type in "regedit" w/o quotes, press Enter. In Regedit go to:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\W inlogon
this section contains Userinit key.
Make sure the key contains only C:\WINDOWS\system32\userinit.exe,. Delete all extra links from that key if any.

If errors still occur, then most likely you'll need to boot from Windows Installation CD, use Windows Recovery Console and perform the task above.

stranger1992

21-05-08, 12:21

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------

Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]

Program:
"ATI Smart"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ATI Smart
Program path & name:
c:\windows\system32\ati2sgag.exe"
Enabled: [V]

Program:
"Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence
Publisher:
so that users can discover and use those services without any unnecessary manual setup or administration."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Not verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]

Program:
"Manages device arrival and removal event. This service is provided by InterVideo."
Publisher:
"(Verified) Intervideo Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Capture Device Service
Program path & name:
"c:\program files\common files\intervideo\deviceservice\devsvc.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cmdService
Program path & name:
c:\windows\rgfuawvs\command.exe"
Enabled: [V]

Program:
"Intel® Quick Resume Technology Drivers"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELService
Program path & name:
"c:\program files\intel\inteldh\intel(r) quick resume technology\elservice.exe"
Enabled: [V]

Program:
"RAID Monitor"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IAANTMon
Program path & name:
"c:\program files\intel\intel matrix storage manager\iaantmon.exe"
Enabled: [V]

Program:
"Delivery Manager Service"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
KService
Program path & name:
"c:\program files\kontiki\kservice.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Network Monitor
Program path & name:
c:\program files\network monitor\netmon.exe"
Enabled: [V]

Program:
"PML Driver"
Publisher:
"(Not verified) HP"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Pml Driver HPZ12
Program path & name:
"c:\windows\system32\hpzipm12.exe"
Enabled: [V]

Program:
"PunkBuster Service Component [v1029] http://www.evenbalance.com"
Publisher:
"(Verified) Even Balance Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PnkBstrA
Program path & name:
"c:\windows\system32\pnkbstra.exe"
Enabled: [V]

Program:
"Protexis Licensing Service"
Publisher:
"(Verified) Corel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ProtexisLicensing
Program path & name:
"c:\windows\system32\psiservice.exe"
Enabled: [V]

Program:
"WacomService"
Publisher:
"(Verified) Wacom Technology Corp."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TabletService
Program path & name:
"c:\windows\system32\tablet.exe"
Enabled: [V]

Program:
"Monitors Tomb Raider + Gold executables that runs under NTVDM process. On multiprocessor systems sets the CPU affinity to first processor only to avoid game freezing and savegame corruptions."
Publisher:
"(Not verified) RatkovicDesign"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TraiHelper
Program path & name:
"c:\tombraid\traisvcs.exe"
Enabled: [V]

Program:
"ULCDRSvr"
Publisher:
"(Verified) Ulead Systems Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
UleadBurningHelper
Program path & name:
"c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe"
Enabled: [V]

Program:
"AEGIS Protocol (IEEE 802.1x) v3.4.3.0"
Publisher:
"(Not verified) Meetinghouse Data Communications"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AegisP
Program path & name:
"c:\windows\system32\drivers\aegisp.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELhid
Program path & name:
"c:\windows\system32\drivers\elhid.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELkbd
Program path & name:
"c:\windows\system32\drivers\elkbd.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELmon
Program path & name:
"c:\windows\system32\drivers\elmon.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELmou
Program path & name:
"c:\windows\system32\drivers\elmou.sys"
Enabled: [V]

Program:
"CD DVD Filter"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]

Program:
"Multimedia Home Network component driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MHNDRV
Program path & name:
"c:\windows\system32\drivers\mhndrv.sys"
Enabled: [V]

Program:
"NVIDIA® nForce(TM) IDE Performance Driver"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nvata
Program path & name:
"c:\windows\system32\drivers\nvata.sys"
Enabled: [V]

Program:
"NVIDIA® nForce(TM) IDE Performance Driver"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nvatabus
Program path & name:
"c:\windows\system32\drivers\nvatabus.sys"
Enabled: [V]

Program:
"NVIDIA® nForce(TM) RAID Driver"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nvraid
Program path & name:
"c:\windows\system32\drivers\nvraid.sys"
Enabled: [V]

Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RivaTuner32
Program path & name:
c:\program files\rivatuner v2.08\rivatuner32.sys"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
usbbus
Program path & name:
File not found: system32\DRIVERS\lgusbbus.sys"
Enabled: [V]

Program:
"LGE Mobile Modem Support"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
USBModem
Program path & name:
File not found: system32\DRIVERS\lgusbmodem.sys"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
urqQklKd
Program path & name:
c:\windows\system32\urqqklkd.dll"
Enabled: [V]

Program:
"Standard TCP/IP Port Monitor DLL"
Publisher:
"(Not verified) Hewlett Packard"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
HP Standard TCP/IP Port
Program path & name:
"c:\windows\system32\hptcpmon.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\wvUmMFur
Program path & name:
c:\windows\system32\wvummfur.dll"
Enabled: [V]

Program:
"Recguard MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Recguard
Program path & name:
c:\windows\sminst\recguard.exe"
Enabled: [V]

Program:
"Event Monitor User Notification Tool"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
IAAnotif
Program path & name:
"c:\program files\intel\intel matrix storage manager\iaanotif.exe"
Enabled: [V]

Program:
"NVIDIA nView Wizard
Publisher:
Version 111.73 "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
nwiz
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nwiz.exe"
Enabled: [V]

Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
Enabled: [V]

Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_05\bin\jusched.exe"
Enabled: [V]

Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]

Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]

Program:
"hpwuSchd Application"
Publisher:
"(Verified) Hewlett-Packard Company"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Software Update
Program path & name:
"c:\program files\hp\hp software update\hpwuschd2.exe"
Enabled: [V]

Program:
"Application Launcher"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Sony Ericsson PC Suite
Program path & name:
c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe"
Enabled: [V]

Program:
"Ulead VideoStudio"
Publisher:
"(Verified) Ulead Systems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
UVS11 Preload
Program path & name:
"c:\program files\ulead systems\ulead videostudio 11\uvpl.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LSA Shellu
Program path & name:
c:\documents and settings\daniel\lsass.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
runner1
Program path & name:
c:\windows\mrofinu1000106.exe"
Enabled: [V]

Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]

Program:
" "
Publisher:
"(Not verified) "
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
FreeventsSchedule.lnk
Program path & name:
"c:\freevents\freeventsschedule.exe"
Enabled: [V]

Program:
"HP Digital Imaging Monitor"
Publisher:
"(Verified) Hewlett-Packard Company"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
HP Digital Imaging Monitor.lnk
Program path & name:
"c:\program files\hp\digital imaging\bin\hpqtra08.exe"
Enabled: [V]

Program:
"HP Photosmart Premier"
Publisher:
"(Not verified) Hewlett-Packard Development Company L.P."
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
HP Photosmart Premier Fast Start.lnk
Program path & name:
"c:\program files\hp\digital imaging\bin\hpqthb08.exe"
Enabled: [V]

Program:
"tray Module"
Publisher:
N/A
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Start DonorLink System Tray App.lnk
Program path & name:
c:\documents and settings\all users\application data\ipd\tray.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
updateMgr
Program path & name:
File not found: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9"
Enabled: [V]

Program:
"Delivery Manager"
Publisher:
"(Verified) Kontiki Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
kdx
Program path & name:
"c:\program files\kontiki\khost.exe"
Enabled: [V]

Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]

Program:
"Toolbar Helper"
Publisher:
"(Verified) proDmedia ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IP
Program path & name:
"c:\documents and settings\all users\application data\ipd\ipb.dll"
Enabled: [V]

Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{17139755-84DE-4693-BD16-9B2B0CDEB6F0}
Program path & name:
c:\windows\system32\wvummfur.dll"
Enabled: [V]

Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_05\bin\ssv.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{8A290466-39BD-419B-93DB-0E9599506654}
Program path & name:
c:\windows\system32\urqqklkd.dll"
Enabled: [V]

Program:
"InternetSoftware"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
InternetSoftware
Program path & name:
c:\program files\internetsoftware\internetsoftware-2.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
urqqklkd.dll
Program path & name:
c:\windows\system32\urqqklkd.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]

Program:
"ShellvRTF"
Publisher:
"(Not verified) XSS"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
SampleView
Program path & name:
"c:\windows\system32\shellvrtf.dll"
Enabled: [V]

Program:
"ACE Context Menu"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
c:\program files\ati technologies\ati.ace\atiacmxx.dll"
Enabled: [V]

Program:
"Portable Media Devices Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Portable Media Devices
Program path & name:
"c:\windows\system32\audiodev.dll"
Enabled: [V]

Program:
"Portable Media Devices Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Portable Media Devices Menu
Program path & name:
"c:\windows\system32\audiodev.dll"
Enabled: [V]

Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]

Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]

Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
nView Desktop Context Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]

Program:
"Hex Editor Shell Extension Module"
Publisher:
"(Not verified) HHD Software"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Hex Editor Shell Extension
Program path & name:
"c:\program files\hhd software\hex editor 3.x\heshell.dll"
Enabled: [V]

Program:
"ddsView Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ddsExtractor Class
Program path & name:
c:\program files\nvidia corporation\dds thumbnail viewer\ddsview.dll"
Enabled: [V]

Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]

Program:
"VDMSound LaunchPad Shell Extension"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
VDMSound LaunchPad
Program path & name:
c:\program files\vdmsound\launchpad.dll"
Enabled: [V]

Program:
"dBShell Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
dBpowerAMP Music Converter 1
Program path & name:
c:\program files\illustrate\dbpoweramp\dbshell.dll"
Enabled: [V]

Program:
"dMCShell Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
dBpowerAMP Music Converter
Program path & name:
c:\program files\illustrate\dbpoweramp\dmcshell.dll"
Enabled: [V]

Program:
"Explorer browser application for mobile devices."
Publisher:
"(Not verified) Popwire AB"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Sony Ericsson File Manager
Program path & name:
"c:\program files\sony ericsson\mobile2\file manager\fm.dll"
Enabled: [V]

Program:
"Explorer browser application for mobile devices."
Publisher:
"(Not verified) Popwire AB"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Sony Ericsson File Manager
Program path & name:
"c:\program files\sony ericsson\mobile2\file manager\fm.dll"
Enabled: [V]

Program:
"USIShex Module"
Publisher:
"(Verified) Ulead Systems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Ulead UDF Driver
Program path & name:
"c:\program files\common files\ulead systems\dvd\usishex.dll"
Enabled: [V]

Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]

EscondeR

21-05-08, 12:35

1. Download Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)
2. Boot in the Safe Mode, run Autoruns and kill those entries:

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cmdService
Program path & name:
c:\windows\rgfuawvs\command.exe"
Enabled: [V] - VIRUS!

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Network Monitor
Program path & name:
c:\program files\network monitor\netmon.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
usbbus
Program path & name:
File not found: system32\DRIVERS\lgusbbus.sys"
Enabled: [V]

Program:
"LGE Mobile Modem Support"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
USBModem
Program path & name:
File not found: system32\DRIVERS\lgusbmodem.sys"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
urqQklKd
Program path & name:
c:\windows\system32\urqqklkd.dll"
Enabled: [V] - VIRUS!

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\wvUmMFur
Program path & name:
c:\windows\system32\wvummfur.dll"
Enabled: [V]

Program:
"Recguard MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Recguard
Program path & name:
c:\windows\sminst\recguard.exe"
Enabled: [V]

Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_05\bin\jusched.exe"
Enabled: [V]

Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
LSA Shellu
Program path & name:
c:\documents and settings\daniel\lsass.exe"
Enabled: [V] - VIRUS!

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
runner1
Program path & name:
c:\windows\mrofinu1000106.exe"
Enabled: [V] - VIRUS!

Program:
" "
Publisher:
"(Not verified) "
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
FreeventsSchedule.lnk
Program path & name:
"c:\freevents\freeventsschedule.exe"
Enabled: [V]

Program:
"tray Module"
Publisher:
N/A
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Start DonorLink System Tray App.lnk
Program path & name:
c:\documents and settings\all users\application data\ipd\tray.exe"
Enabled: [V] - MALWARE!

Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
updateMgr
Program path & name:
File not found: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9"
Enabled: [V]

Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]

Program:
"Toolbar Helper"
Publisher:
"(Verified) proDmedia ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IP
Program path & name:
"c:\documents and settings\all users\application data\ipd\ipb.dll"
Enabled: [V] - MALWARE!

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{17139755-84DE-4693-BD16-9B2B0CDEB6F0}
Program path & name:
c:\windows\system32\wvummfur.dll"
Enabled: [V] - most likely VIRUS!

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{8A290466-39BD-419B-93DB-0E9599506654}
Program path & name:
c:\windows\system32\urqqklkd.dll"
Enabled: [V] - most likely VIRUS!

Program:
"InternetSoftware"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
InternetSoftware
Program path & name:
c:\program files\internetsoftware\internetsoftware-2.dll"
Enabled: [V] - MALWARE!

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
urqqklkd.dll
Program path & name:
c:\windows\system32\urqqklkd.dll"
Enabled: [V] - most likely VIRUS!

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]

Program:
"ShellvRTF"
Publisher:
"(Not verified) XSS"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
SampleView
Program path & name:
"c:\windows\system32\shellvrtf.dll"
Enabled: [V]

Ensure you have unchecked and/or delete all mentioned entries!

3. Reboot in Normal Mode and run ARDiag.exe again, post new report then.

stranger1992

23-05-08, 09:38

oaky I have remastered the PC and backed up my data. Then I downloaded and isntalled AVF and ran a virus scan that got a lot of viruses off the PC even after it was wiped. I then scaned the external hardrive and again a lot of viruses were on that. Things were working fine last night but this morning windows explorer was simply not staying up and tbh I am really getting frustrated. I did another virus scan today and rebooted but still has the problem.

------------------------------------------------------
Diagnostic tool developed for www.tombraiderforums.com
------------------------------------------------------
Version : 2.44
Author : Simulation

Select All (Ctrl A) then Copy (Ctrl C) and paste (Ctrl V) the text in Notepad into a reply on the forum.

Operating System

Windows XP Detected

COMMAND.COM
COMMAND.COM has been installed

Autoexec.NT
@echo off
lh %SystemRoot%\system32\mscdexnt.exe
lh %SystemRoot%\system32\redir
lh %SystemRoot%\system32\dosx
SET BLASTER=A220 I5 D1 P330 T3

Config.NT
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40

Programs Currently Running

Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 280 K
smss.exe 760 Console 0 388 K
csrss.exe 820 Console 0 3,864 K
winlogon.exe 844 Console 0 2,220 K
services.exe 928 Console 0 6,316 K
lsass.exe 940 Console 0 9,032 K
svchost.exe 1148 Console 0 6,828 K
svchost.exe 1228 Console 0 6,556 K
svchost.exe 1376 Console 0 23,716 K
svchost.exe 1516 Console 0 5,112 K
svchost.exe 1612 Console 0 5,332 K
spoolsv.exe 1864 Console 0 6,496 K
AppleMobileDeviceService. 2008 Console 0 1,964 K
avgwdsvc.exe 208 Console 0 9,304 K
mDNSResponder.exe 2040 Console 0 2,684 K
ehrecvr.exe 1360 Console 0 24,444 K
ehSched.exe 1620 Console 0 2,688 K
IAANTMon.exe 1920 Console 0 1,340 K
nvsvc32.exe 388 Console 0 4,072 K
PSIService.exe 784 Console 0 2,732 K
svchost.exe 1288 Console 0 5,628 K
svchost.exe 1508 Console 0 6,156 K
avgrsx.exe 1748 Console 0 36,496 K
mcrdsvc.exe 524 Console 0 3,084 K
avgemc.exe 2800 Console 0 428 K
alg.exe 3500 Console 0 5,360 K
dllhost.exe 3532 Console 0 7,992 K
wscntfy.exe 3612 Console 0 2,048 K
taskmgr.exe 3988 Console 0 1,856 K
firefox.exe 2584 Console 0 49,480 K
msnmsgr.exe 2052 Console 0 51,332 K
diagnose.exe 2276 Console 0 3,420 K
ns8.tmp 3748 Console 0 944 K
cmd.exe 2504 Console 0 1,392 K
tasklist.exe 2912 Console 0 6,136 K
wmiprvse.exe 3076 Console 0 7,472 K

System Event Log - Warning and Errors Only (last 24hrs)

Event Log from 08:00am on the 22/05/2008
------------------------------------------------------------------------------
Listing the events in 'system' log of host 'DOWNSTAIRS'
------------------------------------------------------------------------------
Type Event Date Time Source ComputerName Category User Description
------------- ------ ------------------------ ----------------- -------------- --------------- -------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
warning 2504 23/05/2008 07:12:15 Server DOWNSTAIRS None N/A The server could not bind to the transport \Device\NetBT_Tcpip_{6D5A5A54-C01E-4497-A056-A23DC01E4E84}.
warning 1007 23/05/2008 07:12:09 Dhcp DOWNSTAIRS None N/A Your computer has automatically configured the IP address for the Network Card with network address 0016ECAE21D0. The IP address being used is 169.254.65.153.
error 7023 23/05/2008 07:12:04 Service Control M DOWNSTAIRS None N/A The Intel© Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
warning 1003 23/05/2008 07:12:02 Dhcp DOWNSTAIRS None N/A Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016ECAE21D0. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
error 7000 23/05/2008 07:11:58 Service Control M DOWNSTAIRS None N/A The Network Monitor service failed to start due to the following error: The system cannot find the file specified.
warning 4226 23/05/2008 00:41:03 Tcpip DOWNSTAIRS None N/A TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
warning 4226 22/05/2008 23:05:16 Tcpip DOWNSTAIRS None N/A TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
error 10010 22/05/2008 19:29:37 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.
error 10005 22/05/2008 15:47:02 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 15:46:51 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 15:46:41 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 15:46:29 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
warning 27 22/05/2008 14:45:06 e1express DOWNSTAIRS None N/A Intel(R) PRO/1000 PM Network Connection Link has been disconnected.
error 7023 22/05/2008 13:20:54 Service Control M DOWNSTAIRS None N/A The Intel© Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
error 7000 22/05/2008 13:20:48 Service Control M DOWNSTAIRS None N/A The Network Monitor service failed to start due to the following error: Access is denied.
error 10005 22/05/2008 12:19:54 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 12:19:43 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 12:19:33 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 12:19:22 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 1002 22/05/2008 12:18:24 Dhcp DOWNSTAIRS None N/A The IP address lease 192.168.0.4 for the Network Card with network address 0016ECAE21D0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
warning 27 22/05/2008 12:18:10 e1express DOWNSTAIRS None N/A Intel(R) PRO/1000 PM Network Connection Link has been disconnected.
error 10005 22/05/2008 11:37:31 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 11:37:21 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 11:37:10 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 22/05/2008 11:36:59 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 7023 22/05/2008 11:35:43 Service Control M DOWNSTAIRS None N/A The Intel© Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
error 10005 23/05/2008 07:20:20 DCOM DOWNSTAIRS None DOWNSTAIRS\Ben DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 23/05/2008 07:20:31 DCOM DOWNSTAIRS None DOWNSTAIRS\Ben DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 23/05/2008 07:20:42 DCOM DOWNSTAIRS None DOWNSTAIRS\Ben DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 23/05/2008 07:20:52 DCOM DOWNSTAIRS None DOWNSTAIRS\Ben DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 7000 23/05/2008 09:50:27 Service Control M DOWNSTAIRS None N/A The Network Monitor service failed to start due to the following error: The system cannot find the file specified.
error 7023 23/05/2008 09:50:32 Service Control M DOWNSTAIRS None N/A The Intel© Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
error 7000 23/05/2008 10:28:27 Service Control M DOWNSTAIRS None N/A The Network Monitor service failed to start due to the following error: The system cannot find the file specified.
error 7023 23/05/2008 10:28:32 Service Control M DOWNSTAIRS None N/A The Intel© Quick Resume Technology Drivers service terminated with the following error: The system could not find the environment option that was entered.
error 10005 23/05/2008 10:33:22 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 23/05/2008 10:33:34 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 23/05/2008 10:33:44 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
error 10005 23/05/2008 10:33:55 DCOM DOWNSTAIRS None DOWNSTAIRS\Daniel DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
------------------------------------------------------------------------------
Listing the events in 'application' log of host 'DOWNSTAIRS'
------------------------------------------------------------------------------
Type Event Date Time Source ComputerName Category User Description
------------- ------ ------------------------ ----------------- -------------- --------------- -------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
error 1000 23/05/2008 01:37:36 Application Error DOWNSTAIRS None N/A Faulting application tomb4.exe, version 0.0.0.0, faulting module tomb4.exe, version 0.0.0.0, fault address 0x00050ba3.
error 1000 23/05/2008 01:38:08 Application Error DOWNSTAIRS None N/A Faulting application tomb4.exe, version 0.0.0.0, faulting module tomb4.exe, version 0.0.0.0, fault address 0x00050ba3.
error 1000 23/05/2008 01:38:28 Application Error DOWNSTAIRS None N/A Faulting application tomb4.exe, version 0.0.0.0, faulting module tomb4.exe, version 0.0.0.0, fault address 0x00050ba3.
error 1000 23/05/2008 01:38:58 Application Error DOWNSTAIRS None N/A Faulting application tomb4.exe, version 0.0.0.0, faulting module tomb4.exe, version 0.0.0.0, fault address 0x0004263a.
error 1000 23/05/2008 01:39:15 Application Error DOWNSTAIRS None N/A Faulting application tomb4.exe, version 0.0.0.0, faulting module tomb4.exe, version 0.0.0.0, fault address 0x0004263a.
error 1000 23/05/2008 01:39:41 Application Error DOWNSTAIRS None N/A Faulting application tomb4.exe, version 0.0.0.0, faulting module tomb4.exe, version 0.0.0.0, fault address 0x0005048f.
warning 1517 23/05/2008 02:30:02 Userenv DOWNSTAIRS None NT AUTHORITY\SYSTEM Windows saved user DOWNSTAIRS\Daniel registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Tomb Raider Game Setup Information

DirectX Diagnostics Report

------------------
System Information
------------------
Time of this report: 5/23/2008, 10:35:13
Machine name: DOWNSTAIRS
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp.050928-1517)
Language: English (Regional Setting: English)
System Manufacturer: INTELR
System Model: AWRDACPI
BIOS: Phoenix - AwardBIOS v6.00PG
Processor: Intel(R) Pentium(R) D CPU 3.40GHz (2 CPUs)
Memory: 2048MB RAM
Page File: 391MB used, 3546MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.2180 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: NVIDIA GeForce 7950 GT
Manufacturer: NVIDIA
Chip type: GeForce 7950 GT
DAC type: Integrated RAMDAC
Device Key: Enum\PCI\VEN_10DE&DEV_0295&SUBSYS_2A68107D&REV_A1
Display Memory: 256.0 MB
Current Mode: 1280 x 1024 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: nv4_disp.dll
Driver Version: 6.14.0011.7516 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 5/2/2008 22:46:00, 6108160 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: nv4_mini.sys
Mini VDD Date: 5/2/2008 22:46:00, 6554496 bytes
Device Identifier: {D7B71E3E-41D5-11CF-916E-630A00C2CB35}
Vendor ID: 0x10DE
Device ID: 0x0295
SubSys ID: 0x2A68107D
Revision ID: 0x00A1
Revision ID: 0x00A1
Video Accel: ModeMPEG2_A ModeMPEG2_B ModeMPEG2_C ModeMPEG2_D ModeWMV9_B ModeWMV9_A
Deinterlace Caps: {6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
{6CB69578-7617-4637-91E5-1C02DB810285}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive
{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Enabled
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: Realtek HD Audio output
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_1019E601&REV_1008
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: RtkHDAud.sys
Driver Version: 5.10.0000.5591 (English)
Driver Attributes: Final Retail
WHQL Logo'd: n/a
Date and Size: 3/26/2008 18:37:26, 4713472 bytes
Other Files:
Driver Provider: Realtek Semiconductor Corp.
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: Yes, Yes
I3DL2(tm) Listen/Src: Yes, Yes
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: Realtek HD Audio Input
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: RtkHDAud.sys
Driver Version: 5.10.0000.5591 (English)
Driver Attributes: Final Retail
Date and Size: 3/26/2008 18:37:26, 4713472 bytes
Cap Flags: 0x0
Format Flags: 0x0

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x27C9
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 8/10/2004 12:00:00, 57600 bytes
| Driver: usbd.sys, 8/10/2004 12:00:00, 4736 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 8/10/2004 12:00:00, 52736 bytes
| Driver: kbdclass.sys, 8/10/2004 12:00:00, 24576 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 8/4/2004 02:01:08, 40840 bytes
| Driver: kbdclass.sys, 8/10/2004 12:00:00, 24576 bytes
|
+ PS/2 Compatible Mouse
| Matching Device ID: *pnp0f13
| Service: i8042prt
| Driver: i8042prt.sys, 8/10/2004 12:00:00, 52736 bytes
| Driver: mouclass.sys, 8/3/2004 23:58:34, 23040 bytes
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 8/4/2004 02:01:08, 40840 bytes
| Driver: mouclass.sys, 8/3/2004 23:58:34, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.2180)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.2180)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.2180)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Serial Service Provider: COM1
DirectPlay8 Serial Service Provider: COM3
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 238.8 GB
Total Space: 281.5 GB
File System: NTFS
Model: Maxtor 6V300F0

Drive: D:
Model: PHILIPS DVDR1660P1
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 49536 bytes

--------------
System Devices
--------------
Name: Intel(R) 82801G (ICH7 Family) SMBus Controller - 27DA
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_1B761019&REV_01\3&2411E6FE&0&FB
Driver: n/a

Name: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_1B761019&REV_01\3&2411E6FE&0&D8
Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 1/7/2005 17:07:18, 138752 bytes

Name: Intel(R) 82801G (ICH7 Family) PCI Express Root Port - 27D0
Device ID: PCI\VEN_8086&DEV_27D0&SUBSYS_00000000&REV_01\3&2411E6FE&0&E0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 68224 bytes

Name: Intel(R) 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
Device ID: PCI\VEN_8086&DEV_27CC&SUBSYS_1B761019&REV_01\3&2411E6FE&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.2180 (English), 8/3/2004 23:08:38, 26624 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 01:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 57600 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.2180 (English), 8/4/2004 08:56:44, 7168 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CB
Device ID: PCI\VEN_8086&DEV_27CB&SUBSYS_1B761019&REV_01\3&2411E6FE&0&EB
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 01:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 57600 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27CA
Device ID: PCI\VEN_8086&DEV_27CA&SUBSYS_1B761019&REV_01\3&2411E6FE&0&EA
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 01:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 57600 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C9
Device ID: PCI\VEN_8086&DEV_27C9&SUBSYS_1B761019&REV_01\3&2411E6FE&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 01:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 57600 bytes

Name: Intel(R) 82801G (ICH7 Family) USB Universal Host Controller - 27C8
Device ID: PCI\VEN_8086&DEV_27C8&SUBSYS_1B761019&REV_01\3&2411E6FE&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 20480 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 142976 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.2180 (English), 8/4/2004 01:56:48, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 57600 bytes

Name: Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0
Device ID: PCI\VEN_8086&DEV_27C0&SUBSYS_1B761019&REV_01\3&2411E6FE&0&FA
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/10/2004 12:00:00, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 25088 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 95360 bytes

Name: Intel(R) 82801GH (ICH7DH) LPC Interface Controller - 27B0
Device ID: PCI\VEN_8086&DEV_27B0&SUBSYS_00000000&REV_01\3&2411E6FE&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.0000 (English), 8/10/2004 12:00:00, 35840 bytes

Name: Intel(R) 945G/GZ/P/PL PCI Express Root Port - 2771
Device ID: PCI\VEN_8086&DEV_2771&SUBSYS_00000000&REV_81\3&2411E6FE&0&08
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 68224 bytes

Name: Intel(R) 945G/GZ/P/PL Processor to I/O Controller - 2770
Device ID: PCI\VEN_8086&DEV_2770&SUBSYS_00000000&REV_81\3&2411E6FE&0&00
Driver: n/a

Name: Intel(R) 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_E1\3&2411E6FE&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 68224 bytes

Name: Intel(R) Active Management Technology - SOL (COM3)
Device ID: PCI\VEN_8086&DEV_108F&SUBSYS_00001019&REV_03\4&1B41B794&0&03E0
Driver: n/a

Name: Intel(R) Active Management Technology - KCS
Device ID: PCI\VEN_8086&DEV_108E&SUBSYS_00001019&REV_03\4&1B41B794&0&04E0
Driver: C:\WINDOWS\system32\DRIVERS\IAMTXP.sys, 1.01.0024.0000 (English), 8/21/2005 00:31:58, 38528 bytes
Driver: C:\WINDOWS\system32\IAMT.din, 6/29/2005 03:57:00, 2570 bytes

Name: Standard Dual Channel PCI IDE Controller
Device ID: PCI\VEN_8086&DEV_108D&SUBSYS_00001019&REV_03\4&1B41B794&0&02E0
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 25088 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 95360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/10/2004 12:00:00, 3328 bytes

Name: Intel(R) PRO/1000 PM Network Connection
Device ID: PCI\VEN_8086&DEV_108C&SUBSYS_1B761019&REV_03\4&1B41B794&0&00E0
Driver: C:\WINDOWS\system32\DRIVERS\e1e5132.sys, 9.02.0024.0000 (English), 9/14/2005 10:24:08, 179200 bytes
Driver: C:\WINDOWS\system32\Prounstl.exe, 8.00.0007.0000 (English), 6/15/2005 06:27:42, 126976 bytes
Driver: C:\WINDOWS\system32\e1e5132.din, 7/13/2005 10:06:44, 2790 bytes
Driver: C:\WINDOWS\system32\NicCo32.dll, 1.00.0005.0000 (English), 6/14/2005 15:08:42, 20480 bytes
Driver: C:\WINDOWS\system32\NicIn32.dll, 9.00.0002.0000 (English), 5/19/2005 00:28:12, 21504 bytes
Driver: C:\WINDOWS\system32\e1000msg.dll, 8.06.0010.0000 (English), 7/6/2005 09:12:00, 163840 bytes
Driver: C:\WINDOWS\system32\EtCo32.dll, 2.02.0001.0000 (English), 6/23/2005 03:59:00, 17408 bytes

Name: 802.11g PCI Turbo Wireless Adapter
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_B8341462&REV_00\4&1AF1648C&0&10F0
Driver: C:\WINDOWS\system32\DRIVERS\rt61.sys, 1.01.0000.0000 (English), 3/9/2006 11:33:22, 366080 bytes

Name: Conexant 2388x AVStream TS Capture (DVB-T)
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_49131554&REV_05\4&1AF1648C&0&1AF0
Driver: n/a

Name: Conexant 2388x Audio Capture
Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_49131554&REV_05\4&1AF1648C&0&19F0
Driver: C:\WINDOWS\system32\kstvtune.ax, 5.03.2600.2180 (English), 8/4/2004 00:56:58, 61952 bytes
Driver: C:\WINDOWS\system32\ksxbar.ax, 5.03.2600.2180 (English), 8/4/2004 00:56:58, 43008 bytes
Driver: C:\WINDOWS\system32\kswdmcap.ax, 5.03.2600.2180 (English), 8/4/2004 00:56:58, 90624 bytes
Driver: C:\WINDOWS\system32\vidcap.ax, 5.01.2600.2180 (English), 8/4/2004 00:56:58, 28672 bytes
Driver: C:\WINDOWS\system32\vfwwdm32.dll, 5.01.2600.2180 (English), 8/4/2004 00:56:48, 53760 bytes
Driver: C:\WINDOWS\system32\iyuv_32.dll, 5.01.2600.2180 (English), 8/4/2004 00:56:44, 47616 bytes
Driver: C:\WINDOWS\system32\msh263.drv, 5.01.2600.2180 (English), 8/4/2004 00:56:58, 294912 bytes
Driver: C:\WINDOWS\system32\msyuv.dll, 5.03.2600.2180 (English), 8/4/2004 00:56:46, 17408 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.2180 (English), 8/3/2004 23:08:00, 60288 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.1364 (English), 3/16/2004 10:58:20, 136960 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.2180 (English), 8/3/2004 23:08:04, 48640 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.2180 (English), 8/4/2004 01:56:58, 23552 bytes
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.2180 (English), 8/4/2004 01:56:44, 4096 bytes
Driver: C:\WINDOWS\system32\tsbyuv.dll, 5.01.2600.0000 (English), 8/17/2001 22:36:34, 8192 bytes
Driver: C:\WINDOWS\system32\drivers\cxavsaud.sys, 4.00.0112.0000 (English), 10/25/2005 02:56:00, 11008 bytes

Name: Conexant 2388x Video Capture (PAL/DVB-T)
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_49131554&REV_05\4&1AF1648C&0&18F0
Driver: n/a

Name: VIA OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_1106&DEV_3044&SUBSYS_30441106&REV_80\4&1AF1648C&0&20F0
Driver: C:\WINDOWS\system32\DRIVERS\ohci1394.sys, 5.01.2600.2180 (English), 8/4/2004 07:10:10, 61056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394bus.sys, 5.01.2600.2180 (English), 8/10/2004 12:00:00, 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys, 5.01.2600.2180 (English), 8/3/2004 23:58:30, 61824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys, 5.01.2600.2180 (English), 8/3/2004 23:58:30, 60800 bytes
Driver: C:\WINDOWS\system32\DRIVERS\enum1394.sys, 5.01.2600.0000 (English), 8/17/2001 21:46:40, 6400 bytes

Name: NVIDIA GeForce 7950 GT
Device ID: PCI\VEN_10DE&DEV_0295&SUBSYS_2A68107D&REV_A1\4&11C8B129&0&0008
Driver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 6554496 bytes
Driver: C:\WINDOWS\system32\nv4_disp.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 6108160 bytes
Driver: C:\WINDOWS\system32\nvsvc32.exe, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 159812 bytes
Driver: C:\WINDOWS\system32\nvapi.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 425984 bytes
Driver: C:\WINDOWS\system32\nvcuda.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 1241088 bytes
Driver: C:\WINDOWS\system32\nvoglnt.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 8769536 bytes
Driver: C:\WINDOWS\system32\nvcpl.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 13529088 bytes
Driver: C:\WINDOWS\system32\nvmctray.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 86016 bytes
Driver: C:\WINDOWS\system32\nvwddi.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 81920 bytes
Driver: C:\WINDOWS\system32\nvnt4cpl.dll, 6.14.0010.11173 (English), 5/2/2008 22:46:00, 286720 bytes
Driver: C:\WINDOWS\system32\nvmccs.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 229376 bytes
Driver: C:\WINDOWS\system32\nvdisps.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 6582272 bytes
Driver: C:\WINDOWS\system32\nvgames.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 3391488 bytes
Driver: C:\WINDOWS\system32\nvmccss.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 188416 bytes
Driver: C:\WINDOWS\system32\nvmobls.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 1257472 bytes
Driver: C:\WINDOWS\system32\nvvitvs.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 3776512 bytes
Driver: C:\WINDOWS\system32\nvwss.dll, 6.14.0011.7516 (English), 5/2/2008 22:46:00, 2629632 bytes
Driver: C:\WINDOWS\help\nvcpl.hlp, 5/2/2008 22:46:00, 177897 bytes
Driver: C:\WINDOWS\help\nvwcplen.hlp, 5/2/2008 22:46:00, 55444 bytes
Driver: C:\WINDOWS\system32\nvcod.dll, 1.03.0000.0014 (English), 5/2/2008 22:46:00, 41984 bytes
Driver: C:\WINDOWS\system32\nvcodins.dll, 1.03.0000.0014 (English), 5/2/2008 22:46:00, 41984 bytes

------------------

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------

Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]

Program:
"ATI Smart"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ATI Smart
Program path & name:
c:\windows\system32\ati2sgag.exe"
Enabled: [V]

Program:
"AVG E-Mail Scanner"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8emc
Program path & name:
"c:\program files\avg\avg8\avgemc.exe"
Enabled: [V]

Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]

Program:
"Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence
Publisher:
so that users can discover and use those services without any unnecessary manual setup or administration."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Not verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cmdService
Program path & name:
File not found: C:\WINDOWS\RGFuaWVsIFNtaXRo\command.exe"
Enabled: [V]

Program:
"Intel® Quick Resume Technology Drivers"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELService
Program path & name:
"c:\program files\intel\inteldh\intel(r) quick resume technology\elservice.exe"
Enabled: [V]

Program:
"RAID Monitor"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IAANTMon
Program path & name:
"c:\program files\intel\intel matrix storage manager\iaantmon.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Network Monitor
Program path & name:
File not found: C:\Program Files\Network Monitor\netmon.exe service"
Enabled: [V]

Program:
"Protexis Licensing Service"
Publisher:
"(Verified) Corel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ProtexisLicensing
Program path & name:
"c:\windows\system32\psiservice.exe"
Enabled: [V]

Program:
"AEGIS Protocol (IEEE 802.1x) v3.4.3.0"
Publisher:
"(Not verified) Meetinghouse Data Communications"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AegisP
Program path & name:
"c:\windows\system32\drivers\aegisp.sys"
Enabled: [V]

Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgLdx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]

Program:
"AVG Network connection watcher"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgTdiX
Program path & name:
"c:\windows\system32\drivers\avgtdix.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELhid
Program path & name:
"c:\windows\system32\drivers\elhid.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELkbd
Program path & name:
"c:\windows\system32\drivers\elkbd.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELmon
Program path & name:
"c:\windows\system32\drivers\elmon.sys"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELmou
Program path & name:
"c:\windows\system32\drivers\elmou.sys"
Enabled: [V]

Program:
"CD DVD Filter"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]

Program:
"NVIDIA® nForce(TM) IDE Performance Driver"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nvata
Program path & name:
"c:\windows\system32\drivers\nvata.sys"
Enabled: [V]

Program:
"NVIDIA® nForce(TM) IDE Performance Driver"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nvatabus
Program path & name:
"c:\windows\system32\drivers\nvatabus.sys"
Enabled: [V]

Program:
"NVIDIA® nForce(TM) RAID Driver"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
nvraid
Program path & name:
"c:\windows\system32\drivers\nvraid.sys"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
wvUnMffC
Program path & name:
File not found: wvUnMffC.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\geBULCRI
Program path & name:
c:\windows\system32\gebulcri.dll"
Enabled: [V]

Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
avgrsstx.dll
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]

Program:
"Recguard MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Recguard
Program path & name:
c:\windows\sminst\recguard.exe"
Enabled: [V]

Program:
"Event Monitor User Notification Tool"
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
IAAnotif
Program path & name:
"c:\program files\intel\intel matrix storage manager\iaanotif.exe"
Enabled: [V]

Program:
"CLI Application (Command Line Interface)"
Publisher:
"(Not verified) ATI Technologies Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ATICCC
Program path & name:
"c:\program files\ati technologies\ati.ace\cli.exe"
Enabled: [V]

Program:
"Macromedia Projector"
Publisher:
"(Not verified) Macromedia Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AOL_Demo
Program path & name:
"c:\applications\tool\aol demo\dsgdemo.exe"
Enabled: [V]

Program:
"NVIDIA nView Wizard
Publisher:
Version 111.73 "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
nwiz
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nwiz.exe"
Enabled: [V]

Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]

Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
10b64172
Program path & name:
File not found: C:\WINDOWS\system32\ivokrmyk.dll"
Enabled: [V]

Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]

Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_06\bin\jusched.exe"
Enabled: [V]

Program:
"Corel Photo Downloader"
Publisher:
"(Verified) Corel Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Corel Photo Downloader
Program path & name:
"c:\program files\common files\corel\corel photodownloader\corel photo downloader.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BM138572ee
Program path & name:
c:\windows\system32\ksccgkbe.dll"
Enabled: [V]

Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/octet-stream
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]

Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-complus
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]

Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-msdownload
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]

Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]

Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]

Program:
"Microsoft .NET IE SECURITY REGISTRATION"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
"c:\windows\system32\mscories.dll"
Enabled: [V]

Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Not verified) Adobe Systems Incorporated"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Adobe Reader Speed Launch.lnk
Program path & name:
"c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe"
Enabled: [V]

Program:
" "
Publisher:
"(Not verified) "
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
FreeventsSchedule.lnk
Program path & name:
"c:\freevents\freeventsschedule.exe"
Enabled: [V]

Program:
"Ralink Wireless Utility"
Publisher:
"(Not verified) Ralink Technology Corp."
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Ralink Wireless Utility.lnk
Program path & name:
"c:\program files\ralink\common\raui.exe"
Enabled: [V]

Program:
"tray Module"
Publisher:
N/A
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Start DonorLink System Tray App.lnk
Program path & name:
c:\documents and settings\all users\application data\ipd\tray.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Daniel\Start Menu\Programs\Startup
Entry name:
Deewoo.lnk
Program path & name:
File not found: C:\WINDOWS\system32\tcntpkdm.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Daniel\Start Menu\Programs\Startup
Entry name:
DW_Start.lnk
Program path & name:
File not found: C:\WINDOWS\system32\jownw64k.exe"
Enabled: [V]

Program:
"Creative Camera Launcher Application"
Publisher:
"(Not verified) Creative Technology Ltd"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Creative WebCam Tray
Program path & name:
"c:\program files\creative\shared files\camtray.exe"
Enabled: [V]

Program:
"Adobe Update Manager"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
updateMgr
Program path & name:
"c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe"
Enabled: [V]

Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]

Program:
"Toolbar Helper"
Publisher:
"(Not verified) Interprom Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IP
Program path & name:
"c:\documents and settings\all users\application data\ipd\ipb.dll"
Enabled: [V]

Program:
"Adobe Acrobat IE Helper Version 7.0 for ActiveX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
Enabled: [V]

Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]

Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_06\bin\ssv.dll"
Enabled: [V]

Program:
"AVG Security Toolbar "
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Security Toolbar
Program path & name:
"c:\program files\avg\avg8\avgtoolbar.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{E63B4010-1652-4FF4-B280-40C0561086F4}
Program path & name:
c:\windows\system32\gebulcri.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{ff6afd48-c822-42a5-8094-cdb529ce557b}
Program path & name:
c:\windows\system32\fdetxajv.dll"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
InprocServer32
Program path & name:
File not found: CLSID\{8A290466-39BD-419B-93DB-0E9599506654}\InprocServer32"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]

Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Fusion Cache
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]

Program:
"ShellvRTF"
Publisher:
"(Not verified) XSS"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
SampleView
Program path & name:
"c:\windows\system32\shellvrtf.dll"
Enabled: [V]

Program:
"ACE Context Menu"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
c:\program files\ati technologies\ati.ace\atiacmxx.dll"
Enabled: [V]

Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]

Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]

Program:
"NVIDIA Desktop Explorer
Publisher:
Version 111.73 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
nView Desktop Context Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]

Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]

Program:
"AVG Shell Extension"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]

Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]

Sorry for taking up time with this but it is really bothering me.

stranger1992

23-05-08, 13:19

Does anybody know I am actually desperatei have a lot of important school and other work that i cannot afford to get deleted. :(

EscondeR

23-05-08, 18:02

1. Boot your PC in the Safe Mode.

2. Run Autoruns again (I presume you've downloaded it, if not look for the link above) and kill the following entries:

Program:
"Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence
Publisher:
so that users can discover and use those services without any unnecessary manual setup or administration."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Not verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cmdService
Program path & name:
File not found: C:\WINDOWS\RGFuaWVsIFNtaXRo\command.exe"
Enabled: [V] - VIRUS

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Network Monitor
Program path & name:
File not found: C:\Program Files\Network Monitor\netmon.exe service"
Enabled: [V]

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELhid
Program path & name:
"c:\windows\system32\drivers\elhid.sys"
Enabled: [V] - Suspicious!

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELkbd
Program path & name:
"c:\windows\system32\drivers\elkbd.sys"
Enabled: [V] - Suspicious!

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELmon
Program path & name:
"c:\windows\system32\drivers\elmon.sys"
Enabled: [V] - Suspicious!

Program:
N/A
Publisher:
"(Not verified) Intel Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ELmou
Program path & name:
"c:\windows\system32\drivers\elmou.sys"
Enabled: [V] - Suspicious!

Program:
"CD DVD Filter"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
wvUnMffC
Program path & name:
File not found: wvUnMffC.dll"
Enabled: [V] - VIRUS

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\geBULCRI
Program path & name:
c:\windows\system32\gebulcri.dll"
Enabled: [V]

Program:
"Recguard MFC Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Recguard
Program path & name:
c:\windows\sminst\recguard.exe"
Enabled: [V]

Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
10b64172
Program path & name:
File not found: C:\WINDOWS\system32\ivokrmyk.dll"
Enabled: [V] - VIRUS

Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_06\bin\jusched.exe"
Enabled: [V]

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BM138572ee
Program path & name:
c:\windows\system32\ksccgkbe.dll"
Enabled: [V]

Program:
" "
Publisher:
"(Not verified) "
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
FreeventsSchedule.lnk
Program path & name:
"c:\freevents\freeventsschedule.exe"
Enabled: [V]

Program:
"tray Module"
Publisher:
N/A
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Start DonorLink System Tray App.lnk
Program path & name:
c:\documents and settings\all users\application data\ipd\tray.exe"
Enabled: [V] - VIRUS

Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Daniel\Start Menu\Programs\Startup
Entry name:
Deewoo.lnk
Program path & name:
File not found: C:\WINDOWS\system32\tcntpkdm.exe"
Enabled: [V] - VIRUS

Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Daniel\Start Menu\Programs\Startup
Entry name:
DW_Start.lnk
Program path & name:
File not found: C:\WINDOWS\system32\jownw64k.exe"
Enabled: [V] - VIRUS

Program:
"Toolbar Helper"
Publisher:
"(Not verified) Interprom Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IP
Program path & name:
"c:\documents and settings\all users\application data\ipd\ipb.dll"
Enabled: [V] - Malware

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{E63B4010-1652-4FF4-B280-40C0561086F4}
Program path & name:
c:\windows\system32\gebulcri.dll"
Enabled: [V] - VIRUS

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{ff6afd48-c822-42a5-8094-cdb529ce557b}
Program path & name:
c:\windows\system32\fdetxajv.dll"
Enabled: [V] - VIRUS

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
InprocServer32
Program path & name:
File not found: CLSID\{8A290466-39BD-419B-93DB-0E9599506654}\InprocServer32"
Enabled: [V]

3. Run full system antivirus scan while staying in Safe Mode.