Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrss.exe and explorer.exe stuck in loops


  • This topic is locked This topic is locked
3 replies to this topic

#1 ESP123

ESP123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 16 April 2009 - 05:29 AM

I've been having a problem with csrss.exe and explorer.exe getting stuck in loops that are constantly using the hard drive. I'm sure I don't have any viruses or spyware and I've tried nearly everything to get these things to stop looping.

I notice that the explorer.exe loop stops when I disconnect my computer from the router by disabling the "Local Area Connection." I need thing to stop looping though as this computer is connected to the internet whenever it is powered on.

The csrss.exe loop even happens in safe mode.

Here are my logs. The first one is from DDS and the second one is from Process Manager. The log from Process Manager shows what these programs are accessing over and over.



DDS (Ver_09-03-16.01) - NTFSx86
Run by Eric at 2:48:54.36 on Thu 04/16/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1503 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\program files\turtle beach\montegoddl\tbmontegotray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\D4\D4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Eric\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.15\AsRunHelp.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Turtle Beach Montego DDL] "c:\program files\turtle beach\montegoddl\tbmontegotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Dimension4] c:\program files\d4\D4.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\docume~1\eric\startm~1\programs\startup\taskma~1.lnk - c:\windows\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202640072078
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\ol7qawma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-2-25 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-2-25 971552]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-9-19 41456]
R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2008-6-13 24635]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-8 101936]
R3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2008-2-11 17376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090415.048\NAVENG.SYS [2009-4-16 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090415.048\NAVEX15.SYS [2009-4-16 876144]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 cpuz130;cpuz130;\??\c:\docume~1\eric\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\eric\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 jatmlano;jatmlano;\??\c:\docume~1\eric\locals~1\temp\jatmlano.sys --> c:\docume~1\eric\locals~1\temp\jatmlano.sys [?]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-5-29 1245064]

============== File Associations ===============

regfile=regedit.exe /s "%1"
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-04-15 19:12 442,368 a------- c:\windows\system32\CapabilityTable.exe
2009-04-15 19:12 201,728 a----r-- c:\windows\system32\fdco1.dll
2009-04-15 19:12 57,856 a----r-- c:\windows\system32\drivers\NVENETFD.sys
2009-04-15 19:12 356,352 a------- c:\windows\system32\nvunrm.exe
2009-04-15 19:12 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-04-15 19:12 110,592 a----r-- c:\windows\system32\drivers\nvtcp.sys
2009-04-15 19:12 35,840 a----r-- c:\windows\system32\nvconrm.dll
2009-04-15 19:12 11,264 a----r-- c:\windows\system32\bdco1.dll
2009-04-15 19:12 261,632 a----r-- c:\windows\system32\drivers\nvsnpu.sys
2009-04-15 19:12 1,161,088 a----r-- c:\windows\system32\drivers\nvnrm.sys
2009-04-15 19:12 19,968 a----r-- c:\windows\system32\drivers\nvnetbus.sys
2009-04-15 19:11 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-04-15 19:10 23,234 a------- c:\windows\Ascd_tmp.ini
2009-04-15 08:56 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-04-15 05:41 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:41 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:41 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 05:41 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 05:41 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 05:40 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:40 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 05:40 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:40 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:40 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 05:40 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 05:40 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-09 03:36 4,096 a------- c:\windows\system32\crash
2009-04-08 07:58 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-04-08 07:10 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-08 06:14 <DIR> --d----- C:\4b3af18a0e23a46f8264336c
2009-04-08 06:14 <DIR> --d----- c:\windows\SxsCaPendDel
2009-04-08 06:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-04-06 08:15 <DIR> --d----- c:\program files\Lavasoft
2009-04-01 09:10 <DIR> --d----- c:\program files\Simpli Software
2009-03-24 05:39 <DIR> --d----- C:\tmp
2009-03-21 07:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-17 05:39 <DIR> --d----- c:\docume~1\eric\applic~1\GetRightToGo
2009-03-17 05:34 <DIR> --d----- c:\program files\BayGenie

==================== Find3M ====================

2009-03-16 18:42 524,288 a------- c:\windows\opuc.dll
2009-03-16 14:33 3,597,312 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-03-16 13:27 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-03-16 13:26 328,704 a------- c:\windows\system32\ati2dvag.dll
2009-03-16 13:17 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-03-16 13:17 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-03-16 13:16 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-03-16 13:16 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-03-16 13:16 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-03-16 13:16 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-03-16 13:15 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-03-16 13:13 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-03-16 13:06 3,820,736 a------- c:\windows\system32\ati3duag.dll
2009-03-16 13:04 11,563,008 a------- c:\windows\system32\atioglxx.dll
2009-03-16 12:53 2,675,328 a------- c:\windows\system32\ativvaxx.dll
2009-03-16 12:40 49,664 a------- c:\windows\system32\atimpc32.dll
2009-03-16 12:40 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-03-16 12:36 475,136 a------- c:\windows\system32\atikvmag.dll
2009-03-16 12:35 303,104 a------- c:\windows\system32\atiok3x2.dll
2009-03-16 12:35 131,072 a------- c:\windows\system32\atiadlxx.dll
2009-03-16 12:35 45,056 a------- c:\windows\system32\aticalrt.dll
2009-03-16 12:34 45,056 a------- c:\windows\system32\aticalcl.dll
2009-03-16 12:34 17,408 a------- c:\windows\system32\atitvo32.dll
2009-03-16 12:34 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-03-16 12:33 3,264,512 a------- c:\windows\system32\aticaldd.dll
2009-03-16 12:28 630,784 a------- c:\windows\system32\ati2cqag.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-09 01:26 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-08 14:32 2,069,784 a------- c:\windows\system32\AutoPartNt.exe
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 12:56 118,784 a------- c:\windows\system32\atibtmon.exe
2009-02-25 13:58 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-25 13:58 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-25 08:43 971,552 a------- c:\windows\system32\drivers\tdrpm174.sys
2009-02-25 07:21 540,000 a------- c:\windows\system32\drivers\timntr.sys
2009-02-25 07:21 44,704 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-02-25 07:21 134,272 a------- c:\windows\system32\drivers\snman380.sys
2009-02-23 14:39 184,394 a------- c:\windows\system32\atiicdxx.dat
2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 12:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-18 10:55 294,912 a------- c:\windows\system32\ATIODE.exe
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 13:52 45,056 a------- c:\windows\system32\ATIODCLI.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2003-08-29 14:12 61,440 a------- c:\windows\inf\i386\Viz7300.dll
2003-08-29 14:12 17,376 a------- c:\windows\inf\i386\Gt680x.sys

============= FINISH: 2:49:28.14 ===============


2:42:35.7311224 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us SUCCESS CreationTime: 8/1/2008 7:48:39 PM, LastAccessTime: 4/16/2009 1:17:06 AM, LastWriteTime: 4/8/2009 6:16:50 AM, ChangeTime: 4/8/2009 6:16:50 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.7313029 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en SUCCESS CreationTime: 8/1/2008 7:48:36 PM, LastAccessTime: 4/16/2009 1:17:06 AM, LastWriteTime: 8/1/2008 7:48:36 PM, ChangeTime: 3/8/2009 1:28:46 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.7313976 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32 SUCCESS CreationTime: 2/9/2008 3:12:32 AM, LastAccessTime: 4/16/2009 2:42:35 AM, LastWriteTime: 4/15/2009 8:06:31 PM, ChangeTime: 4/15/2009 8:06:31 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.7314993 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32 SUCCESS CreationTime: 2/9/2008 3:12:32 AM, LastAccessTime: 4/16/2009 2:42:35 AM, LastWriteTime: 4/15/2009 8:06:31 PM, ChangeTime: 4/15/2009 8:06:31 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.7316169 AM csrss.exe 1060 QueryOpen C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en-US_f6b1e800.Manifest NAME NOT FOUND
2:42:35.7316814 AM csrss.exe 1060 QueryOpen C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND
2:42:35.7318440 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us\Microsoft.Windows.Common-Controls.DLL NAME NOT FOUND
2:42:35.7321497 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us\Microsoft.Windows.Common-Controls.MANIFEST NAME NOT FOUND
2:42:35.7322748 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND
2:42:35.7323701 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.MANIFEST PATH NOT FOUND
2:42:35.7324922 AM csrss.exe 1060 RegQueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:35.7327416 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en_66c5eee6 NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric
2:42:35.7330070 AM csrss.exe 1060 CreateFile C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric
2:42:35.7332152 AM csrss.exe 1060 QueryOpen C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en_5cce9bd9.Manifest NAME NOT FOUND
2:42:35.7332864 AM csrss.exe 1060 QueryOpen C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND
2:42:35.7334711 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en\Microsoft.Windows.Common-Controls.DLL NAME NOT FOUND
2:42:35.7336635 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en\Microsoft.Windows.Common-Controls.MANIFEST NAME NOT FOUND
2:42:35.7337454 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND
2:42:35.7338231 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.MANIFEST PATH NOT FOUND
2:42:35.7339233 AM csrss.exe 1060 RegQueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:35.7342323 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric, OpenResult: Opened
2:42:35.7343720 AM csrss.exe 1060 QueryDirectory C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\*.policy SUCCESS Filter: *.policy, 1: 6.0.2600.2180.Policy
2:42:35.7345178 AM csrss.exe 1060 QueryDirectory C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 SUCCESS 0: 6.0.2600.2982.Policy, 1: 6.0.2600.5512.Policy
2:42:35.7346754 AM csrss.exe 1060 QueryDirectory C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 NO MORE FILES
2:42:35.7347849 AM csrss.exe 1060 CloseFile C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 SUCCESS
2:42:35.7350168 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: ESP85\Eric, OpenResult: Opened
2:42:35.7356487 AM csrss.exe 1060 QueryInformationVolume C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy SUCCESS VolumeCreationTime: 2/9/2008 3:12:23 AM, VolumeSerialNumber: B445-2FC7, SupportsObjects: True, VolumeLabel:
2:42:35.7357554 AM csrss.exe 1060 QueryAllInformationFile C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy BUFFER OVERFLOW CreationTime: 8/1/2008 7:49:08 PM, LastAccessTime: 4/16/2009 2:42:33 AM, LastWriteTime: 8/1/2008 7:49:08 PM, ChangeTime: 8/1/2008 7:49:08 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 621, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x200000000578e, EaSize: 0, Access: Generic Read, Position: 0, Mode: Sequential Access, Synchronous IO Non-Alert, AlignmentRequirement: Word
2:42:35.7359250 AM csrss.exe 1060 ReadFile C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy SUCCESS Offset: 0, Length: 621
2:42:35.7362605 AM csrss.exe 1060 ReadFile C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy END OF FILE Offset: 621, Length: 8,178
2:42:35.7364273 AM csrss.exe 1060 CloseFile C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy SUCCESS
2:42:35.7366863 AM csrss.exe 1060 CreateFile C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric
2:42:35.7368665 AM csrss.exe 1060 QueryOpen C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS CreationTime: 8/1/2008 7:49:08 PM, LastAccessTime: 4/16/2009 2:42:33 AM, LastWriteTime: 8/1/2008 7:49:08 PM, ChangeTime: 8/1/2008 7:49:08 PM, AllocationSize: 4,096, EndOfFile: 1,862, FileAttributes: A
2:42:35.7370031 AM csrss.exe 1060 QueryOpen C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS CreationTime: 8/1/2008 7:49:08 PM, LastAccessTime: 4/16/2009 2:42:33 AM, LastWriteTime: 8/1/2008 7:49:08 PM, ChangeTime: 8/1/2008 7:49:08 PM, AllocationSize: 4,096, EndOfFile: 1,862, FileAttributes: A
2:42:35.7372500 AM csrss.exe 1060 RegQueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:35.7374760 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en-US_186470ec NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric
2:42:35.7377004 AM csrss.exe 1060 CreateFile C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric
2:42:35.7378576 AM csrss.exe 1060 QueryOpen C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.5512_en-US_1e6a00cc.Manifest NAME NOT FOUND
2:42:35.7379554 AM csrss.exe 1060 QueryOpen C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.5512_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL PATH NOT FOUND
2:42:35.7381253 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us\Microsoft.Windows.Common-Controls.mui.DLL NAME NOT FOUND
2:42:35.7382881 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us\Microsoft.Windows.Common-Controls.mui.MANIFEST NAME NOT FOUND
2:42:35.7384982 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.DLL PATH NOT FOUND
2:42:35.7387156 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.MANIFEST PATH NOT FOUND
2:42:35.7388103 AM csrss.exe 1060 RegQueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:35.7390578 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en_272036d3 NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric
2:42:35.7394165 AM csrss.exe 1060 CreateFile C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: ESP85\Eric
2:42:35.7396054 AM csrss.exe 1060 QueryOpen C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.5512_en_8486b4a5.Manifest NAME NOT FOUND
2:42:35.7396906 AM csrss.exe 1060 QueryOpen C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.5512_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL PATH NOT FOUND
2:42:35.7398741 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en\Microsoft.Windows.Common-Controls.mui.DLL NAME NOT FOUND
2:42:35.7401672 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en\Microsoft.Windows.Common-Controls.mui.MANIFEST NAME NOT FOUND
2:42:35.7403420 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.DLL PATH NOT FOUND
2:42:35.7405585 AM csrss.exe 1060 QueryOpen C:\WINDOWS\System32\en\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.MANIFEST PATH NOT FOUND
2:42:35.7408122 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: ESP85\Eric, OpenResult: Opened
2:42:35.7411539 AM csrss.exe 1060 ReadFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS Offset: 0, Length: 2
2:42:35.7412695 AM csrss.exe 1060 CloseFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS
2:42:35.7414978 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: ESP85\Eric, OpenResult: Opened
2:42:35.7418148 AM csrss.exe 1060 QueryInformationVolume C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS VolumeCreationTime: 2/9/2008 3:12:23 AM, VolumeSerialNumber: B445-2FC7, SupportsObjects: True, VolumeLabel:
2:42:35.7419235 AM csrss.exe 1060 QueryAllInformationFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest BUFFER OVERFLOW CreationTime: 8/1/2008 7:49:08 PM, LastAccessTime: 4/16/2009 2:42:35 AM, LastWriteTime: 8/1/2008 7:49:08 PM, ChangeTime: 8/1/2008 7:49:08 PM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,862, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x200000000578c, EaSize: 0, Access: Generic Read, Position: 0, Mode: Sequential Access, Synchronous IO Non-Alert, AlignmentRequirement: Word
2:42:35.7420364 AM csrss.exe 1060 ReadFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS Offset: 0, Length: 1,862
2:42:35.7427194 AM csrss.exe 1060 ReadFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest END OF FILE Offset: 1,862, Length: 8,178
2:42:35.7428390 AM csrss.exe 1060 CloseFile C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest SUCCESS
2:42:35.8209162 AM csrss.exe 1060 RegQueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:35.8211562 AM csrss.exe 1060 CreateFile C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en-US_580a28ff NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM
2:42:35.8213616 AM csrss.exe 1060 CreateFile C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls NAME NOT FOUND Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM
2:42:35.8215085 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us SUCCESS CreationTime: 8/1/2008 7:48:39 PM, LastAccessTime: 4/16/2009 1:17:06 AM, LastWriteTime: 4/8/2009 6:16:50 AM, ChangeTime: 4/8/2009 6:16:50 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.8216423 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en SUCCESS CreationTime: 8/1/2008 7:48:36 PM, LastAccessTime: 4/16/2009 1:17:06 AM, LastWriteTime: 8/1/2008 7:48:36 PM, ChangeTime: 3/8/2009 1:28:46 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.8217437 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32 SUCCESS CreationTime: 2/9/2008 3:12:32 AM, LastAccessTime: 4/16/2009 2:42:35 AM, LastWriteTime: 4/15/2009 8:06:31 PM, ChangeTime: 4/15/2009 8:06:31 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.8218404 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32 SUCCESS CreationTime: 2/9/2008 3:12:32 AM, LastAccessTime: 4/16/2009 2:42:35 AM, LastWriteTime: 4/15/2009 8:06:31 PM, ChangeTime: 4/15/2009 8:06:31 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
2:42:35.8219588 AM csrss.exe 1060 QueryOpen C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en-US_f6b1e800.Manifest NAME NOT FOUND
2:42:35.8220222 AM csrss.exe 1060 QueryOpen C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND
2:42:35.8221748 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us\Microsoft.Windows.Common-Controls.DLL NAME NOT FOUND
2:42:35.8223620 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-us\Microsoft.Windows.Common-Controls.MANIFEST NAME NOT FOUND
2:42:35.8224307 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND
2:42:35.8225081 AM csrss.exe 1060 QueryOpen C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.MANIFEST PATH NOT FOUND
2:42:35.8226176 AM csrss.exe 1060 RegQueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS Type: REG_DWORD, Length: 4, Data: 0

2:42:36.1005216 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:36.1005401 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:36.1013357 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Read
2:42:36.1013784 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1
2:42:36.1013963 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239874862
2:42:36.1014150 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239961262
2:42:36.1014332 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:36.1014502 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:36.1014790 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:36.1015896 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:36.1016069 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:36.1018282 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Read
2:42:36.1018584 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1
2:42:36.1018740 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239874862
2:42:36.1018897 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239961262
2:42:36.1019081 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:36.1019274 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:36.1019788 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:36.1020402 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Query Value
2:42:36.1020732 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\AddressType SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:36.1020997 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:37.1004163 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:37.1004370 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:37.1008395 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Read
2:42:37.1008856 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1
2:42:37.1009060 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239874862
2:42:37.1009256 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239961262
2:42:37.1009421 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:37.1009689 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:37.1010052 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:37.1011108 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:37.1011256 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:37.1020073 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Read
2:42:37.1020877 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1
2:42:37.1021065 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239874862
2:42:37.1021243 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239961262
2:42:37.1021400 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:37.1021570 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:37.1021886 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:37.1022447 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Query Value
2:42:37.1022791 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\AddressType SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:37.1023051 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:38.0984121 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:38.0984297 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:38.0986820 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Read
2:42:38.0987217 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1
2:42:38.0987381 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239874862
2:42:38.0987557 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239961262
2:42:38.0987717 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:38.0987876 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:38.0988150 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:38.0988965 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:38.0989108 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind SUCCESS Type: REG_MULTI_SZ, Length: 132, Data: \Device\{77DCD042-E59A-4D91-AC60-6612395F6899}, \Device\NdisWanIp
2:42:38.0991491 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Read
2:42:38.0991776 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\EnableDHCP SUCCESS Type: REG_DWORD, Length: 4, Data: 1
2:42:38.0991930 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseObtainedTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239874862
2:42:38.0992089 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\LeaseTerminatesTime SUCCESS Type: REG_DWORD, Length: 4, Data: 1239961262
2:42:38.0992242 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:38.0992396 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\DhcpServer SUCCESS Type: REG_SZ, Length: 28, Data: 192.168.1.254
2:42:38.0992628 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS
2:42:38.0992966 AM Explorer.EXE 316 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS Desired Access: Query Value
2:42:38.0993223 AM Explorer.EXE 316 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899}\AddressType SUCCESS Type: REG_DWORD, Length: 4, Data: 0
2:42:38.0993452 AM Explorer.EXE 316 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77DCD042-E59A-4D91-AC60-6612395F6899} SUCCESS

Attached Files



BC AdBot (Login to Remove)

 


#2 ESP123

ESP123
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 24 April 2009 - 03:32 AM

Any chance anybody could help me with this? The thread was started over a week ago.

Edited by ESP123, 24 April 2009 - 03:33 AM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:13 PM

Posted 01 May 2009 - 09:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:13 PM

Posted 05 May 2009 - 12:17 PM

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users