will someone check if my hijackthis log is infected?

niall · 08-15-2006, 03:07 PM

Things are running and all that, but the pc's slowed down and there's bits of spyware on my kaspersky log which I'll also post.

Logfile of HijackThis v1.99.1
Scan saved at 11:04:04, on 15/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijack folder\HijackThis1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/temp...control024.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...05/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

---
Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

C:\WINDOWS\SchedLog.Txt Object is locked skipped

C:\WINDOWS\Downloaded Program Files\btmailcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.g skipped

C:\WINDOWS\Downloaded Program Files\btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.f skipped

C:\WINDOWS\Motive\btbb\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Program Files\BT Broadband Desktop Help\SmartBridge\SmartBridge.log Object is locked skipped

C:\Program Files\BT Broadband Desktop Help\SmartBridge\AlertFilter.log Object is locked skipped

C:\Program Files\BT Broadband Desktop Help\SmartBridge\log\httpclient.log Object is locked skipped

C:\Program Files\BT Broadband Desktop Help\SmartBridge\SBExtHost.log Object is locked skipped

C:\undo\backup.cab/C:/WINDOWS/SYSTEM32/RegCleaner/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\undo\backup.cab/C:/WINDOWS/SYSTEM32/RegCleaner/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\undo\backup.cab/C:/WINDOWS/SYSTEM32/RegCleaner/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\undo\backup.cab CAB: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\pc user\Local Settings\Temp\~DF17B6.tmp Object is locked skipped

C:\Documents and Settings\pc user\Local Settings\Temp\~DF7FF7.tmp Object is locked skipped

C:\Documents and Settings\pc user\Local Settings\Temp\bbassistant.log Object is locked skipped

C:\Documents and Settings\pc user\Local Settings\History\History.IE5\MSHist012006081520060816\index.dat Object is locked skipped

C:\Documents and Settings\pc user\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pc user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\pc user\My Documents\BBDesktopHelpInstall.exe/WISE0011.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

C:\Documents and Settings\pc user\My Documents\BBDesktopHelpInstall.exe WiseSFX: infected - 1 skipped

C:\Documents and Settings\pc user\My Documents\BBDesktopHelpInstall.exe WiseSFX Dropper: infected - 1 skipped

C:\Documents and Settings\pc user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\pc user\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\pc user\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\pc user\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\pc user\ntuser.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\System Volume Information\_restore{9A8C29C7-82CC-4BC4-8618-C700A2FBA69E}\RP492\change.log Object is locked skipped

niall · 08-15-2006, 05:33 PM

oh yeah one problem i have is when i close my browser for some reason i've been getting an error message a lot

Vikesrock8411 · 08-16-2006, 07:07 PM

That Kaspersky scan lists locked objects and some false positives including some items related to your ISP.

Download combofix.exe-Save it to your Desktop.
Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

niall · 08-17-2006, 05:50 AM

pc user*Administrators - 06-08-17 13:47:21.72
ComboFix 06.08.17 - Running from: C:\Documents and Settings\pc user\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-17 to 2006-08-17 ))))))))))))))))))))))))))))))))))

2006-08-06 15:16 1,060,864 C:\WINDOWS\system32\MFC71.dll
2006-07-18 04:41 <DIR> C:\WINDOWS\McAfee.com
2006-07-17 15:04 86,016 C:\WINDOWS\system32\YPcservice.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-17 03:05 4831778 --ah----- C:\Documents and Settings\pc user\Application Data\IconCache.db
2006-08-09 14:14 777472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-08-09 14:14 27904 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-08-06 15:16 -------- d-------- C:\Program Files\Alwil Software
2006-07-27 14:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-23 13:10 -------- d-------- C:\Program Files\BT Broadband Desktop Help
2006-07-23 02:21 115 --a------ C:\Program Files\FxIstbar.log
2006-07-23 02:02 167608 --a------ C:\Program Files\FxIstbar.exe
2006-07-21 09:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-19 00:54 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-07-17 14:58 -------- d-------- C:\Program Files\BT Broadband 210
2006-05-06 23:32 7680 --a------ C:\Documents and Settings\pc user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\\PROGRA~1\\YAHOO!\\BROWSER\\ybrwicon.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\BTBROA~2\\SMARTB~1\\BTHelpNotifier.exe"
"btbb_wcm_McciTrayApp"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ypager.exe -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.damnfunnypictures.com/images/icons/tjagywx-cute_babies_thumb.jpg"
"SubscribedURL"="http://www.damnfunnypictures.com/images/icons/tjagywx-cute_babies_thumb.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,52,01,00,00,23,00,00,00,7c,00,00,00,72,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,46,00,00,00,46,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,21,03,41,c0,b4,74,20,01,5f,04,68,de,21,03,20,6d,\
21,03,9d,85,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\disabledrunkeys]
"AtiPTA"="Atiptaxx.exe"
"Ati2cwxx"="Ati2cwxx.exe"
"LoadQM"="loadqm.exe"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-us\\msnappau.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"BTopenworld"="\"C:\\PROGRAM FILES\\BT YAHOO! INTERNET\\DialBTYahoo.exe\" /ReInstallAutoDial"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
C:\WINDOWS\tasks\Maintenance-Defragment programs.job
C:\WINDOWS\tasks\Maintenance-Disk cleanup.job

Completion time: 17/08/2006 13:48:23.10
ComboFix.txt

Vikesrock8411 · 08-17-2006, 11:51 PM

That log looks clean, can you give any more details about the error message you have been seeing?

niall · 08-18-2006, 05:53 PM

I'll post an example in an attachment (I usually click either of the two options).

Vikesrock8411 · 08-18-2006, 11:12 PM

Make sure you do not need your computer for at least 12 hours before proceeding with this step. This scan may take that long and cannot be aborted. I reccomend you run it overnight. If this is not possible let me know and we will continue another way.

Click Start>Run and type in chkdsk /r
If it asks you to run chkdsk on restart please click yes, and restart your computer. This will check your hard drive for errors, and correct any minor errors it finds.

Click Start>Run and type in eventvwr.msc

What we're looking for are the Errors from the System and Application viewers. You'll see something like this: Application Error...

Locate the ones with a big red X that say error. Double click to open it. Hit the Tablet (Says Copy to Clipboard if you hover mouse over it) and then CTRL+V to paste the info into the post.

niall · 08-19-2006, 08:07 AM

The checkdisk scan only took about an hour.
I dont know how you're gonna make sense of what I'm gonna copy from the eventviewer thing. I've posted all the errors for application, but I didnt post all the system errors as the ACPI errors kept being repeated and it seemed pointless. After the ACPI errors of the 15th of August, I posted a few other different types from the rest of the list. If you need me to post every single error, I will.
I wouldnt know, but there seems to be a lot of errors-if there's too many dont spend too much time looking through them. (i was searching for threads with eventviewer errors posted and people seem to have a LOT less than me, especially considering I didnt post every error for system).

APPLICATION

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 15/08/2006
Time: 09:28:48
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 0028ac07.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 32 38 61 63 30 37 0d 0a 28ac07..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 03/08/2006
Time: 05:15:16
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 000d2224.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 64 32 32 32 34 0d 0a 0d2224..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 02/08/2006
Time: 12:46:05
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 000d2224.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 64 32 32 32 34 0d 0a 0d2224..

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 11
Date: 01/08/2006
Time: 12:58:21
User: N/A
Computer: D2G0K2
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 19/06/2006
Time: 05:53:16
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 000eed2c.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 65 65 64 32 63 0d 0a 0eed2c..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 11/06/2006
Time: 02:07:05
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 000eed2c.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 65 65 64 32 63 0d 0a 0eed2c..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 06/06/2006
Time: 07:38:54
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 0028ac07.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 32 38 61 63 30 37 0d 0a 28ac07..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 01/06/2006
Time: 05:03:00
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 000d2224.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 64 32 32 32 34 0d 0a 0d2224..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 19/05/2006
Time: 08:08:59
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 000eed2c.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 65 65 64 32 63 0d 0a 0eed2c..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 15/05/2006
Time: 10:05:42
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, unknown, 0.0.0.0, ffffff00.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 75 6e .0 in un
0030: 6b 6e 6f 77 6e 20 30 2e known 0.
0038: 30 2e 30 2e 30 20 61 74 0.0.0 at
0040: 20 6f 66 66 73 65 74 20 offset
0048: 66 66 66 66 66 66 30 30 ffffff00
0050: 0d 0a ..

Event Type: Error
Event Source: Messenger
Event Category: None
Event ID: 1000
Date: 11/05/2006
Time: 07:56:06
User: N/A
Computer: D2G0K2
Description:
The description for Event ID ( 1000 ) in Source ( Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 7.5.324.0, msnmsgr.exe, 7.5.324.0, 000eed2c.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 73 6e ure msn
0018: 6d 73 67 72 2e 65 78 65 msgr.exe
0020: 20 37 2e 35 2e 33 32 34 7.5.324
0028: 2e 30 20 69 6e 20 6d 73 .0 in ms
0030: 6e 6d 73 67 72 2e 65 78 nmsgr.ex
0038: 65 20 37 2e 35 2e 33 32 e 7.5.32
0040: 34 2e 30 20 61 74 20 6f 4.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 65 65 64 32 63 0d 0a 0eed2c..

SYSTEM

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 19/08/2006
Time: 03:15:24
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 19/08/2006
Time: 03:15:24
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 19/08/2006
Time: 02:45:36
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 19/08/2006
Time: 02:45:36
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 18/08/2006
Time: 04:08:44
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 18/08/2006
Time: 04:08:44
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 17/08/2006
Time: 07:46:07
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 17/08/2006
Time: 07:46:07
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:13:38
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 78 5c 07 00 00 00 .Zx\....
0028: e9 f5 03 00 00 00 00 00 éõ......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: 40 eb 12 00 18 4d 1d 81 @ë...M.
0058: 00 00 00 00 e8 4a 1d 81 ....èJ.
0060: 02 00 00 00 2d 3c ae 03 ....-<®.
0068: 28 00 03 ae 3c 2d 00 00 (..®<-..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:11:47
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 10 44 07 00 00 00 .Z.D....
0028: 7d ca 03 00 00 00 00 00 }Ê......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: 40 eb 12 00 a8 4f 1d 81 @ë..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 2d 08 a2 03 ....-.¢.
0068: 28 00 03 a2 08 2d 00 00 (..¢.-..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:11:27
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 23 3e 07 00 00 00 .Z#>....
0028: 9e c2 03 00 00 00 00 00 žÂ......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: 40 eb 12 00 18 4d 1d 81 @ë...M.
0058: 00 00 00 00 e8 4a 1d 81 ....èJ.
0060: 02 00 00 00 ad 11 9f 03 ....*.Ÿ.
0068: 28 00 03 9f 11 ad 00 00 (..Ÿ.*..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:10:11
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 9f 2b 07 00 00 00 .ZŸ+....
0028: e7 a4 03 00 00 00 00 00 ç¤......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: 40 eb 12 00 a8 4f 1d 81 @ë..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 ad cf 95 03 ....*Ï•.
0068: 28 00 03 95 cf ad 00 00 (..•Ï*..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:10:09
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 99 2b 07 00 00 00 .Z™+....
0028: 2b a4 03 00 00 00 00 00 +¤......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: 48 e3 0f 00 18 4d 1d 81 Hã...M.
0058: 00 00 00 00 e8 4a 1d 81 ....èJ.
0060: 02 00 00 00 ad cc 95 03 ....*Ì•.
0068: 28 00 03 95 cc ad 00 00 (..•Ì*..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:16
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 6a 7f af 06 00 00 00 .j¯....
0028: 50 78 03 00 00 00 00 00 Px......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 a8 4f 1d 81 àß..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 b5 bf 57 03 ....µ¿W.
0068: 28 00 03 57 bf b5 00 00 (..W¿µ..
0070: 01 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:15
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 6a 7f af 06 00 00 00 .j¯....
0028: a1 77 03 00 00 00 00 00 ¡w......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 18 4d 1d 81 àß...M.
0058: 00 00 00 00 e8 4a 1d 81 ....èJ.
0060: 02 00 00 00 b5 bf 57 03 ....µ¿W.
0068: 28 00 03 57 bf b5 00 00 (..W¿µ..
0070: 02 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:13
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 6a 7f af 06 00 00 00 .j¯....
0028: f2 76 03 00 00 00 00 00 òv......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 a8 4f 1d 81 àß..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 b5 bf 57 03 ....µ¿W.
0068: 28 00 03 57 bf b5 00 00 (..W¿µ..
0070: 04 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:11
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 6a 7f af 06 00 00 00 .j¯....
0028: 42 76 03 00 00 00 00 00 Bv......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 18 4d 1d 81 àß...M.
0058: 00 00 00 00 e8 4a 1d 81 ....èJ.
0060: 02 00 00 00 b5 bf 57 03 ....µ¿W.
0068: 28 00 03 57 bf b5 00 00 (..W¿µ..
0070: 08 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:09
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 7f af 06 00 00 00 .Z¯....
0028: 8e 75 03 00 00 00 00 00 Žu......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 a8 4f 1d 81 àß..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 ad bf 57 03 ....*¿W.
0068: 28 00 03 57 bf ad 00 00 (..W¿*..
0070: 10 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:07
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 7f af 06 00 00 00 .Z¯....
0028: d8 74 03 00 00 00 00 00 Øt......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 18 4d 1d 81 àß...M.
0058: 00 00 00 00 e8 4a 1d 81 ....èJ.
0060: 02 00 00 00 ad bf 57 03 ....*¿W.
0068: 28 00 03 57 bf ad 00 00 (..W¿*..
0070: 20 00 00 00 00 00 00 00 .......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:06
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 7f af 06 00 00 00 .Z¯....
0028: 22 74 03 00 00 00 00 00 "t......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 a8 4f 1d 81 àß..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 ad bf 57 03 ....*¿W.
0068: 28 00 03 57 bf ad 00 00 (..W¿*..
0070: 40 00 00 00 00 00 00 00 @.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:04
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 7f af 06 00 00 00 .Z¯....
0028: 65 73 03 00 00 00 00 00 es......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 18 4d 1d 81 àß...M.
0058: 00 00 00 00 e8 4a 1d 81 ....èJ.
0060: 02 00 00 00 ad bf 57 03 ....*¿W.
0068: 28 00 03 57 bf ad 00 00 (..W¿*..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:08:00
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 7f af 06 00 00 00 .Z¯....
0028: f2 71 03 00 00 00 00 00 òq......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 a8 4f 1d 81 àß..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 ad bf 57 03 ....*¿W.
0068: 28 00 03 57 bf ad 00 00 (..W¿*..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 17/08/2006
Time: 06:00:54
User: N/A
Computer: D2G0K2
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 5a 7f af 06 00 00 00 .Z¯....
0028: 9e cb 02 00 00 00 00 00 žË......
0030: ff ff ff ff 00 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 00 . ..@. .
0048: 00 00 00 00 0a 00 00 00 ........
0050: e0 df 11 00 a8 4f 1d 81 àß..¨O.
0058: 00 00 00 00 78 4d 1d 81 ....xM.
0060: 02 00 00 00 ad bf 57 03 ....*¿W.
0068: 28 00 03 57 bf ad 00 00 (..W¿*..
0070: 80 00 00 00 00 00 00 00 €.......
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 17/08/2006
Time: 05:30:19
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 17/08/2006
Time: 05:30:19
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 17/08/2006
Time: 05:11:55
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 17/08/2006
Time: 05:11:55
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 17/08/2006
Time: 02:04:42
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 17/08/2006
Time: 02:04:42
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 17/08/2006
Time: 01:52:28
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 17/08/2006
Time: 01:52:28
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 17/08/2006
Time: 12:03:41
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 17/08/2006
Time: 12:03:41
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 17/08/2006
Time: 03:07:01
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 17/08/2006
Time: 03:07:01
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 16/08/2006
Time: 03:13:36
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 16/08/2006
Time: 03:13:36
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 16/08/2006
Time: 11:35:32
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 16/08/2006
Time: 11:35:32
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 15/08/2006
Time: 08:32:38
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 15/08/2006
Time: 08:32:38
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 4
Date: 15/08/2006
Time: 08:14:55
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 04 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: ACPI
Event Category: None
Event ID: 5
Date: 15/08/2006
Time: 08:14:55
User: N/A
Computer: D2G0K2
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00 ......R.
0008: 00 00 00 00 05 00 05 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 02/08/2006
Time: 01:36:30
User: N/A
Computer: D2G0K2
Description:
The IP address lease 192.168.1.2 for the Network Card with network address 0016E33D03CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 23/07/2006
Time: 07:01:56
User: N/A
Computer: D2G0K2
Description:
The ewido anti-spyware 4.0 guard service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 23/07/2006
Time: 02:24:23
User: NT AUTHORITY\SYSTEM
Computer: D2G0K2
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 23/07/2006
Time: 02:07:22
User: N/A
Computer: D2G0K2
Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
ewido anti-spyware 4.0 driver
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 18/07/2006
Time: 02:29:29
User: N/A
Computer: D2G0K2
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 18/07/2006
Time: 02:29:29
User: N/A
Computer: D2G0K2
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Vikesrock8411 · 08-20-2006, 08:41 PM

Please try the instructions at this page http://support.microsoft.com/?kbid=321779.

Those instructions are a bit vague so if you need more information please say so.

niall · 08-21-2006, 11:04 AM

bit confusing alright, should I set PNP OS to no because of this; "Therefore, for any computer with a buggy ACPI BIOS, set PNP OS to No."

niall · 08-21-2006, 11:43 AM

here's a scan im just after doing for ewido anti-spyware, it says the dialer things are high risk and im a bit worried about them (i put them in quarantine by the way)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:40:55 21/08/2006

+ Scan result:

C:\WINDOWS\Downloaded Program Files\btwebcontrol.dll -> Dialer.BT.f : No action taken.
C:\WINDOWS\Downloaded Program Files\btmailcontrol.dll -> Dialer.BT.g : No action taken.
C:\Documents and Settings\pc user\Cookies\pc user@com[1].txt -> TrackingCookie.Com : No action taken.

::Report end

niall · 08-21-2006, 12:44 PM

a dialer came up on a pandascan i did now as well (sorry for posting again)-i dont understand it as BT is my ISP-are they false positives and should I restore them from quarantine in awido

Incident Status Location

Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/mediatickets Not disinfected Windows Registry
Dialer:Dialer.HLO Not disinfected C:\WINDOWS\Downloaded Program Files\btwebcontrol.inf
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\Motive\btbb\pskill.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\pc user\Desktop\win32delfkil\Process.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\pc user\Cookies\pc user@com[1].txt

Vikesrock8411 · 08-21-2006, 02:53 PM

Yes, if you can locate the PNP OS option please set it to "no", otherwise let me know.

Those dialer's are false positives. They are related to your ISP.

Open Ewido
Click Quarantine on the left side.
Look for the following items:

C:\WINDOWS\Downloaded Program Files\btwebcontrol.dll
C:\WINDOWS\Downloaded Program Files\btmailcontrol.dll

Hold the Ctrl key then left-click each one of the items above.
When ONLY those items are highlighted, click Restore.

A small window will open up. Click Restore on this one as well.

niall · 08-23-2006, 05:26 PM

ok I selected PnP/PCI Configuration and set PNP OS Installed to "No." What effect will this have on my pc?

niall · 08-23-2006, 06:45 PM

i think that's the right selection anyway, i wouldnt be too sure about these things...:(

Vikesrock8411 · 08-23-2006, 06:55 PM

Nice work!

Is IE still giving the same error?

niall · 08-24-2006, 01:36 PM

it's appeared once..maybe it's not a big problem really, the pc's going a bit slower than i'd like but it's probably unrelated

niall · 08-24-2006, 04:52 PM

im getting a LOT of warning messages for application in eventviewer like this;

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 20/08/2006
Time: 11:26:15
User: NT AUTHORITY\SYSTEM
Computer: D2G0K2
Description:
Windows saved user D2G0K2\pc user registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

And i got a couple of these messages today under security;

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 24/08/2006
Time: 09:01:47
User: N/A
Computer: D2G0K2
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

niall · 08-24-2006, 07:43 PM

sorry for posting like crazy, but i'm just after downloading the free ZoneAlarm firewall, as I'm told windows firewall doesnt stop outgoing traffic

niall · 08-24-2006, 09:53 PM

i decided to uninstall zonealarm, i found it ackward to use and my younger brother and sisters who use the pc wouldnt even know what a firewall is and they wouldnt be able to use it. I hope i didnt mess anything up while trying to figure it out.

Will you check an updated log for viruses/spyware etc please, my pc is running slow and it's annoying. I'm still getting that ACPI message a lot in the event viewer too-therefore should i just change the PNP OS setting back to yes? Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 05:46:41, on 25/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\YAHOO!\BROWSER\YCOMMON.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijack folder\HijackThis1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/temp...control024.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...05/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE