Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit in afd.sys?


  • This topic is locked This topic is locked
23 replies to this topic

#1 petergriffen

petergriffen

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 26 July 2010 - 09:55 PM

So I was told to run a few logs and post it here.

Here is my first post.
So a few days ago malwarbytes fround rogue.antivirussuite, trojan.agent, trojan.downloader, and rootkit.tdss. Everything was removed, I thought all was fixed. Malwarbytes is not finding anything anymore. But now three days later internet isn't working and avira antivirus is finding a trojan in my driver afd.sys. Which it can't fix. Any help is appreciated.

Also pretty sure that internet won't start due to error with dhcp client service having a dependency on afd.sys




Here is DDS

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Chris at 22:39:26.62 on Mon 07/26/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2706 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\r3wgmenx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\r3wgmenx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\r3wgmenx.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-18 64288]
R3 ElanFltr;Pro Gaming Keyboard;c:\windows\system32\drivers\ElanFltr.sys [2009-9-23 48128]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-8 11608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-8 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-8 267432]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-8 60936]
S2 gupdate1ca193676734835;Google Update Service (gupdate1ca193676734835);c:\program files\google\update\GoogleUpdate.exe [2009-8-9 133104]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2009-4-28 94208]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-3-14 5120]
S3 Avldrr3;Avldrr3;c:\windows\system32\drivers\1394bus.sys [2006-11-2 53376]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-6 21504]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-4-6 16896]

=============== Created Last 30 ================

2010-07-27 02:37:53 0 ----a-w- c:\users\chris\defogger_reenable
2010-07-17 01:37:16 0 d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2010-07-17 01:37:16 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-17 01:36:33 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-16 23:51:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-16 02:46:52 0 d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2010-07-16 02:46:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 02:46:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 02:46:43 0 d-----w- c:\programdata\Malwarebytes
2010-07-16 02:46:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-24 01:24:47 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-24 01:24:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-24 01:23:11 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-05 01:51:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 01:20:35 65987 ----a-w- c:\programdata\nvModes.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-10-31 14:41:09 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-07 03:27:20 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-06 01:31:38 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 22:54:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-07 03:04:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009070620090707\index.dat

============= FINISH: 22:41:11.05 ===============



Here is ark from gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 22:47:40
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kglcqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




Also I have a old Antivir scan



Avira AntiVir Personal
Report file date: Monday, July 19, 2010 18:10

Scanning for 2365352 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Safe mode
Username : Chris
Computer name : CHRIS-PC

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/21/2010 21:33:54
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/21/2010 21:33:54
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 22:49:18
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 22:49:18
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:10:00
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:55:09
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 01:45:59
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:34:59
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 01:25:08
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 01:25:08
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 01:25:08
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 01:25:09
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 01:25:09
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 01:25:09
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 01:25:09
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 00:06:45
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 23:30:25
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 23:30:26
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 21:39:38
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 21:39:40
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 21:42:10
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 23:02:17
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 18:17:01
VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 23:30:52
VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 23:30:54
VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 21:32:37
VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 21:32:38
VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 21:16:49
VBASE026.VDF : 7.10.9.112 155136 Bytes 7/19/2010 21:16:50
VBASE027.VDF : 7.10.9.113 2048 Bytes 7/19/2010 21:16:50
VBASE028.VDF : 7.10.9.114 2048 Bytes 7/19/2010 21:16:51
VBASE029.VDF : 7.10.9.115 2048 Bytes 7/19/2010 21:16:51
VBASE030.VDF : 7.10.9.116 2048 Bytes 7/19/2010 21:16:51
VBASE031.VDF : 7.10.9.121 59904 Bytes 7/19/2010 21:16:51
Engineversion : 8.2.4.12
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/26/2010 21:30:09
AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/15/2010 21:32:46
AESCN.DLL : 8.1.6.1 127347 Bytes 5/16/2010 19:34:29
AESBX.DLL : 8.1.3.1 254324 Bytes 4/26/2010 21:30:10
AERDL.DLL : 8.1.4.6 541043 Bytes 4/16/2010 21:35:13
AEPACK.DLL : 8.2.2.6 430452 Bytes 7/15/2010 21:32:44
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/6/2010 21:50:27
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 6/24/2010 21:39:49
AEHELP.DLL : 8.1.11.6 242038 Bytes 6/24/2010 21:39:46
AEGEN.DLL : 8.1.3.14 381299 Bytes 7/15/2010 21:32:42
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/26/2010 21:30:07
AECORE.DLL : 8.1.15.4 192886 Bytes 7/15/2010 21:32:41
AEBB.DLL : 8.1.1.0 53618 Bytes 4/26/2010 21:30:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/21/2010 21:33:54
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/21/2010 21:33:54
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/21/2010 21:33:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/21/2010 21:33:54

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, July 19, 2010 18:10

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '66' Module(s) have been scanned
Scan process 'explorer.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'lsm.exe' - '31' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '31' Module(s) have been scanned
Scan process 'winlogon.exe' - '26' Module(s) have been scanned
Scan process 'wininit.exe' - '18' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\Windows\System32\drivers\afd.sys
[DETECTION] Is the TR/Patched.Gen Trojan

The registry was scanned ( '1737' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\47c98add-440ce4bc
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AE Java virus
--> JavaFX.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AE Java virus
--> JavaFXColor.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AF Java virus
--> JavaFXTrueColor.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AG Java virus
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\77b0d7ae-15078cbe
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AI Java virus
--> quote/Mailvue.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AI Java virus
--> quote/Skypeqd.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AL Java virus
--> quote/Twitters.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AM Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\575401da-42313bbf
[0] Archive type: ZIP
[DETECTION] Is the TR/Dldr.Java.Agent.CF Trojan
--> AppleT.class
[DETECTION] Is the TR/Dldr.Java.Agent.CF Trojan
C:\Windows\System32\drivers\afd.sys
[DETECTION] Is the TR/Patched.Gen Trojan

Beginning disinfection:
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\575401da-42313bbf
[DETECTION] Is the TR/Dldr.Java.Agent.CF Trojan
[NOTE] The file was deleted!
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\77b0d7ae-15078cbe
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AM Java virus
[NOTE] The file was deleted!
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\47c98add-440ce4bc
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AG Java virus
[NOTE] The file was deleted!
C:\Windows\System32\drivers\afd.sys
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\ImagePath> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD\ImagePath> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AFD\ImagePath> was removed successfully.
[WARNING] The file could not be deleted!
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\ImagePath> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD\ImagePath> was removed successfully.
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AFD\ImagePath> was removed successfully.
[WARNING] The file could not be selected for deletion after the restart. Possible cause: Access is denied.

The repair notes were written to the file 'C:\avrescue\rescue.avp'.


End of the scan: Monday, July 19, 2010 18:46
Used time: 34:51 Minute(s)

The scan has been canceled!

13160 Scanned directories
342677 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
3 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
342668 Files not concerned
3573 Archives were scanned
1 Warnings
4 Notes







BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:59 AM

Posted 05 August 2010 - 05:45 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 05 August 2010 - 06:38 PM

Well thanks for the help so far. Nothing new with problems. I havent been using this computer.

OTL logfile created on: 8/5/2010 5:32:46 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\New folder
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 172.58 Gb Free Space | 74.14% Space Free | Partition Type: NTFS
Drive D: | 982.04 Mb Total Space | 972.13 Mb Free Space | 98.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 17:29:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\New folder\OTL.exe
PRC - [2010/06/29 13:48:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/21 17:33:54 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/28 10:12:40 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdqcoms.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 17:29:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\New folder\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/12 21:46:03 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/21 17:33:54 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/18 19:35:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/28 04:58:26 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 10:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdqcoms.exe -- (lxdq_device)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/06/04 21:51:15 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/14 02:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/02 14:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/03/02 14:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/03/02 07:41:49 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/02/17 13:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/23 17:17:28 | 000,048,128 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElanFltr.sys -- (ElanFltr)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:55:12 | 000,053,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394bus.sys -- (Avldrr3)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



IE - HKU\S-1-5-21-897647562-3789242347-2072997098-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-897647562-3789242347-2072997098-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-897647562-3789242347-2072997098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-897647562-3789242347-2072997098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-897647562-3789242347-2072997098-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 21:44:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/05 14:18:40 | 000,000,000 | ---D | M]

[2009/04/17 22:16:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/07/15 23:14:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\extensions
[2009/05/02 18:08:34 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/07/15 23:14:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/01 10:47:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/15 23:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/14 16:52:48 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/20 17:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/20 17:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-897647562-3789242347-2072997098-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-897647562-3789242347-2072997098-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{022f19af-2265-11de-b2b7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{022f19af-2265-11de-b2b7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\sources\sperr32.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 22:43:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\gmer
[2010/07/26 16:28:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2010/07/22 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer
[2010/07/16 21:37:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/16 21:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/16 21:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/16 21:34:56 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Chris\Desktop\ATF-Cleaner.exe
[2010/07/15 22:46:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010/07/15 22:46:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/15 22:46:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/15 22:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/15 22:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/15 22:39:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/15 22:27:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\xrqebwssc
[2010/06/23 21:20:32 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdqserv.dll
[2010/06/23 21:20:32 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdqusb1.dll
[2010/06/23 21:20:32 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDQhcp.dll
[2010/06/23 21:20:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdqinpa.dll
[2010/06/23 21:20:32 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqiesc.dll
[2010/06/23 21:20:31 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdqhbn3.dll
[2010/06/23 21:20:31 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdqpmui.dll
[2010/06/23 21:20:31 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdqlmpm.dll
[2010/06/23 21:20:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomm.dll
[2010/06/23 21:20:31 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdqprox.dll
[2010/06/23 21:20:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomc.dll
[2009/10/15 16:32:46 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdqcoin.dll

========== Files - Modified Within 30 Days ==========

[2010/08/05 17:32:19 | 002,883,584 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010/08/05 17:32:15 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/05 17:29:32 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/05 17:29:32 | 000,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/05 17:29:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/05 17:29:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/05 17:28:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/26 22:56:50 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/26 22:56:50 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/26 22:44:23 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/26 22:44:23 | 000,597,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/26 22:44:23 | 000,101,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/26 22:40:52 | 000,284,915 | ---- | M] () -- C:\Users\Chris\Desktop\gmer.zip
[2010/07/26 22:37:53 | 000,000,000 | ---- | M] () -- C:\Users\Chris\defogger_reenable
[2010/07/26 22:36:58 | 000,525,824 | ---- | M] () -- C:\Users\Chris\Desktop\dds.scr
[2010/07/26 22:34:40 | 000,050,477 | ---- | M] () -- C:\Users\Chris\Desktop\Defogger.exe
[2010/07/22 18:45:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 22:22:22 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010/07/16 21:36:36 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/16 21:34:56 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Chris\Desktop\ATF-Cleaner.exe
[2010/07/16 21:13:44 | 000,363,520 | ---- | M] () -- C:\Users\Chris\Desktop\rkill.com
[2010/07/16 18:21:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/15 23:39:06 | 000,011,904 | ---- | M] () -- C:\Users\Chris\Desktop\dish 071510 cinemax.docx
[2010/07/15 22:46:46 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 17:12:00 | 000,120,477 | ---- | M] () -- C:\Users\Chris\Desktop\pipe.jpg
[2010/07/08 20:42:10 | 000,080,896 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/07/26 22:43:25 | 000,284,915 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.zip
[2010/07/26 22:39:23 | 000,525,824 | ---- | C] () -- C:\Users\Chris\Desktop\dds.scr
[2010/07/26 22:37:53 | 000,000,000 | ---- | C] () -- C:\Users\Chris\defogger_reenable
[2010/07/26 22:36:59 | 000,050,477 | ---- | C] () -- C:\Users\Chris\Desktop\Defogger.exe
[2010/07/16 21:36:36 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/16 21:13:44 | 000,363,520 | ---- | C] () -- C:\Users\Chris\Desktop\rkill.com
[2010/07/16 19:51:56 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/07/15 23:38:35 | 000,011,904 | ---- | C] () -- C:\Users\Chris\Desktop\dish 071510 cinemax.docx
[2010/07/15 22:46:46 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/15 22:41:25 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/12 17:12:09 | 000,120,477 | ---- | C] () -- C:\Users\Chris\Desktop\pipe.jpg
[2010/06/23 21:20:32 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDQinst.dll
[2010/06/23 21:20:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdqgrd.dll
[2009/05/26 19:29:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/06 03:18:46 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/12/07 14:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/03/31 14:47:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdqvs.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/04 01:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugo3l3.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >






OTL Extras logfile created on: 8/5/2010 5:32:46 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\New folder
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 172.58 Gb Free Space | 74.14% Space Free | Partition Type: NTFS
Drive D: | 982.04 Mb Total Space | 972.13 Mb Free Space | 98.99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-897647562-3789242347-2072997098-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-897647562-3789242347-2072997098-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042E4E9C-BC73-4705-BF1D-F1C8F7E43166}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1360E32F-AFE2-4773-81CC-95519D86C91C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{1A444C2A-9EF1-4D14-AAE9-9B78092C62D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D4E5968-714A-4696-B95C-CD0909509214}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20EED65A-CDDB-47FA-9326-96145A3423F7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{33A13195-8339-425F-ABB6-FEE8D60416D4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3C9B42E2-59F7-48A3-A8A8-E9FDBBF1F18C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4060DDE5-5121-45C8-A34D-A15FBF31535D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{44938727-6DA4-487A-9EEB-20BDDFA74E3F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45CCBB08-7334-4363-A2C6-E4AB7223B8C0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4BCF7807-641D-469D-950B-7A4C83212733}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5DBB250A-C3FB-4864-A0FF-FBBEF2AB05C4}" = lport=137 | protocol=17 | dir=in | app=system |
"{6803702F-8D64-4C4A-9EF2-5E103EE3AB28}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6997EC56-9ED6-410D-B6DE-BAFB7D5948DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{7BB3DF19-B3C9-4EAD-9EFB-F1019B5E9632}" = lport=445 | protocol=6 | dir=in | app=system |
"{7C52E90B-D51A-41FD-88D6-69E9B9228385}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{819B224C-DBF8-40F0-AB09-B0D1355C2673}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8999EDA1-8087-48AB-926A-C9BD87E5AB24}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8F0AD99F-9E75-4AE3-B8E8-C50A73EF95C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{915803C0-4F7E-43DC-886E-C25B64BCFDA5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{96D54E0F-9657-4287-9C32-7985AF6AC54E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B88112E-3F32-4CDE-AB11-20F23145B81F}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FD53100-08F4-46AC-9F3C-492F92075A59}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BEA88E72-0E9B-4742-9424-5A7CF6258E7E}" = lport=138 | protocol=17 | dir=in | app=system |
"{C079F27F-19AA-4BCC-A449-5AC2557723DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC5FFE65-2B6E-4670-8017-B5856B32A8F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF1A28AA-C93E-479E-8AC7-7514AD87AB05}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DA328708-6E48-41EC-A198-4A092ED8B276}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4AE9FAD-A700-4429-A556-EBB5BD63AB6D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8216D2A-3A9A-4918-AC01-18B9D5758DBF}" = rport=137 | protocol=17 | dir=out | app=system |
"{EB9A18D7-BB99-404E-96F1-C665DB23C6EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4D2D4D8-8403-4968-BE30-CE7245454591}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068BC8A-78B3-414D-8A45-74BE6C294C78}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{063B35E4-4853-4569-9BC3-04A522E851F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0747E092-0178-4EAB-9645-55B77330DF0D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqjswx.exe |
"{10D395AA-7A34-40AE-8ADB-87ECA75B5D0D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe |
"{13ABB7CF-4A6F-437B-AD64-CD4EF31DADD6}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe |
"{1BE04531-3A32-456E-9675-68A86B0F06F5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{333E2F7D-7D6D-4A0B-9B6A-25D7834802C3}" = protocol=17 | dir=in | app=c:\windows\system32\lxdqcoms.exe |
"{351B8BBF-2FDC-4EE7-89F0-5FF7F6DAA3FC}" = protocol=6 | dir=out | app=system |
"{421B57FD-96D8-418C-A1DC-564AEC488FEA}" = dir=in | app=c:\windows\system32\lxdqcoms.exe |
"{4D4675C7-12F1-45C7-88BE-0CCF5F71A9B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{53433A41-C83C-4ED4-9553-25C71390F06B}" = protocol=6 | dir=in | app=c:\windows\system32\lxdqcfg.exe |
"{58475286-ACF9-4484-BF65-03EA3AF36379}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe |
"{5BB7F73A-7136-4D81-815E-6E63BC164B10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5DA062B1-0DC7-46BA-8790-2F7D55B65F20}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5E1FD7FD-B1C1-49A3-9FFE-0536EBBE22EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{602636FD-D35F-4DD4-BF3A-47CC34FAC83B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60BCB1F7-72AF-4A10-95F3-7545C05DE834}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{65F6298E-8D54-473A-8A94-C1618F65374D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F1D907D-7FB6-4B28-9290-6EA1EE87EAF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F643552-9D95-4437-B281-053094F7CD7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7271E698-5AE1-4856-B461-2578D17FA5AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CD2128E-70EB-4E1D-B362-B2593F39777B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdqcfg.exe |
"{7E0D1724-FB5E-45DE-BB3F-E423C856EE2A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8046C60F-DC37-4039-AA26-7F6B39249AB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83DC2467-C4D4-4A3B-BB27-16628B554CD9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{86404AC9-890B-4C0B-AD86-892D9A397CDC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8A0370E0-0742-4ECE-8F75-5D4210410CBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F6E7FAA-240A-4E12-B1FE-BA452FFC23EE}" = protocol=6 | dir=in | app=c:\windows\system32\lxdqcoms.exe |
"{96F6383C-D93C-4ED0-BE00-D34939791789}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9CEA300B-6128-4000-8A45-30BB3FAB2CBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A070B18E-E1F9-4312-89E2-B6BC2BF2DC31}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe |
"{A5E2F017-A642-46AD-9E3F-7C469DEC9219}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe |
"{A81E17C0-9869-491C-B58A-47E28FE3D7FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD74C01E-5B82-48C6-A45C-D85E46965A2C}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe |
"{AEFAAC0F-B65E-4B54-9593-89B9DCB45199}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B55AAE83-5B31-4D1C-8971-B489AC1B16BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5AB8D53-4383-444A-B6DC-13E3951AA33E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B680E421-716D-47C9-8936-18D0BFC6FC44}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC59CE4A-C686-4AB3-A324-2CEA080B404F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C07ECBA0-D97D-4176-926B-EC68E036D070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C16E5AD2-D8D1-4F40-8F34-DA8E1A801DD2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA1035A6-7A5B-4249-A224-69B3752FBBA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF434FC2-97EA-4423-8A7B-0AD817F9C698}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D779A93F-56FF-4629-966C-2D709E51EF04}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqjswx.exe |
"{D7B94B1A-8A08-4BB5-98F0-622E0172A428}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF1843D8-5654-417C-8BE2-9E7AB92591F6}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe |
"{E33973E8-65CC-4053-928F-86E031B15081}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F13248E3-A377-4155-B465-0383B81BE09D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F595F8E7-74A6-40DF-A463-76E7D8F8F834}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe |
"TCP Query User{0F27D916-3D97-418D-A29B-1EA6A6A6CAE5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2069F70F-A490-4F2D-95F8-92B83AB74C72}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{384A22D4-BA95-45D5-B0D3-85E8DBE9818D}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{97261709-D400-4C31-82E7-07C300F427B7}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{9AD41345-6D32-48EE-B781-9065F971256A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E52A5C32-5632-4493-A227-8CC3A3DE4D7C}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{F04BA7E3-65F4-431F-AFAD-DE816FCCA102}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{5BA4E499-AE20-463A-B0B5-1627070440C5}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{8A51092E-2F41-4554-85BA-4D952E4DF42E}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{8DE5308A-BC4E-43D2-8AFD-F97303CA2DEE}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A552775B-5C20-4CB4-A98F-BBE81CEE40CC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B92FA73A-8D90-442A-A29A-B1B6623AC096}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{E9BEF2AA-81C6-43E0-B526-EAA0613FE6C6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FEAC4BD2-4616-42F9-9F2B-A4C9377E95D0}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04077D50-954B-4365-84BF-02DE4702BA00}" = Alchemy Elixir
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A06CB0FE-206C-4A8A-B85C-47DCFCF69959}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9630 smartphone
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Able2Extract Professional v5.0" = Able2Extract Professional v5.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitLord" = BitLord 1.1
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Updater" = Google Updater
"ImgBurn" = ImgBurn
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"JDownloader" = JDownloader
"Lexmark Z2400 Series" = Lexmark Z2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"SystemRequirementsLab" = System Requirements Lab
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2010 5:35:48 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:35:53 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:35:58 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:36:03 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:36:08 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:36:13 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:36:18 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:36:23 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:36:28 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

Error - 8/5/2010 5:36:34 PM | Computer Name = Chris-PC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Fatal (0x80004005)
failure (see data for failure code).

[ OSession Events ]
Error - 7/7/2010 10:08:58 PM | Computer Name = Chris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/5/2010 5:32:10 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/5/2010 5:32:10 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/5/2010 5:35:17 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/5/2010 5:35:17 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/5/2010 5:35:17 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/5/2010 5:35:17 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/5/2010 5:35:22 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/5/2010 5:35:22 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/5/2010 5:35:22 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/5/2010 5:35:22 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >







GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-05 19:32:09
Windows 6.0.6002 Service Pack 2
Running: m3qk4u6d.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kglcqpod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x807DA620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 81CECD84 4 Bytes [20, A6, 7D, 80]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DA0A340, 0x413097, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:59 AM

Posted 06 August 2010 - 03:21 AM

GMER doesn't show an infected afd.sys, however, that doesn't mean it can't be infected, so lets see what the following scan will turn up. smile.gif

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 08 August 2010 - 06:37 PM

Here is that combofix log. Internet still doesnt work though. Maybe because afd.sys is gone now? Maybe antivirus finally deleted it? I did not myself.

ComboFix 10-08-08.01 - Chris 08/08/2010 19:21:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2311 [GMT -4:00]
Running from: d:\new folder\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BSTIEPrintCtl1.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-07-26 20:28 . 2010-07-26 20:29 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
2010-07-22 22:20 . 2010-07-22 22:20 -------- d-----w- c:\users\Chris\AppData\Local\Apple Computer
2010-07-17 01:37 . 2010-07-17 21:04 63488 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-17 01:37 . 2010-07-17 01:37 52224 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 01:37 . 2010-07-17 21:04 117760 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-17 01:37 . 2010-07-17 01:37 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2010-07-17 01:37 . 2010-07-17 01:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-17 01:36 . 2010-07-17 01:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-16 23:51 . 2010-06-19 01:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-16 02:46 . 2010-07-16 02:46 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2010-07-16 02:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 02:46 . 2010-07-16 02:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 02:46 . 2010-07-16 02:46 -------- d-----w- c:\programdata\Malwarebytes
2010-07-16 02:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 02:27 . 2010-07-16 10:42 -------- d-----w- c:\users\Chris\AppData\Local\xrqebwssc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 02:22 . 2010-05-24 21:35 680 ----a-w- c:\users\Chris\AppData\Local\d3d9caps.dat
2010-07-17 23:16 . 2010-01-01 16:22 -------- d-----w- c:\program files\JDownloader
2010-07-16 23:58 . 2009-05-12 23:32 -------- d-----w- c:\users\Chris\AppData\Roaming\Move Networks
2010-07-16 23:53 . 2009-09-03 22:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-13 22:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 23:18 . 2010-06-24 01:25 -------- d-----w- c:\programdata\Lx_cats
2010-06-30 21:52 . 2009-04-05 23:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-30 21:51 . 2009-06-29 22:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-24 01:21 . 2010-06-24 01:21 -------- d-----w- c:\programdata\Ezprint
2010-06-24 01:20 . 2010-06-24 01:20 -------- d-----w- c:\program files\Lexmark Z2400 Series
2010-06-24 01:20 . 2010-06-24 01:20 -------- d-----w- c:\program files\Lexmark Toolbar
2010-06-23 23:00 . 2010-06-17 21:30 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-23 22:59 . 2010-06-17 21:19 -------- d-----w- c:\programdata\DivX
2010-06-23 22:59 . 2010-06-17 21:19 -------- d-----w- c:\program files\DivX
2010-06-23 22:58 . 2010-06-05 01:15 -------- d-----w- c:\program files\BBSAK
2010-06-19 01:11 . 2009-08-09 21:14 -------- d-----w- c:\program files\Google
2010-06-17 21:30 . 2010-06-17 21:21 -------- d-----w- c:\users\Chris\AppData\Roaming\DivX
2010-06-05 02:44 . 2010-05-18 22:30 256 ----a-w- c:\windows\system32\pool.bin
2010-06-05 01:51 . 2010-06-19 01:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 01:30 . 2010-06-05 01:30 26694 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{A06CB0FE-206C-4A8A-B85C-47DCFCF69959}\BlackBerry.exe
2010-06-04 01:32 . 2010-06-04 01:32 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-03 01:20 . 2009-12-31 19:44 65987 ----a-w- c:\programdata\nvModes.dat
2010-05-26 17:06 . 2010-06-11 00:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 00:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 01:45 . 2010-05-22 01:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 08:17 107176 ----a-w- c:\program files\Lexmark Z2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K3805]
2008-10-23 14:15 237568 ----a-w- c:\program files\Alchemy Elixir\Control.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdqmon.exe]
2010-02-04 08:17 672424 ----a-w- c:\program files\Lexmark Z2400 Series\lxdqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-01-29 22:11 52392 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:74,8f,5a,c2,5e,de,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897647562-3789242347-2072997098-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate1ca193676734835;Google Update Service (gupdate1ca193676734835);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [2009-04-28 94208]
R3 Avldrr3;Avldrr3;c:\windows\system32\drivers\1394bus.sys [2006-11-02 53376]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-13 1352832]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-05 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [2007-11-28 589824]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S3 ElanFltr;Pro Gaming Keyboard;c:\windows\system32\Drivers\ElanFltr.sys [2007-05-23 48128]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:45]

2010-08-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-09 21:14]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 21:14]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Update - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
MSConfigStartUp-wpplshbp - c:\users\Chris\AppData\Local\xrqebwssc\qbxmiygtssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 19:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-08 19:33:48
ComboFix-quarantined-files.txt 2010-08-08 23:33

Pre-Run: 184,783,314,944 bytes free
Post-Run: 184,198,160,384 bytes free

- - End Of File - - F5FCB05B7D0552A8B4A2F3D3EC571497


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:59 AM

Posted 09 August 2010 - 05:53 AM

I think your internet should work after the following steps. smile.gif

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 09 August 2010 - 04:57 PM

Here you go
Internet still didnt work, I clicked diagnose connection problem and it said DHCP is not running I did nothing then

ComboFix 10-08-08.01 - Chris 08/09/2010 17:38:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2264 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-09 21:46 . 2010-08-09 21:46 -------- d-----w- c:\users\Chris\AppData\Local\temp
2010-08-09 21:46 . 2010-08-09 21:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-09 21:46 . 2010-08-09 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-26 20:28 . 2010-07-26 20:29 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
2010-07-22 22:20 . 2010-07-22 22:20 -------- d-----w- c:\users\Chris\AppData\Local\Apple Computer
2010-07-17 01:37 . 2010-07-17 21:04 63488 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-17 01:37 . 2010-07-17 01:37 52224 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 01:37 . 2010-07-17 21:04 117760 ----a-w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-17 01:37 . 2010-07-17 01:37 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2010-07-17 01:37 . 2010-07-17 01:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-17 01:36 . 2010-07-17 01:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-16 23:51 . 2010-06-19 01:45 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-16 02:46 . 2010-07-16 02:46 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2010-07-16 02:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 02:46 . 2010-07-16 02:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 02:46 . 2010-07-16 02:46 -------- d-----w- c:\programdata\Malwarebytes
2010-07-16 02:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 02:27 . 2010-07-16 10:42 -------- d-----w- c:\users\Chris\AppData\Local\xrqebwssc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 02:22 . 2010-05-24 21:35 680 ----a-w- c:\users\Chris\AppData\Local\d3d9caps.dat
2010-07-17 23:16 . 2010-01-01 16:22 -------- d-----w- c:\program files\JDownloader
2010-07-16 23:58 . 2009-05-12 23:32 -------- d-----w- c:\users\Chris\AppData\Roaming\Move Networks
2010-07-16 23:53 . 2009-09-03 22:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-13 22:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 23:18 . 2010-06-24 01:25 -------- d-----w- c:\programdata\Lx_cats
2010-06-30 21:52 . 2009-04-05 23:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-30 21:51 . 2009-06-29 22:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-24 01:21 . 2010-06-24 01:21 -------- d-----w- c:\programdata\Ezprint
2010-06-24 01:20 . 2010-06-24 01:20 -------- d-----w- c:\program files\Lexmark Z2400 Series
2010-06-24 01:20 . 2010-06-24 01:20 -------- d-----w- c:\program files\Lexmark Toolbar
2010-06-23 23:00 . 2010-06-17 21:30 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-23 22:59 . 2010-06-17 21:19 -------- d-----w- c:\programdata\DivX
2010-06-23 22:59 . 2010-06-17 21:19 -------- d-----w- c:\program files\DivX
2010-06-23 22:58 . 2010-06-05 01:15 -------- d-----w- c:\program files\BBSAK
2010-06-19 01:11 . 2009-08-09 21:14 -------- d-----w- c:\program files\Google
2010-06-17 21:30 . 2010-06-17 21:21 -------- d-----w- c:\users\Chris\AppData\Roaming\DivX
2010-06-05 02:44 . 2010-05-18 22:30 256 ----a-w- c:\windows\system32\pool.bin
2010-06-05 01:51 . 2010-06-19 01:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 01:30 . 2010-06-05 01:30 26694 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{A06CB0FE-206C-4A8A-B85C-47DCFCF69959}\BlackBerry.exe
2010-06-04 01:32 . 2010-06-04 01:32 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-03 01:20 . 2009-12-31 19:44 65987 ----a-w- c:\programdata\nvModes.dat
2010-05-26 17:06 . 2010-06-11 00:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 00:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 01:45 . 2010-05-22 01:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 08:17 107176 ----a-w- c:\program files\Lexmark Z2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\K3805]
2008-10-23 14:15 237568 ----a-w- c:\program files\Alchemy Elixir\Control.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdqmon.exe]
2010-02-04 08:17 672424 ----a-w- c:\program files\Lexmark Z2400 Series\lxdqmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-01-29 22:11 52392 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:74,8f,5a,c2,5e,de,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897647562-3789242347-2072997098-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate1ca193676734835;Google Update Service (gupdate1ca193676734835);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [2009-04-28 94208]
R3 Avldrr3;Avldrr3;c:\windows\system32\drivers\1394bus.sys [2006-11-02 53376]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-13 1352832]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-05 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [2007-11-28 589824]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S3 ElanFltr;Pro Gaming Keyboard;c:\windows\system32\Drivers\ElanFltr.sys [2007-05-23 48128]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:45]

2010-08-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-09 21:14]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 21:14]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\r3wgmenx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 17:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-09 17:50:57
ComboFix-quarantined-files.txt 2010-08-09 21:50
ComboFix2.txt 2010-08-08 23:33

Pre-Run: 184,214,904,832 bytes free
Post-Run: 184,372,084,736 bytes free

- - End Of File - - 819A15F47DBD189A6ACC953CDF615928


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:59 AM

Posted 10 August 2010 - 02:06 AM

Please click Start > Run, type services.msc in the runbox and press enter.

Scroll down to the DHCP service and make sure it is set to Automated/Started. If it is stopped, attempt to start it and let me know what happens.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 10 August 2010 - 04:34 PM

It was on auto
got this
Windows could not start the DCHP client service on Local Computer.
Error 1075: The dependency service does not exist or has been marked for deletion.

Think becuase I am missing afd.sys ?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:59 AM

Posted 11 August 2010 - 04:53 AM

Please restart your computer and then try again. Let me know if you get the same error message.

If so, verify that the DCOM service is running. If not, attempt to start it and let me know what happens.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 11 August 2010 - 05:29 AM

Dcom is started. Dhcp can not be started and I get the same error message.still not internet

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:59 AM

Posted 11 August 2010 - 05:48 AM

Lets see if the dependency driver is there.

OTL
-----
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the NONE button.
  5. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    /md5start
    netbt.sys
    ipsec.sys
    /md5stop
    hklm\system\currentcontrolset\services\ipsec
    hklm\system\currentcontrolset\services\netbt
  6. Push
  7. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 11 August 2010 - 04:15 PM

OTL logfile created on: 8/11/2010 5:10:43 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 171.67 Gb Free Space | 73.75% Space Free | Partition Type: NTFS
Drive D: | 982.04 Mb Total Space | 967.77 Mb Free Space | 98.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: NETBT.SYS >
[2008/01/19 01:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2006/11/02 04:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=E3A168912E7EEFC3BD3B814720D68B41 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< hklm\system\currentcontrolset\services\ipsec >

< hklm\system\currentcontrolset\services\netbt >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]
< End of report >


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:59 AM

Posted 12 August 2010 - 04:20 AM

Looks like you have a missing ipsec service.

Maybe we can find it in another controlset and so replace it.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :regfind
    ipsec

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 petergriffen

petergriffen
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 12 August 2010 - 06:02 AM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 06:59 on 12/08/2010 by Chris (Administrator - Elevation successful)

========== regfind ==========

Searching for "ipsec"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_6.0.6000.16386_none_3e4f7e94690897bc]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_6.0.6001.18000_none_4086409065f3a890]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-iis-ipsecurity_31bf3856ad364e35_6.0.6000.16386_none_2c15e11b34bd1c89]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-iis-ipsecurity_31bf3856ad364e35_6.0.6001.18000_none_2e4ca31731a82d5d]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.0.6000.16386_none_7066cb66ff0fccf5]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.0.6001.18000_none_729d8d62fbfaddc9]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_6.0.6000.16386_en-us_bce99d8815851cfc]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_6.0.6001.18000_en-us_bf205f8412702dd0]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_server-help-chm.ipsecmonitor_31bf3856ad364e35_6.0.6000.16386_none_d326435c314c5ff1]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_6.0.6000.16386_en-us_550779ac931fec04]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_6.0.6001.18000_en-us_573e3ba8900afcd8]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_server-help-chm.ipsecpolicy_31bf3856ad364e35_6.0.6000.16386_none_cb9a9919ed28d947]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_none_135e836ab630191a]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-iis-ipsecurity_31bf3856ad364e35_none_105d4c1a9f8dd175]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_none_ed48f444ebc84f67\f256!ipsec-svc-dl.man]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!ipsecsvc.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!ipsecsvc.mof]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!winipsec.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!winipsec.mof]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_none_8c30c1dbc30c4fbb\f256!ipsecsnp.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_none_985243d6a584a169]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_en-us_533759ec14ccedda]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecmonitor_31bf3856ad364e35_none_6305c443670c1f4d]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_en-us_55562310ea666512]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecpolicy_31bf3856ad364e35_none_f09ae725e0656727]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_none_985243d6a584a169]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_en-us_533759ec14ccedda]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_server-help-chm.ipsecmonitor_31bf3856ad364e35_none_6305c443670c1f4d]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_en-us_55562310ea666512]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_server-help-chm.ipsecpolicy_31bf3856ad364e35_none_f09ae725e0656727]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08229782-89C8-4028-BB74-75BB58EF1488}\ProgID]
@="IPSECMon.About.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08229782-89C8-4028-BB74-75BB58EF1488}\VersionIndependentProgID]
@="IPSECMon.About"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57C596D0-9370-40C0-BA0D-AB491B63255D}\ProgID]
@="IPSECMon.Snapin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57C596D0-9370-40C0-BA0D-AB491B63255D}\VersionIndependentProgID]
@="IPSECMon.Snapin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A17DA8D0-F67D-47A0-9EC4-19C486383206}\ProgID]
@="IPSECMon.Extension.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A17DA8D0-F67D-47A0-9EC4-19C486383206}\VersionIndependentProgID]
@="IPSECMon.Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c89e334c-e65f-4156-842e-ea89cec71dea}]
@="WFP and IPsec Helper Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA0-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\Windows\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA0-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\Windows\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA0-CC85-11D0-9CE2-0080C7221EBD}\ProgID]
@="IPSEC.Snapin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA0-CC85-11D0-9CE2-0080C7221EBD}\VersionIndependentProgID]
@="IPSEC.Snapin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA1-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\Windows\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA1-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\Windows\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA1-CC85-11D0-9CE2-0080C7221EBD}\ProgID]
@="IPSEC.Extension.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA1-CC85-11D0-9CE2-0080C7221EBD}\VersionIndependentProgID]
@="IPSEC.Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA2-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\Windows\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA2-CC85-11D0-9CE2-0080C7221EBD}\InprocServer32]
@="C:\Windows\system32\ipsecsnp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA2-CC85-11D0-9CE2-0080C7221EBD}\ProgID]
@="IPSEC.About.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA8AFA2-CC85-11D0-9CE2-0080C7221EBD}\VersionIndependentProgID]
@="IPSEC.About"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{121F028E-715E-4736-B1EC-AFCB3B1262A9}\Extensions\Namespace]
"FX:{b05566ac-fe9c-4368-be01-7a4cbb6cba12}"="Configures Windows Firewall with Advanced Security and Internet Protocol Security (IPsec) settings."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_0.0.0.0_none_6460363dae1de4c6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-iis-ipsecurity_31bf3856ad364e35_0.0.0.0_none_522698c479d26993]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_0.0.0.0_none_96778310442519ff]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_0.0.0.0_en-us_e2fa55315a9a6a06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_0.0.0.0_en-us_7b183155d835390e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IPSEC-SRV/Diagnostic]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{8115579e-2bea-4c9e-9ab1-821cc2c98ab0}]
@="Microsoft-Windows-NAPIPSecEnf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{8115579e-2bea-4c9e-9ab1-821cc2c98ab0}]
@="Microsoft-Windows-NAPIPSecEnf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{8115579e-2bea-4c9e-9ab1-821cc2c98ab0}]
@="Microsoft-Windows-NAPIPSecEnf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}]
@="Microsoft-Windows-IPSEC-SRV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}]
@="Microsoft-Windows-IPSEC-SRV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}]
@="Microsoft-Windows-IPSEC-SRV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}]
@="Microsoft-Windows-IPSEC-SRV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c91ef675-842f-4fcf-a5c9-6ea93f2e4f8b}\ChannelReferences\0]
@="Microsoft-Windows-IPSEC-SRV/Diagnostic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_6.0.6000.16386_none_3e4f7e94690897bc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_6.0.6001.18000_none_4086409065f3a890]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-iis-ipsecurity_31bf3856ad364e35_6.0.6000.16386_none_2c15e11b34bd1c89]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-iis-ipsecurity_31bf3856ad364e35_6.0.6001.18000_none_2e4ca31731a82d5d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.0.6000.16386_none_7066cb66ff0fccf5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_6.0.6001.18000_none_729d8d62fbfaddc9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_6.0.6000.16386_en-us_bce99d8815851cfc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_6.0.6001.18000_en-us_bf205f8412702dd0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_server-help-chm.ipsecmonitor_31bf3856ad364e35_6.0.6000.16386_none_d326435c314c5ff1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_6.0.6000.16386_en-us_550779ac931fec04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_6.0.6001.18000_en-us_573e3ba8900afcd8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_server-help-chm.ipsecpolicy_31bf3856ad364e35_6.0.6000.16386_none_cb9a9919ed28d947]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-iis-ipsecuritybinaries_31bf3856ad364e35_none_135e836ab630191a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-iis-ipsecurity_31bf3856ad364e35_none_105d4c1a9f8dd175]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_none_ed48f444ebc84f67\f256!ipsec-svc-dl.man]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!ipsecsvc.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!ipsecsvc.mof]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!winipsec.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_none_d39df4d61911b31e\f256!winipsec.mof]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_none_8c30c1dbc30c4fbb\f256!ipsecsnp.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_none_985243d6a584a169]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_en-us_533759ec14ccedda]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecmonitor_31bf3856ad364e35_none_6305c443670c1f4d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_en-us_55562310ea666512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_server-help-chm.ipsecpolicy_31bf3856ad364e35_none_f09ae725e0656727]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_none_985243d6a584a169]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_server-help-chm.ipsecmonitor.resources_31bf3856ad364e35_en-us_533759ec14ccedda]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_server-help-chm.ipsecmonitor_31bf3856ad364e35_none_6305c443670c1f4d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_server-help-chm.ipsecpolicy.resources_31bf3856ad364e35_en-us_55562310ea666512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_server-help-chm.ipsecpolicy_31bf3856ad364e35_none_f09ae725e0656727]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/sec 92 Async Data Maps/sec 94 Data Map Hits % 96 Data Map Pins/sec 98 Pin Reads/sec 100 Sync Pin Reads/sec 102 Async Pin Reads/sec 104 Pin Read Hits % 106 Copy Reads/sec 108 Sync Copy Reads/sec 110 Async Copy Reads/sec 112 Copy Read Hits % 114 MDL Reads/sec 116 Sync MDL Reads/sec 118 Async MDL Reads/sec 120 MDL Read Hits % 122 Read Aheads/sec 124 Fast Reads/sec 126 Sync Fast Reads/sec 128 Async Fast Reads/sec 130 Fast Read Resource Misses/sec 132 Fast Read Not Possibles/sec 134 Lazy Write Flushes/sec 136 Lazy Write Pages/sec 138 Data Flushes/sec 140 Data Flush Pages/sec 142 % User Time 144 % Privileged Time 146 Context Switches/sec 148 Interrupts/sec 150 System Calls/sec 152 Level 1 TLB Fills/sec 154 Level 2 TLB Fills/sec 156 Enumerations Server/sec 158 Enumerations Domain/sec 160 Enumerations Other/sec 162 Missed Server Announcements 164 Missed Mailslot Datagrams 166 Missed Server List Requests 168 Server Announce Allocations Failed/sec 170 Mailslot Allocations Failed 172 Virtual Bytes Peak 174 Virtual Bytes 178 Working Set Peak 180 Working Set 182 Page File Bytes Peak 184 Page File Bytes 186 Private Bytes 188 Announcements Total/sec 190 Enumerations Total/sec 198 Current Disk Queue Length 200 % Disk Time 202 % Disk Read Time 204 % Disk Write Time 206 Avg. Disk sec/Transfer 208 Avg. Disk sec/Read 210 Avg. Disk sec/Write 212 Disk Transfers/sec 214 Disk Reads/sec 216 Disk Writes/sec 218 Disk Bytes/sec 220 Disk Read Bytes/sec 222 Disk Write Bytes/sec 224 Avg. Disk Bytes/Transfer 226 Avg. Disk Bytes/Read 228 Avg. Disk Bytes/Write 230 Process 232 Thread 234 PhysicalDisk 236 LogicalDisk 238 Processor 240 % Total Processor Time 242 % Total User Time 244 % Total Privileged Time 246 Total Interrupts/sec 248 Processes 250 Threads 252 Events 254 Semaphores 256 Mutexes 258 Sections 260 Objects 262 Redirector 264 Bytes Received/sec 266 Packets Received/sec 268 Read Bytes Paging/sec 270 Read Bytes Non-Paging/sec 272 Read Bytes Cache/sec 274 Read Bytes Network/sec 276 Bytes Transmitted/sec 278 Packets Transmitted/sec 280 Write Bytes Paging/sec 282 Write Bytes Non-Paging/sec 284 Write Bytes Cache/sec 286 Write Bytes Network/sec 288 Read Operations/sec 290 Read Operations Random/sec 292 Read Packets/sec 294 Reads Large/sec 296 Read Packets Small/sec 298 Write Operations/sec 300 Write Operations Random/sec 302 Write Packets/sec 304 Writes Large/sec 306 Write Packets Small/sec 308 Reads Denied/sec 310 Writes Denied/sec 312 Network Errors/sec 314 Server Sessions 316 Server Reconnects 318 Connects Core 320 Connects Lan Manager 2.0 322 Connects Lan Manager 2.1 324 Connects Windows NT 326 Server Disconnects 328 Server Sessions Hung 330 Server 336 Thread Wait Reason 340 Sessions Timed Out 342 Sessions Errored Out 344 Sessions Logged Off 346 Sessions Forced Off 348 Errors Logon 350 Errors Access Permissions 352 Errors Granted Access 354 Errors System 356 Blocking Requests Rejected 358 Work Item Shortages 360 Files Opened Total 362 Files Open 366 File Directory Searches 370 Pool Nonpaged Failures 372 Pool Nonpaged Peak 376 Pool Paged Failures 378 Pool Paged Peak 388 Bytes Total/sec 392 Current Commands 398 NWLink NetBIOS 400 Packets/sec 404 Context Blocks Queued/sec 406 File Data Operations/sec 408 % Free Space 410 Free Megabytes 412 Connections Open 414 Connections No Retries 416 Connections With Retries 418 Disconnects Local 420 Disconnects Remote 422 Failures Link 424 Failures Adapter 426 Connection Session Timeouts 428 Connections Canceled 430 Failures Resource Remote 432 Failures Resource Local 434 Failures Not Found 436 Failures No Listen 438 Datagrams/sec 440 Datagram Bytes/sec 442 Datagrams Sent/sec 444 Datagram Bytes Sent/sec 446 Datagrams Received/sec 448 Datagram Bytes Received/sec 452 Packets Sent/sec 456 Frames/sec 458 Frame Bytes/sec 460 Frames Sent/sec 462 Frame Bytes Sent/sec 464 Frames Received/sec 466 Frame Bytes Received/sec 468 Frames Re-Sent/sec 470 Frame Bytes Re-Sent/sec 472 Frames Rejected/sec 474 Frame Bytes Rejected/sec 476 Expirations Response 478 Expirations Ack 480 Window Send Maximum 482 Window Send Average 484 Piggyback Ack Queued/sec 486 Piggyback Ack Timeouts 488 NWLink IPX 490 NWLink SPX 492 NetBEUI 494 NetBEUI Resource 496 Used Maximum 498 Used Average 500 Times Exhausted 502 NBT Connection 506 Bytes Sent/sec 508 Total Bytes/sec 510 Network Interface 512 Bytes/sec 520 Current Bandwidth 524 Packets Received Unicast/sec 526 Packets Received Non-Unicast/sec 528 Packets Received Discarded 530 Packets Received Errors 532 Packets Received Unknown 536 Packets Sent Unicast/sec 538 Packets Sent Non-Unicast/sec 540 Packets Outbound Discarded 542 Packets Outbound Errors 544 Output Queue Length 546 IPv4 548 IPv6 552 Datagrams Received Header Errors 554 Datagrams Received Address Errors 556 Datagrams Forwarded/sec 558 Datagrams Received Unknown Protocol 560 Datagrams Received Discarded 562 Datagrams Received Delivered/sec 566 Datagrams Outbound Discarded 568 Datagrams Outbound No Route 570 Fragments Received/sec 572 Fragments Re-assembled/sec 574 Fragment Re-assembly Failures 576 Fragmented Datagrams/sec 578 Fragmentation Failures 580 Fragments Created/sec 582 ICMP 584 Messages/sec 586 Messages Received/sec 588 Messages Received Errors 590 Received Dest. Unreachable 592 Received Time Exceeded 594 Received Parameter Problem 596 Received Source Quench 598 Received Redirect/sec 600 Received Echo/sec 602 Received Echo Reply/sec 604 Received Timestamp/sec 606 Received Timestamp Reply/sec 608 Received Address Mask 610 Received Address Mask Reply 612 Messages Sent/sec 614 Messages Outbound Errors 616 Sent Destination Unreachable 618 Sent Time Exceeded 620 Sent Parameter Problem 622 Sent Source Quench 624 Sent Redirect/sec 626 Sent Echo/sec 628 Sent Echo Reply/sec 630 Sent Timestamp/sec 632 Sent Timestamp Reply/sec 634 Sent Address Mask 636 Sent Address Mask Reply 638 TCPv4 640 Segments/sec 642 Connections Established 644 Connections Active 646 Connections Passive 648 Connection Failures 650 Connections Reset 652 Segments Received/sec 654 Segments Sent/sec 656 Segments Retransmitted/sec 658 UDPv4 660 % Total DPC Time 662 % Total Interrupt Time 664 Datagrams No Port/sec 666 Datagrams Received Errors 670 Disk Storage Unit 672 Allocation Failures 674 System Up Time 676 System Handle Count 678 Free System Page Table Entries 680 Thread Count 682 Priority Base 684 Elapsed Time 686 Alignment Fixups/sec 688 Exception Dispatches/sec 690 Floating Emulations/sec 692 Logon/sec 694 Priority Current 696 % DPC Time 698 % Interrupt Time 700 Paging File 702 % Usage 704 % Usage Peak 706 Start Address 708 User PC 710 Mapped Space No Access 712 Mapped Space Read Only 714 Mapped Space Read/Write 716 Mapped Space Write Copy 718 Mapped Space Executable 720 Mapped Space Exec Read Only 722 Mapped Space Exec Read/Write 724 Mapped Space Exec Write Copy 726 Reserved Space No Access 728 Reserved Space Read Only 730 Reserved Space Read/Write 732 Reserved Space Write Copy 734 Reserved Space Executable 736 Reserved Space Exec Read Only 738 Reserved Space Exec Read/Write 740 Image 742 Reserved Space Exec Write Copy 744 Unassigned Space No Access 746 Unassigned Space Read Only 748 Unassigned Space Read/Write 750 Unassigned Space Write Copy 752 Unassigned Space Executable 754 Unassigned Space Exec Read Only 756 Unassigned Space Exec Read/Write 758 Unassigned Space Exec Write Copy 760 Image Space No Access 762 Image Space Read Only 764 Image Space Read/Write 766 Image Space Write Copy 768 Image Space Executable 770 Image Space Exec Read Only 772 Image Space Exec Read/Write 774 Image Space Exec Write Copy 776 Bytes Image Reserved 778 Bytes Image Free 780 Bytes Reserved 782 Bytes Free 784 ID Process 786 Process Address Space 788 No Access 790 Read Only 792 Read/Write 794 Write Copy 796 Executable 798 Exec Read Only 800 Exec Read/Write 802 Exec Write Copy 804 ID Thread 806 Mailslot Receives Failed 808 Mailslot Writes Failed 810 Mailslot Opens Failed/sec 812 Duplicate Master Announcements 814 Illegal Datagrams/sec 816 Thread Details 818 Cache Bytes 820 Cache Bytes Peak 822 Pages Input/sec 824 Transition Pages RePurposed/sec 872 Bytes Transmitted 874 Bytes Received 876 Frames Transmitted 878 Frames Received. 880 Percent Compression Out 882 Percent Compression In 884 CRC Errors 886 Timeout Errors 888 Serial Overrun Errors 890 Alignment Errors 892 Buffer Overrun Errors 894 Total Errors 896 Bytes Transmitted/Sec 898 Bytes Received/Sec 900 Frames Transmitted/Sec 902 Frames Received/Sec 904 Total Errors/Sec 908 Total Connections 920 WINS Server 922 Unique Registrations/sec 924 Group Registrations/sec 926 Total Number of Registrations/sec 928 Unique Renewals/sec 930 Group Renewals/sec 932 Total Number of Renewals/sec 934 Releases/sec 936 Queries/sec 938 Unique Conflicts/sec 940 Group Conflicts/sec 942 Total Number of Conflicts/sec 944 Successful Releases/sec 946 Failed Releases/sec 948 Successful Queries/sec 950 Failed Queries/sec 952 Handle Count 1000 MacFile Server 1002 Max Paged Memory 1004 Current Paged Memory 1006 Max NonPaged Memory 1008 Current NonPaged memory 1010 Current Sessions 1012 Maximum Sessions 1014 Current Files Open 1016 Maximum Files Open 1018 Failed Logons 1020 Data Read/sec 1022 Data Written/sec 1024 Data Received/sec 1026 Data Transmitted/sec 1028 Current Queue Length 1030 Maximum Queue Length 1032 Current Threads 1034 Maximum Threads 1050 AppleTalk 1052 Packets In/sec 1054 Packets Out/sec 1056 Bytes In/sec 1058 Bytes Out/sec 1060 Average Time/DDP Packet 1062 DDP Packets/sec 1064 Average Time/AARP Packet 1066 AARP Packets/sec 1068 Average Time/ATP Packet 1070 ATP Packets/sec 1072 Average Time/NBP Packet 1074 NBP Packets/sec 1076 Average Time/ZIP Packet 1078 ZIP Packets/sec 1080 Average Time/RTMP Packet 1082 RTMP Packets/sec 1084 ATP Retries Local 1086 ATP Response Timouts 1088 ATP XO Response/Sec 1090 ATP ALO Response/Sec 1092 ATP Recvd Release/Sec 1094 Current NonPaged Pool 1096 Packets Routed In/Sec 1098 Packets dropped 1100 ATP Retries Remote 1102 Packets Routed Out/Sec 1110 Network Segment 1112 Total frames received/second 1114 Total bytes received/second 1116 Broadcast frames received/second 1118 Multicast frames received/second 1120 % Network utilization 1124 % Broadcast Frames 1126 % Multicast Frames 1150 Telephony 1152 Lines 1154 Telephone Devices 1156 Active Lines 1158 Active Telephones 1160 Outgoing Calls/sec 1162 Incoming Calls/sec 1164 Client Apps 1166 Current Outgoing Calls 1168 Current Incoming Calls 1232 Packet Burst Read NCP Count/sec 1234 Packet Burst Read Timeouts/sec 1236 Packet Burst Write NCP Count/sec 1238 Packet Burst Write Timeouts/sec 1240 Packet Burst IO/sec 1260 Logon Total 1300 Server Work Queues 1302 Queue Length 1304 Active Threads 1306 Available Threads 1308 Available Work Items 1310 Borrowed Work Items 1312 Work Item Shortages 1314 Current Clients 1320 Bytes Transferred/sec 1324 Read Bytes/sec 1328 Write Bytes/sec 1332 Total Operations/sec 1334 DPCs Queued/sec 1336 DPC Rate 1342 Total DPCs Queued/sec 1344 Total DPC Rate 1350 % Registry Quota In Use 1360 VL Memory 1362 VLM % Virtual Size In Use 1364 VLM Virtual Size 1366 VLM Virtual Size Peak 1368 VLM Virtual Size Available 1370 VLM Commit Charge 1372 VLM Commit Charge Peak 1374 System VLM Commit Charge 1376 System VLM Commit Charge Peak 1378 System VLM Shared Commit Charge 1380 Available KBytes 1382 Available MBytes 1400 Avg. Disk Queue Length 1402 Avg. Disk Read Queue Length 1404 Avg. Disk Write Queue Length 1406 % Committed Bytes In Use 1408 Full Image 1410 Creating Process ID 1412 IO Read Operations/sec 1414 IO Write Operations/sec 1416 IO Data Operations/sec 1418 IO Other Operations/sec 1420 IO Read Bytes/sec 1422 IO Write Bytes/sec 1424 IO Data Bytes/sec 1426 IO Other Bytes/sec 1450 Print Queue 1452 Total Jobs Printed 1454 Bytes Printed/sec 1456 Total Pages Printed 1458 Jobs 1460 References 1462 Max References 1464 Jobs Spooling 1466 Max Jobs Spooling 1468 Out of Paper Errors 1470 Not Ready Errors 1472 Job Errors 1474 Enumerate Network Printer Calls 1476 Add Network Printer Calls 1478 Working Set - Private 1480 Working Set - Shared 1482 % Idle Time 1484 Split IO/Sec 1500 Job Object 1502 Current % Processor Time 1504 Current % User Mode Time 1506 Current % Kernel Mode Time 1508 This Period mSec - Processor 1510 This Period mSec - User Mode 1512 This Period mSec - Kernel Mode 1514 Pages/Sec 1516 Process Count - Total 1518 Process Count - Active 1520 Process Count - Terminated 1522 Total mSec - Processor 1524 Total mSec - User Mode 1526 Total mSec - Kernel Mode 1530 TCPv6 1532 UDPv6 1534 ICMPv6 1536 Received Packet Too Big 1538 Received Membership Query 1540 Received Membership Report 1542 Received Membership Reduction 1544 Received Router Solicit 1546 Received Router Advert 1548 Job Object Details 1550 Received Neighbor Solicit 1552 Received Neighbor Advert 1554 Sent Packet Too Big 1556 Sent Membership Query 1558 Sent Membership Report 1560 Sent Membership Reduction 1562 Sent Router Solicit 1564 Sent Router Advert 1566 Sent Neighbor Solicit 1568 Sent Neighbor Advert 1570 Security System-Wide Statistics 1572 NTLM Authentications 1574 Kerberos Authentications 1576 KDC AS Requests 1578 KDC TGS Requests 1580 Schannel Session Cache Entries 1582 Active Schannel Session Cache Entries 1584 SSL Client-Side Full Handshakes 1586 SSL Client-Side Reconnect Handshakes 1588 SSL Server-Side Full Handshakes 1590 SSL Server-Side Reconnect Handshakes 1592 Digest Authentications 1670 Security Per-Process Statistics 1672 Credential Handles 1674 Context Handles 1676 Free & Zero Page List Bytes 1678 Modified Page List Bytes 1680 Standby Cache Reserve Bytes 1682 Standby Cache Normal Priority Bytes 1684 Standby Cache Core Bytes 1746 % Idle Time 1748 % C1 Time 1750 % C2 Time 1752 % C3 Time 1754 C1 Transitions/sec 1756 C2 Transitions/sec 1758 C3 Transitions/sec 1760 Heap 1762 Committed Bytes 1764 Reserved Bytes 1766 Virtual Bytes 1768 Free Bytes 1770 Free List Length 1772 Avg. alloc rate 1774 Avg. free rate 1776 Uncommitted Ranges Length 1778 Allocs - Frees 1780 Cached Allocs/sec 1782 Cached Frees/sec 1784 Allocs <1K/sec 1786 Frees <1K/sec 1788 Allocs 1-8K/sec 1790 Frees 1-8K/sec 1792 Allocs over 8K/sec 1794 Frees over 8K/sec 1796 Total Allocs/sec 1798 Total Frees/sec 1800 Blocks in Heap Cache 1802 Largest Cache Depth 1804 % Fragmentation 1806 % VAFragmentation 1808 Heap Lock contention 1846 End Marker 1848 Telephony 1850 Number of Lines 1852 Number of Telephone devices 1854 Number of Active Lines 1856 Number of Active Telephones 1858 Outgoing calls/sec 1860 Incoming calls/sec 1862 Number of Client Apps 1864 Current Outgoing Calls 1866 Current Incoming Calls 1868 RAS Port 1870 Bytes Transmitted 1872 Bytes Received 1874 Frames Transmitted 1876 Frames Received 1878 Percent Compression Out 1880 Percent Compression In 1882 CRC Errors 1884 Timeout Errors 1886 Serial Overrun Errors 1888 Alignment Errors 1890 Buffer Overrun Errors 1892 Total Errors 1894 Bytes Transmitted/Sec 1896 Bytes Received/Sec 1898 Frames Transmitted/Sec 1900 Frames Received/Sec 1902 Total Errors/Sec 1904 RAS Total 1906 Total Connections 1908 BITS Net Utilization 1910 Remote Server Speed (Bits/Sec) 1912 Netcard Speed (Bits/Sec) 1914 Percent Netcard Free 1916 IGD Speed (Bits/Sec) 1918 Percent IGD Free 1920 BITS Download BlockSize (Bytes) 1922 BITS Download Response Interval (msec) 1924 Estimated bandwidth available to the remote system (Bits/sec) 2246 Database 2248 Pages Converted/sec 2250 Pages Converted 2252 Records Converted/sec 2254 Records Converted 2256 Heap Allocs/sec 2258 Heap Frees/sec 2260 Heap Allocations 2262 Heap Bytes Allocated 2264 Page Bytes Reserved 2266 Page Bytes Committed 2268 FCB Asynchronous Scan/sec 2270 FCB Asynchronous Purge/sec 2272 FCB Asynchronous Threshold-Scan/sec 2274 FCB Asynchronous Threshold-Purge/sec 2276 FCB Asynchronous Purge Conflicts/sec 2278 FCB Synchronous Purge/sec 2280 FCB Synchronous Purge Stalls/sec 2282 FCB Allocations Wait For Version Cleanup/sec 2284 FCB Purge On Cursor Close/sec 2286 FCB Cache % Hit 2288 No name 2290 FCB Cache Stalls/sec 2292 FCB Cache Maximum 2294 FCB Cache Preferred 2296 FCB Cache Allocated 2298 FCB Cache Available 2300 Sessions In Use 2302 Sessions % Used 2304 No name 2306 Table Open Cache % Hit 2308 No name 2310 Table Open Cache Hits/sec 2312 Table Open Cache Misses/sec 2314 Table Opens/sec 2316 Log Bytes Write/sec 2318 Log Buffer Bytes Used 2320 Log Buffer Bytes Free 2322 Log Threads Waiting 2324 Log Checkpoint Depth 2326 Log Generation Checkpoint Depth 2328 User Read Only Transaction Commits to Level 0/sec 2330 User Read/Write Transaction Commits to Level 0/sec 2332 User Transaction Commits to Level 0/sec 2334 User Read Only Transaction Rollbacks to Level 0/sec 2336 User Read/Write Transaction Rollbacks to Level 0/sec 2338 User Transaction Rollbacks to Level 0/sec 2340 System Read Only Transaction Commits to Level 0/sec 2342 System Read/Write Transaction Commits to Level 0/sec 2344 System Transaction Commits to Level 0/sec 2346 System Read Only Transaction Rollbacks to Level 0/sec 2348 System Read/Write Transaction Rollbacks to Level 0/sec 2350 System Transaction Rollbacks to Level 0/sec 2352 Database Page Allocation File Extension Async Consumed/sec 2354 Database Page Allocation File Extension Stalls/sec 2356 Log Records/sec 2358 Log Buffer Capacity Flushes/sec 2360 Log Buffer Commit Flushes/sec 2362 Log Buffer Flushes/sec 2364 Log Writes/sec 2366 Log Record Stalls/sec 2368 Version buckets allocated 2370 Version buckets allocated for deletes 2372 VER Bucket Allocations Wait For Version Cleanup/sec 2374 Version store average RCE bookmark length 2376 Version store unnecessary calls/sec 2378 Version store cleanup tasks asynchronously dispatched/sec 2380 Version store cleanup tasks synchronously dispatched/sec 2382 Version store cleanup tasks discarded/sec 2384 Version store cleanup tasks failures/sec 2386 Record Inserts/sec 2388 Record Deletes/sec 2390 Record Replaces/sec 2392 Record Unnecessary Replaces/sec 2394 Record Redundant Replaces/sec 2396 Record Escrow-Updates/sec 2398 Secondary Index Inserts/sec 2400 Secondary Index Deletes/sec 2402 False Index Column Updates/sec 2404 False Tuple Index Column Updates/sec 2406 Record Intrinsic Long-Values Updated/sec 2408 Record Separated Long-Values Added/sec 2410 Record Separated Long-Values Forced/sec 2412 Record Separated Long-Values All Forced/sec 2414 Record Separated Long-Values Reference All/sec 2416 Record Separated Long-Values Dereference All/sec 2418 Separated Long-Value Seeks/sec 2420 Separated Long-Value Retrieves/sec 2422 Separated Long-Value Creates/sec 2424 Separated Long-Value Updates/sec 2426 Separated Long-Value Deletes/sec 2428 Separated Long-Value Copies/sec 2430 Separated Long-Value Chunk Seeks/sec 2432 Separated Long-Value Chunk Retrieves/sec 2434 Separated Long-Value Chunk Appends/sec 2436 Separated Long-Value Chunk Replaces/sec 2438 Separated Long-Value Chunk Deletes/sec 2440 Separated Long-Value Chunk Copies/sec 2442 B+ Tree Append Splits/sec 2444 B+ Tree Right Splits/sec 2446 B+ Tree Right Hotpoint Splits/sec 2448 B+ Tree Vertical Splits/sec 2450 B+ Tree Splits/sec 2452 B+ Tree Empty Page Merges/sec 2454 B+ Tree Right Merges/sec 2456 B+ Tree Partial Merges/sec 2458 B+ Tree Merges/sec 2460 B+ Tree Failed Simple Page Cleanup Attempts/sec 2462 B+ Tree Seek Short Circuits/sec 2464 B+ Tree Unnecessary Sibling Latches/sec 2466 B+ Tree Move Nexts/sec 2468 B+ Tree Move Nexts (Non-Visible Nodes Skipped)/sec 2470 B+ Tree Move Prevs/sec 2472 B+ Tree Move Prevs (Non-Visible Nodes Skipped)/sec 2474 B+ Tree Seeks/sec 2476 B+ Tree Inserts/sec 2478 B+ Tree Replaces/sec 2480 B+ Tree Flag Deletes/sec 2482 B+ Tree Deletes/sec 2484 B+ Tree Appends/sec 2486 B+ Tree Creates/sec 2488 B+ Tree Creates (Total) 2490 B+ Tree Destroys/sec 2492 B+ Tree Destroys (Total) 2494 Database Cache % Hit 2496 No name 2498 Database Cache % Clean 2500 No name 2502 Database Pages Read Async/sec 2504 Database Pages Read Sync/sec 2506 Database Pages Written/sec 2508 Database Pages Transferred/sec 2510 Database Page Latches/sec 2512 Database Page Fast Latches/sec 2514 Database Page Bad Latch Hints/sec 2516 Database Cache % Fast Latch 2518 No name 2520 Database Page Latch Conflicts/sec 2522 Database Page Latch Stalls/sec 2524 Database Cache % Available 2526 No name 2528 Database Page Faults/sec 2530 Database Page Evictions/sec 2532 Database Page Fault Stalls/sec 2534 Database Cache Size (MB) 2536 Database Cache Size 2538 Database Cache Size Min 2540 Database Cache Size Max 2542 Database Cache % Available Min 2544 No name 2546 Database Cache % Available Max 2548 No name 2550 Database Pages Preread/sec 2552 Database Cached Pages Preread/sec 2554 Database Pages Preread Untouched/sec 2556 Database Pages Versioned / sec 2558 Database Cache % Versioned 2560 No name 2562 Database Pages Ordinarily Written/sec 2564 Database Pages Anomalously Written/sec 2566 Database Pages Opportunely Written/sec 2568 Database Pages Repeatedly Written/sec 2570 Database Pages Idly Written/sec 2572 Database Pages Coalesced Written/sec 2574 Database Pages Coalesced Read/sec 2576 Database Page History Records 2578 Database Page History % Hit 2580 No name 2582 Database Page Scans/sec 2584 Database Page Scans Out-of-order/sec 2586 No name 2588 Streaming Backup Pages Read/sec 2590 Online Defrag Pages Referenced/sec 2592 Online Defrag Pages Read/sec 2594 Online Defrag Pages Preread/sec 2596 Online Defrag Pages Dirtied/sec 2598 Online Defrag Pages Re-Dirtied/sec 2600 Online Defrag Log Records/sec 2602 Online Defrag Average Log Bytes 2604 No name 2606 Database Tasks Pages Referenced/sec 2608 Database Tasks Pages Read/sec 2610 Database Tasks Pages Preread/sec 2612 Database Tasks Pages Dirtied/sec 2614 Database Tasks Pages Re-Dirtied/sec 2616 Database Tasks Log Records/sec 2618 Database Tasks Average Log Bytes 2620 No name 2622 I/O Database Reads/sec 2624 I/O Database Reads Average Latency 2626 No name 2628 I/O Database Reads Average Bytes 2630 No name 2632 I/O Database Reads In Heap 2634 I/O Database Reads Async Pending 2636 I/O Database Reads Abnormal Latency/sec 2638 I/O Log Reads/sec 2640 I/O Log Reads Average Latency 2642 No name 2644 I/O Log Reads Average Bytes 2646 No name 2648 I/O Log Reads In Heap 2650 I/O Log Reads Async Pending 2652 I/O Log Reads Abnormal Latency/sec 2654 I/O Database Writes/sec 2656 I/O Database Writes Average Latency 2658 No name 2660 I/O Database Writes Average Bytes 2662 No name 2664 I/O Database Writes In Heap 2666 I/O Database Writes Async Pending 2668 I/O Database Writes Abnormal Latency/sec 2670 I/O Log Writes/sec 2672 I/O Log Writes Average Latency 2674 No name 2676 I/O Log Writes Average Bytes 2678 No name 2680 I/O Log Writes In Heap 2682 I/O Log Writes Async Pending 2684 I/O Log Writes Abnormal Latency/sec 2686 SLV File Table Inserts/sec 2688 SLV File Table Cleans/sec 2690 SLV File Table Deletes/sec 2692 SLV File Table Entries 2694 Threads Blocked/sec 2696 Threads Blocked 2698 Database ==> TableClasses 2700 Record Inserts/sec 2702 Record Deletes/sec 2704 Record Replaces/sec 2706 Record Unnecessary Replaces/sec 2708 Record Redundant Replaces/sec 2710 Record Escrow-Updates/sec 2712 Secondary Index Inserts/sec 2714 Secondary Index Deletes/sec 2716 False Index Column Updates/sec 2718 False Tuple Index Column Updates/sec 2720 Record Intrinsic Long-Values Updated/sec 2722 Record Separated Long-Values Added/sec 2724 Record Separated Long-Values Forced/sec 2726 Record Separated Long-Values All Forced/sec 2728 Record Separated Long-Values Reference All/sec 2730 Record Separated Long-Values Dereference All/sec 2732 Separated Long-Value Seeks/sec 2734 Separated Long-Value Retrieves/sec 2736 Separated Long-Value Creates/sec 2738 Separated Long-Value Updates/sec 2740 Separated Long-Value Deletes/sec 2742 Separated Long-Value Copies/sec 2744 Separated Long-Value Chunk Seeks/sec 2746 Separated Long-Value Chunk Retrieves/sec 2748 Separated Long-Value Chunk Appends/sec 2750 Separated Long-Value Chunk Replaces/sec 2752 Separated Long-Value Chunk Deletes/sec 2754 Separated Long-Value Chunk Copies/sec 2756 B+ Tree Append Splits/sec 2758 B+ Tree Right Splits/sec 2760 B+ Tree Right Hotpoint Splits/sec 2762 B+ Tree Vertical Splits/sec 2764 B+ Tree Splits/sec 2766 B+ Tree Empty Page Merges/sec 2768 B+ Tree Right Merges/sec 2770 B+ Tree Partial Merges/sec 2772 B+ Tree Merges/sec 2774 B+ Tree Failed Simple Page Cleanup Attempts/sec 2776 B+ Tree Seek Short Circuits/sec 2778 B+ Tree Unnecessary Sibling Latches/sec 2780 B+ Tree Move Nexts/sec 2782 B+ Tree Move Nexts (Non-Visible Nodes Skipped)/sec 2784 B+ Tree Move Prevs/sec 2786 B+ Tree Move Prevs (Non-Visible Nodes Skipped)/sec 2788 B+ Tree Seeks/sec 2790 B+ Tree Inserts/sec 2792 B+ Tree Replaces/sec 2794 B+ Tree Flag Deletes/sec 2796 B+ Tree Deletes/sec 2798 B+ Tree Appends/sec 2800 B+ Tree Creates/sec 2802 B+ Tree Creates (Total) 2804 B+ Tree Destroys/sec 2806 B+ Tree Destroys (Total) 2808 Database Cache Size (MB) 2810 Database Pages Read Async/sec 2812 Database Pages Read Sync/sec 2814 Database Pages Written/sec 2816 Database Pages Transferred/sec 2818 Database Pages Preread/sec 2820 Database Cached Pages Preread/sec 2822 Database Pages Preread Untouched/sec 2824 Database Pages Versioned / sec 2826 Database Pages Ordinarily Written/sec 2828 Database Pages Anomalously Written/sec 2830 Database Pages Opportunely Written/sec 2832 Database Pages Repeatedly Written/sec 2834 Database Pages Idly Written/sec 2836 Database Pages Coalesced Written/sec 2838 Database Pages Coalesced Read/sec 2840 Database ==> Instances 2842 Pages Converted/sec 2844 Pages Converted 2846 Records Converted/sec 2848 Records Converted 2850 FCB Asynchronous Scan/sec 2852 FCB Asynchronous Purge/sec 2854 FCB Asynchronous Threshold-Scan/sec 2856 FCB Asynchronous Threshold-Purge/sec 2858 FCB Asynchronous Purge Conflicts/sec 2860 FCB Synchronous Purge/sec 2862 FCB Synchronous Purge Stalls/sec 2864 FCB Allocations Wait For Version Cleanup/sec 2866 FCB Purge On Cursor Close/sec 2868 FCB Cache % Hit 2870 No name 2872 FCB Cache Stalls/sec 2874 FCB Cache Maximum 2876 FCB Cache Preferred 2878 FCB Cache Allocated 2880 FCB Cache Available 2882 Sessions In Use 2884 Sessions % Used 2886 No name 2888 Table Open Cache % Hit 2890 No name 2892 Table Open Cache Hits/sec 2894 Table Open Cache Misses/sec 2896 Table Opens/sec 2898 Log Bytes Write/sec 2900 Log Buffer Size 2902 Log Buffer Bytes Used 2904 Log Buffer Bytes Free 2906 Log Threads Waiting 2908 Log File Size 2910 Log Checkpoint Depth 2912 Log Generation Checkpoint Depth 2914 User Read Only Transaction Commits to Level 0/sec 2916 User Read/Write Transaction Commits to Level 0/sec 2918 User Transaction Commits to Level 0/sec 2920 User Read Only Transaction Rollbacks to Level 0/sec 2922 User Read/Write Transaction Rollbacks to Level 0/sec 2924 User Transaction Rollbacks to Level 0/sec 2926 System Read Only Transaction Commits to Level 0/sec 2928 System Read/Write Transaction Commits to Level 0/sec 2930 System Transaction Commits to Level 0/sec 2932 System Read Only Transaction Rollbacks to Level 0/sec 2934 System Read/Write Transaction Rollbacks to Level 0/sec 2936 System Transaction Rollbacks to Level 0/sec 2938 Database Page Allocation File Extension Async Consumed/sec 2940 Database Page Allocation File Extension Stalls/sec 2942 Log Records/sec 2944 Log Buffer Capacity Flushes/sec 2946 Log Buffer Commit Flushes/sec 2948 Log Buffer Flushes/sec 2950 Log Writes/sec 2952 Log Record Stalls/sec 2954 Version buckets allocated 2956 Version buckets allocated for deletes 2958 VER Bucket Allocations Wait For Version Cleanup/sec 2960 Version store average RCE bookmark length 2962 Version store unnecessary calls/sec 2964 Version store cleanup tasks asynchronously dispatched/sec 2966 Version store cleanup tasks synchronously dispatched/sec 2968 Version store cleanup tasks discarded/sec 2970 Version store cleanup tasks failures/sec 2972 Record Inserts/sec 2974 Record Deletes/sec 2976 Record Replaces/sec 2978 Record Unnecessary Replaces/sec 2980 Record Redundant Replaces/sec 2982 Record Escrow-Updates/sec 2984 Secondary Index Inserts/sec 2986 Secondary Index Deletes/sec 2988 False Index Column Updates/sec 2990 False Tuple Index Column Updates/sec 2992 Record Intrinsic Long-Values Updated/sec 2994 Record Separated Long-Values Added/sec 2996 Record Separated Long-Values Forced/sec 2998 Record Separated Long-Values All Forced/sec 3000 Record Separated Long-Values Reference All/sec 3002 Record Separated Long-Values Dereference All/sec 3004 Separated Long-Value Seeks/sec 3006 Separated Long-Value Retrieves/sec 3008 Separated Long-Value Creates/sec 3010 Separated Long-Value Updates/sec 3012 Separated Long-Value Deletes/sec 3014 Separated Long-Value Copies/sec 3016 Separated Long-Value Chunk Seeks/sec 3018 Separated Long-Value Chunk Retrieves/sec 3020 Separated Long-Value Chunk Appends/sec 3022 Separated Long-Value Chunk Replaces/sec 3024 Separated Long-Value Chunk Deletes/sec 3026 Separated Long-Value Chunk Copies/sec 3028 B+ Tree Append Splits/sec 3030 B+ Tree Right Splits/sec 3032 B+ Tree Right Hotpoint Splits/sec 3034 B+ Tree Vertical Splits/sec 3036 B+ Tree Splits/sec 3038 B+ Tree Empty Page Merges/sec 3040 B+ Tree Right Merges/sec 3042 B+ Tree Partial Merges/sec 3044 B+ Tree Merges/sec 3046 B+ Tree Failed Simple Page Cleanup Attempts/sec 3048 B+ Tree Seek Short Circuits/sec 3050 B+ Tree Unnecessary Sibling Latches/sec 3052 B+ Tree Move Nexts/sec 3054 B+ Tree Move Nexts (Non-Visible Nodes Skipped)/sec 3056 B+ Tree Move Prevs/sec 3058 B+ Tree Move Prevs (Non-Visible Nodes Skipped)/sec 3060 B+ Tree Seeks/sec 3062 B+ Tree Inserts/sec 3064 B+ Tree Replaces/sec 3066 B+ Tree Flag Deletes/sec 3068 B+ Tree Deletes/sec 3070 B+ Tree Appends/sec 3072 B+ Tree Creates/sec 3074 B+ Tree Creates (Total) 3076 B+ Tree Destroys/sec 3078 B+ Tree Destroys (Total) 3080 Database Pages Read Async/sec 3082 Database Pages Read Sync/sec 3084 Database Pages Written/sec 3086 Database Pages Transferred/sec 3088 Database Pages Preread/sec 3090 Database Cached Pages Preread/sec 3092 Database Pages Preread Untouched/sec 3094 Database Pages Versioned / sec 3096 Database Pages Ordinarily Written/sec 3098 Database Pages Anomalously Written/sec 3100 Database Pages Opportunely Written/sec 3102 Database Pages Repeatedly Written/sec 3104 Database Pages Idly Written/sec 3106 Database Pages Coalesced Written/sec 3108 Database Pages Coalesced Read/sec 3110 Streaming Backup Pages Read/sec 3112 Online Defrag Pages Referenced/sec 3114 Online Defrag Pages Read/sec 3116 Online Defrag Pages Preread/sec 3118 Online Defrag Pages Dirtied/sec 3120 Online Defrag Pages Re-Dirtied/sec 3122 Online Defrag Log Records/sec 3124 Online Defrag Average Log Bytes 3126 No name 3128 Database Tasks Pages Referenced/sec 3130 Database Tasks Pages Read/sec 3132 Database Tasks Pages Preread/sec 3134 Database Tasks Pages Dirtied/sec 3136 Database Tasks Pages Re-Dirtied/sec 3138 Database Tasks Log Records/sec 3140 Database Tasks Average Log Bytes 3142 No name 3144 I/O Database Reads/sec 3146 I/O Database Reads Average Latency 3148 No name 3150 I/O Database Reads Average Bytes 3152 No name 3154 I/O Database Reads In Heap 3156 I/O Database Reads Async Pending 3158 I/O Database Reads Abnormal Latency/sec 3160 I/O Log Reads/sec 3162 I/O Log Reads Average Latency 3164 No name 3166 I/O Log Reads Average Bytes 3168 No name 3170 I/O Log Reads In Heap 3172 I/O Log Reads Async Pending 3174 I/O Log Reads Abnormal Latency/sec 3176 I/O Database Writes/sec 3178 I/O Database Writes Average Latency 3180 No name 3182 I/O Database Writes Average Bytes 3184 No name 3186 I/O Database Writes In Heap 3188 I/O Database Writes Async Pending 3190 I/O Database Writes Abnormal Latency/sec 3192 I/O Log Writes/sec 3194 I/O Log Writes Average Latency 3196 No name 3198 I/O Log Writes Average Bytes 3200 No name 3202 I/O Log Writes In Heap 3204 I/O Log Writes Async Pending 3206 I/O Log Writes Abnormal Latency/sec 3208 Distributed Transaction Coordinator 3210 Active Transactions 3212 Committed Transactions 3214 Aborted Transactions 3216 In Doubt Transactions 3218 Active Transactions Maximum 3220 Force Committed Transactions 3222 Force Aborted Transactions 3224 Response Time -- Minimum 3226 Response Time -- Average 3228 Response Time -- Maximum 3230 Transactions/sec 3232 Committed Transactions/sec 3234 Aborted Transactions/sec 3424 Bulk Bytes/Sec 3426 Isochronous Bytes/Sec 3428 Interrupt Bytes/Sec 3430 Control Data Bytes/Sec 3432 Controller PCI Interrupts/Sec 3434 Controller WorkSignals/Sec 3436 % Total Bandwidth Used for Interrupt 3438 % Total Bandwidth Used for Iso 3440 USB 3442 Avg. Bytes/Transfer 3444 Iso Packet Errors/Sec 3446 Avg ms latency for ISO transfers 3448 Transfer Errors/Sec 3450 Host Controller Idle 3452 Host Controller Async Idle 3454 Host Controller Async Cache Flush Count 3456 Host Controller Perdiodic Idle 3458 Host Controller Periodic Cache Flush Count 3460 .NET CLR Networking 3462 Connections Established 3464 Bytes Received 3466 Bytes Sent 3468 Datagrams Received 3470 Datagrams Sent 3472 .NET Data Provider for SqlServer 3474 HardConnectsPerSecond 3476 HardDisconnectsPerSecond 3478 SoftConnectsPerSecond 3480 SoftDisconnectsPerSecond 3482 NumberOfNonPooledConnections 3484 NumberOfPooledConnections 3486 NumberOfActiveConnectionPoolGroups 3488 NumberOfInactiveConnectionPoolGroups 3490 NumberOfActiveConnectionPools 3492 NumberOfInactiveConnectionPools 3494 NumberOfActiveConnections 3496 NumberOfFreeConnections 3498 NumberOfStasisConnections 3500 NumberOfReclaimedConnections 3502 .NET CLR Data 3504 SqlClient: Current # pooled and nonpooled connections 3506 SqlClient: Current # pooled connections 3508 SqlClient: Current # connection pools 3510 SqlClient: Peak # pooled connections 3512 SqlClient: Total # failed connects 3514 SqlClient: Total # failed commands 3516 .NET CLR Memory 3518 # Gen 0 Collections 3520 # Gen 1 Collections 3522 # Gen 2 Collections 3524 Promoted Memory from Gen 0 3526 Promoted Memory from Gen 1 3528 Gen 0 Promoted Bytes/Sec 3530 Gen 1 Promoted Bytes/Sec 3532 Promoted Finalization-Memory from Gen 0 3534 Process ID 3536 Gen 0 heap size 3538 Gen 1 heap size 3540 Gen 2 heap size 3542 Large Object Heap size 3544 Finalization Survivors 3546 # GC Handles 3548 Allocated Bytes/sec 3550 # Induced GC 3552 % Time in GC 3554 Not Displayed 3556 # Bytes in all Heaps 3558 # Total committed Bytes 3560 # Total reserved Bytes 3562 # of Pinned Objects 3564 # of Sink Blocks in use 3566 .NET CLR Loading 3568 Total Classes Loaded 3570 % Time Loading 3572 Assembly Search Length 3574 Total # of Load Failures 3576 Rate of Load Failures 3578 Bytes in Loader Heap 3580 Total appdomains unloaded 3582 Rate of appdomains unloaded 3584 Current Classes Loaded 3586 Rate of Classes Loaded 3588 Current appdomains 3590 Total Appdomains 3592 Rate of appdomains 3594 Current Assemblies 3596 Total Assemblies 3598 Rate of Assemblies 3600 .NET CLR Jit 3602 # of Methods Jitted 3604 # of IL Bytes Jitted 3606 Total # of IL Bytes Jitted 3608 IL Bytes Jitted / sec 3610 Standard Jit Failures 3612 % Time in Jit 3614 Not Displayed 3616 .NET CLR Interop 3618 # of CCWs 3620 # of Stubs 3622 # of marshalling 3624 # of TLB imports / sec 3626 # of TLB exports / sec 3628 .NET CLR LocksAndThreads 3630 Total # of Contentions 3632 Contention Rate / sec 3634 Current Queue Length 3636 Queue Length Peak 3638 Queue Length / sec 3640 # of current logical Threads 3642 # of current physical Threads 3644 # of current recognized threads 3646 # of total recognized threads 3648 rate of recognized threads / sec 3650 .NET CLR Security 3652 Total Runtime Checks 3654 % Time Sig. Authenticating 3656 # Link Time Checks 3658 % Time in RT checks 3660 Not Displayed 3662 Stack Walk Depth 3664 .NET CLR Remoting 3666 Remote Calls/sec 3668 Channels 3670 Context Proxies 3672 Context-Bound Classes Loaded 3674 Context-Bound Objects Alloc / sec 3676 Contexts 3678 Total Remote Calls 3680 .NET CLR Exceptions 3682 # of Exceps Thrown 3684 # of Exceps Thrown / sec 3686 # of Filters / sec 3688 # of Finallys / sec 3690 Throw To Catch Depth / sec 3692 .NET Data Provider for Oracle 3694 HardConnectsPerSecond 3696 HardDisconnectsPerSecond 3698 SoftConnectsPerSecond 3700 SoftDisconnectsPerSecond 3702 NumberOfNonPooledConnections 3704 NumberOfPooledConnections 3706 NumberOfActiveConnectionPoolGroups 3708 NumberOfInactiveConnectionPoolGroups 3710 NumberOfActiveConnectionPools 3712 NumberOfInactiveConnectionPools 3714 NumberOfActiveConnections 3716 NumberOfFreeConnections 3718 NumberOfStasisConnections 3720 NumberOfReclaimedConnections 3722 Search Gatherer Projects 3724 Document Additions 3726 Document Add Rate 3728 Document Deletes 3730 Document Delete Rate 3732 Document Modifies 3734 Document Modifies Rate 3736 Waiting Documents 3738 Documents In Progress 3740 Documents On Hold 3742 Delayed Documents 3744 URLs in History 3746 Processed Documents 3748 Processed Documents Rate 3750 Status Success 3752 Success Rate 3754 Status Error 3756 Error Rate 3762 File Errors 3764 File Errors Rate 3770 Accessed Files 3772 Accessed File Rate 3778 Filtered Office 3780 Filtered Office Rate 3782 Filtered Text 3784 Filtered Text Rate 3786 Crawls in progress 3788 Gatherer Paused Flag 3790 Recovery In Progress Flag 3792 Not Modified 3794 Iterating History In Progress Flag 3796 Incremental Crawls 3798 Filtering Documents 3800 Started Documents 3802 Retries 3804 Retries Rate 3812 Adaptive Crawl Errors 3818 Changed Documents 3820 Document Moves/Renames 3822 Document Move and Rename Rate 3824 Unique Documents 3826 History Recovery Progress 3828 Search Gatherer 3830 Notification Sources 3832 Ext. Notifications Received 3834 Ext. Notifications Rate 3836 Admin Clients 3838 Heartbeats 3840 Heartbeats Rate 3842 Filtering Threads 3844 Idle Threads 3846 Document Entries 3848 Performance Level 3850 Active Queue Length 3852 Filter Processes 3854 Filter Processes Max 3856 Filter Process Created 3858 Delayed Documents 3860 Server Objects 3862 Server Objects Created 3864 Filter Objects 3866 Documents Filtered 3868 Documents Filtered Rate 3870 Time Outs 3872 Servers Currently Unavailable 3874 Servers Unavailable 3876 Threads Accessing Network 3878 Threads In Plug-ins 3880 Documents Successfully Filtered 3882 Documents Successfully Filtered Rate 3884 Documents Delayed Retry 3886 Word Breakers Cached 3888 Stemmers Cached 3890 All Notifications Received 3892 Notifications Rate 3894 System IO traffic rate 3896 Reason to back off 3898 Threads blocked due to back off 3900 Search Indexer 3902 Master Index Level. 3904 Master Merges to Date 3906 Master Merge Progress 3908 Shadow Merge Levels 3910 Shadow Merge Levels Threshold 3912 Persistent Indexes 3914 Index Size 3916 Unique Keys 3918 Documents Filtered 3920 Work Items Created 3922 Work Items Deleted 3924 Clean WidSets 3926 Dirty WidSets 3928 Master Merges Now. 3930 Active Connections 3932 Queries 3934 Queries Failed 3936 Queries Succeeded 3938 L0 Indexes (Wordlists) 3940 L0 Merges (flushes) Now. 3942 L0 Merge (Flush) Speed - Average 3944 L0 Merge (Flush) - Count 3946 L0 Merge (Flush) Speed - Last 3948 Persistent Indexes L1 3950 L1 Merges Now. 3952 L1 Merge Speed - average 3954 L1 Merge - Count 3956 L1 Merge Speed - last 3958 Persistent Indexes L2 3960 L2 Merges Now. 3962 L2 Merge Speed - average 3964 L2 Merge - Count 3966 L2 Merge Speed - last 3968 Persistent Indexes L3 3970 L3 Merges Now. 3972 L3 Merge Speed - average 3974 L3 Merge - Count 3976 L3 Merge Speed - last 3978 Persistent Indexes L4 3980 L4 Merges Now. 3982 L4 Merge Speed - average 3984 L4 Merge - Count 3986 L4 Merge Speed - last 3988 Persistent Indexes L5 3990 L5 Merges Now. 3992 L5 Merge Speed - average 3994 L5 Merge - Count 3996 L5 Merge Speed - last 3998 Persistent Indexes L6 4000 L6 Merges Now. 4002 L6 Merge Speed - average 4004 L6 Merge - Count 4006 L6 Merge Speed - last 4008 Persistent Indexes L7 4010 L7 Merges Now. 4012 L7 Merge Speed - average 4014 L7 Merge - Count 4016 L7 Merge Speed - last 4018 Persistent Indexes L8 4020 L8 Merges Now. 4022 L8 Merge Speed - average 4024 L8 Merge - Count 4026 L8 Merge Speed - last 4028 Peer Networking Resolution Protocol 4030 Number of IDs registered 4032 Number of resolves 4034 bytes sent/sec 4036 bytes received/sec 4038 Stale cache entry hits 4040 ServiceModelOperation 3.0.0.0 4042 Calls 4044 Calls Per Second 4046 Calls Outstanding 4048 Calls Failed 4050 Call Failed Per Second 4052 Calls Faulted 4054 Calls Faulted Per Second 4056 Calls Duration 4058 Calls Duration Base 4060 Transactions Flowed 4062 Transactions Flowed Per Second 4064 Security Validation and Authentication Failures 4066 Security Validation and Authentication Failures Per Second 4068 Security Calls Not Authorized 4070 Security Calls Not Authorized Per Second 4072 ReadyBoost Cache 4074 Hit read bytes/sec 4076 Total read bytes/sec 4078 Total write bytes/sec 4080 Update buffer read bytes/sec 4082 Bytes cached 4084 Invalidated update buffer bytes/sec 4086 Cache reads/sec 4088 Compression Ratio 4090 Sequential IOs bailed/sec 4092 Read-Size-Max IOs bailed/sec 4094 No-regions reschedules/sec 4096 No-update-buffers reschedules/sec 4098 Invalidated update buffer blocks/sec 4100 ServiceModelService 3.0.0.0 4102 Calls 4104 Calls Per Second 4106 Calls Outstanding 4108 Calls Failed 4110 Calls Failed Per Second 4112 Calls Faulted 4114 Calls Faulted Per Second 4116 Calls Duration 4118 Calls Duration Base 4120 Transactions Flowed 4122 Transactions Flowed Per Second 4124 Transacted Operations Committed 4126 Transacted Operations Committed Per Second 4128 Transacted Operations Aborted 4130 Transacted Operations Aborted Per Second 4132 Transacted Operations In Doubt 4134 Transacted Operations In Doubt Per Second 4136 Security Validation and Authentication Failures 4138 Security Validation and Authentication Failures Per Second 4140 Security Calls Not Authorized 4142 Security Calls Not Authorized Per Second 4144 Instances 4146 Instances Created Per Second 4148 Reliable Messaging Sessions Faulted 4150 Reliable Messaging Sessions Faulted Per Second 4152 Reliable Messaging Messages Dropped 4154 Reliable Messaging Messages Dropped Per Second 4156 Queued Poison Messages 4158 Queued Poison Messages Per Second 4160 Queued Messages Rejected 4162 Queued Messages Rejected Per Second 4164 Queued Messages Dropped 4166 Queued Messages Dropped Per Second 4168 MSDTC Bridge 3.0.0.0 4170 Message send failures/sec 4172 Prepare retry count/sec 4174 Commit retry count/sec 4176 Prepared retry count/sec 4178 Replay retry count/sec 4180 Faults received count/sec 4182 Faults sent count/sec 4184 Average participant prepare response time 4186 Average participant prepare response time Base 4188 Average participant commit response time 4190 Average participant commit response time Base 4272 SMSvcHost 3.0.0.0 4274 Protocol Failures over net.tcp 4276 Protocol Failures over net.pipe 4278 Dispatch Failures over net.tcp 4280 Dispatch Failures over net.pipe 4282 Connections Dispatched over net.tcp 4284 Connections Dispatched over net.pipe 4286 Connections Accepted over net.tcp 4288 Connections Accepted over net.pipe 4290 Registrations Active for net.tcp 4292 Registrations Active for net.pipe 4294 Uris Registered for net.tcp 4296 Uris Registered for net.pipe 4298 Uris Unregistered for net.tcp 4300 Uris Unregistered for net.pipe 4302 ServiceModelEndpoint 3.0.0.0 4304 Calls 4306 Calls Per Second 4308 Calls Outstanding 4310 Calls Failed 4312 Calls Failed Per Second 4314 Calls Faulted 4316 Calls Faulted Per Second 4318 Calls Duration 4320 Calls Duration Base 4322 Transactions Flowed 4324 Transactions Flowed Per Second 4326 Security Validation and Authentication Failures 4328 Security Validation and Authentication Failures Per Second 4330 Security Calls Not Authorized 4332 Security Calls Not Authorized Per Second 4334 Reliable Messaging Sessions Faulted 4336 Reliable Messaging Sessions Faulted Per Second 4338 Reliable Messaging Messages Dropped 4340 Reliable Messaging Messages Dropped Per Second 4342 Windows Workflow Foundation 4344 Workflows Created 4346 Workflows Created/sec 4348 Workflows Unloaded 4350 Workflows Unloaded/sec 4352 Workflows Loaded 4354 Workflows Loaded/sec 4356 Workflows Completed 4358 Workflows Completed/sec 4360 Workflows Suspended 4362 Workflows Suspended/sec 4364 Workflows Terminated 4366 Workflows Terminated/sec 4368 Workflows In Memory 4370 Workflows Aborted 4372 Workflows Aborted/sec 4374 Workflows Persisted 4376 Workflows Persisted/sec 4378 Workflows Executing 4380 Workflows Idle/sec 4382 Workflows Runnable 4384 Workflows Pending 4386 Pacer Flow 4388 Pacer Pipe 4390 Packets dropped 4392 Packets scheduled 4394 Packets transmitted 4396 Average packets in shaper 4398 Max packets in shaper 4400 Average packets in sequencer 4402 Max packets in sequencer 4404 Bytes scheduled 4406 Bytes transmitted 4408 Bytes transmitted/sec 4410 Bytes scheduled/sec 4412 Packets transmitted/sec 4414 Packets scheduled/sec 4416 Packets dropped/sec 4418 Nonconforming packets scheduled 4420 Nonconforming packets scheduled/sec 4422 Nonconforming packets transmitted 4424 Nonconforming packets transmitted/sec 4426 Maximum Packets in netcard 4428 Average Packets in netcard 4430 Out of packets 4432 Flows opened 4434 Flows closed 4436 Flows rejected 4438 Flows modified 4440 Flow mods rejected 4442 Max simultaneous flows 4444 Nonconforming packets scheduled 4446 Nonconforming packets scheduled/sec 4448 Nonconforming packets transmitted 4450 Nonconforming packets transmitted/sec 4452 Average packets in shaper 4454 Max packets in shaper 4456 Average packets in sequencer 4458 Max packets in sequencer 4460 Max packets in netcard 4462 Average packets in netcard 4728 Terminal Services Session 4730 Input WdBytes 4732 Input WdFrames 4734 Input WaitForOutBuf 4736 Input Frames 4738 Input Bytes 4740 Input Compressed Bytes 4742 Input Compress Flushes 4744 Input Errors 4746 Input Timeouts 4748 Input Async Frame Error 4750 Input Async Overrun 4752 Input Async Overflow 4754 Input Async Parity Error 4756 Input Transport Errors 4758 Output WdBytes 4760 Output WdFrames 4762 Output WaitForOutBuf 4764 Output Frames 4766 Output Bytes 4768 Output Compressed Bytes 4770 Output Compress Flushes 4772 Output Errors 4774 Output Timeouts 4776 Output Async Frame Error 4778 Output Async Overrun 4780 Output Async Overflow 4782 Output Async Parity Error 4784 Output Transport Errors 4786 Total WdBytes 4788 Total WdFrames 4790 Total WaitForOutBuf 4792 Total Frames 4794 Total Bytes 4796 Total Compressed Bytes 4798 Total Compress Flushes 4800 Total Errors 4802 Total Timeouts 4804 Total Async Frame Error 4806 Total Async Overrun 4808 Total Async Overflow 4810 Total Async Parity Error 4812 Total Transport Errors 4814 Total Protocol Cache Reads 4816 Total Protocol Cache Hits 4818 Total Protocol Cache Hit Ratio 4820 Protocol Bitmap Cache Reads 4822 Protocol Bitmap Cache Hits 4824 Protocol Bitmap Cache Hit Ratio 4826 Protocol Glyph Cache Reads 4828 Protocol Glyph Cache Hits 4830 Protocol Glyph Cache Hit Ratio 4832 Protocol Brush Cache Reads 4834 Protocol Brush Cache Hits 4836 Protocol Brush Cache Hit Ratio 4838 Protocol Save Screen Bitmap Cache Reads 4840 Protocol Save Screen Bitmap Cache Hits 4842 Protocol Save Screen Bitmap Cache Hit Ratio 4844 Input Compression Ratio 4846 Output Compression Ratio 4848 Total Compression Ratio 5114 Outlook 5116 RPCs Attempted 5118 RPCs Succeeded 5120 RPCs Failed 5122 RPCs Cancelled 5124 RPCs UI Shown 5126 RPCs Attempted - UI 5128 Time Avg (all) 5130 Time Avg (10) 5132 Time Avg (50) 5134 Time Avg (200) 5136 Time Min 5138 Time Max 5140 Count obj connection 5142 Count obj hcot table 5144 Count handle (AD) context 5146 Count handle (AD) binding 5148 Count handle (store) context 5150 Count handle (store) binding 5152 WMI Objects 5154 HiPerf Classes 5156 HiPerf Validity 5158 iSCSI Connections 5160 Bytes Received 5162 Bytes Sent 5164 PDUs Sent 5166 PDUs Received 5168 iSCSI Initiator Instance 5170 Session Cxn Timeout Errors 5172 Session Digest Errors 5174 Sessions Failed 5176 Session Format Errors 5178 iSCSI Initiator Login statistics 5180 Login Accept Responses 5182 Logins Failed 5184 Login Authentication Failed Responses 5186 Failed Logins 5188 Login Negotiation Failed 5190 Login Other Failed Responses 5192 Login Redirect Responses 5194 Logout Normal 5196 Logout Other Codes 5198 iSCSI HBA Main Mode IPSEC Statistics 5200 AcquireFailures 5202 AcquireHeapSize 5204 ActiveAcquire 5206 ActiveReceive 5208 AuthenticationFailures 5210 ConnectionListSize 5212 GetSPIFailures 5214 InvalidCookiesReceived 5216 InvalidPackets 5218 KeyAdditionFailures 5220 KeyAdditions 5222 KeyUpdateFailures 5224 KeyUpdates 5226 NegotiationFailures 5228 OakleyMainMode 5230 OakleyQuickMode 5232 ReceiveFailures 5234 ReceiveHeapSize 5236 SendFailures 5238 SoftAssociations 5240 TotalGetSPI 5242 MSiSCSI_NICPerformance 5244 BytesReceived 5246 BytesTransmitted 5248 PDUReceived 5250 PDUTransmitted 5252 iSCSI HBA Quick Mode IPSEC Statistics 5254 ActiveSA 5256 ActiveTunnels 5258 AuthenticatedBytesReceived 5260 AuthenticatedBytesSent 5262 BadSPIPackets 5264 ConfidentialBytesReceived 5266 ConfidentialBytesSent 5268 KeyAdditions 5270 KeyDeletions 5272 PacketsNotAuthenticated 5274 PacketsNotDecrypted 5276 PacketsWithReplayDetection 5278 PendingKeyOperations 5280 ReKeys 5282 TransportBytesReceived 5284 TransportBytesSent 5286 TunnelBytesReceived 5288 TunnelBytesSent 5290 iSCSI Request Processing Time 5292 Average Request Processing Time 5294 Max Request Processing Time 5296 iSCSI Sessions 5298 Bytes Received 5300 Bytes Sent 5302 ConnectionTimeout Errors 5304 Digest Errors 5306 Format Errors 5308 PDUs Sent 5310 PDUs Received 5312 Processor Performance 5314 Processor Frequency 5316 % of Maximum Frequency 5318 Processor State Flags 5320 Video Scheduler 5322 DMA Buffer Completed/Sec 5324 % GPU Busy 5326 GPU Context 5328 GPU Context Switch/Sec 5330 DMA Buffer Preempted/Sec 5332 Present/Sec 5334 DMA Buffer Submitted/Sec 4714 Terminal Services 4716 Active Sessions 4718 Inactive Sessions 4720 Total Sessions 1926 WFPv4 1928 Inbound Packets Discarded/sec 1930 Outbound Packets Discarded/sec 1932 Packets Discarded/sec 1934 Blocked Binds 1936 Inbound Connections Blocked/sec 1938 Outbound Connections Blocked/sec 1940 Inbound Connections Allowed/sec 1942 Outbound Connections Allowed/sec 1944 Inbound Connections 1946 Outbound Connections 1948 Active Inbound Connections 1950 Active Outbound Connections 1952 Allowed Classifies/sec 1986 IPsec Driver 1988 Active Security Associations 1990 Pending Security Associations 1992 Incorrect SPI Packets 1994 Bytes Received in Tunnel Mode/sec 1996 Bytes Sent in Tunnel Mode/sec 1998 Bytes Received in Transport Mode/sec 2000 Bytes Sent in Transport Mode/sec 2002 Offloaded Security Associations 2004 Offloaded Bytes Received/sec 2006 Offloaded Bytes Sent/sec 2008 Packets That Failed Replay Detection 2010 Packets Not Authenticated 2012 Packets Not Decrypted 2014 SA Rekeys 2016 Security Associations Added 2018 Packets That Failed ESP Validation 2020 Packets That Failed UDP-ESP Validation 2022 Packets Received Over Wrong SA 2024 Plaintext Packets Received 1982 WFP 1984 Provider Count 1954 WFPv6 1956 Inbound Packets Discarded/sec 1958 Outbound Packets Discarded/sec 1960 Packets Discarded/sec 1962 Blocked Binds 1964 Inbound Connections Blocked/sec 1966 Outbound Connections Blocked/sec 1968 Inbound Connections Allowed/sec 1970 Outbound Connections Allowed/sec 1972 Inbound Connections 1974 Outbound Connections 1976 Active Inbound Connections 1978 Active Outbound Connections 1980 Allowed Classifies/sec 4722 Authorization Manager Applications 4724 Total number of scopes 4726 Number of Scopes loaded in memory 4862 DFS Replicated Folders 4864 Conflict Files Generated 4866 Conflict Bytes Generated 4868 Conflict Files Cleaned up 4870 Conflict Bytes Cleaned up 4872 Conflict Space In Use 4874 Conflict Folder Cleanups Completed 4876 File Installs Succeeded 4878 File Installs Retried 4880 Updates Dropped 4882 Deleted Files Generated 4884 Deleted Bytes Generated 4886 Deleted Files Cleaned up 4888 Deleted Bytes Cleaned up 4890 Deleted Space In Use 4892 Total Files Received 4894 Size of Files Received 4896 Compressed Size of Files Received 4898 RDC Number of Files Received 4900 RDC Size of Files Received 4902 RDC Compressed Size of Files Received 4904 RDC Bytes Received 4906 Bandwidth Savings Using DFS Replication 4908 DFS Replication Connections 4910 Total Bytes Received 4912 Total Files Received 4914 Size of Files Received 4916 Compressed Size of Files Received 4918 Bytes Received Per Second 4920 RDC Number of Files Received 4922 RDC Size of Files Received 4924 RDC Compressed Size of Files Received 4926 RDC Bytes Received 4928 Bandwidth Savings Using DFS Replication 4850 DFS Replication Service Volumes 4852 USN Journal Records Read 4854 USN Journal Records Accepted 4856 USN Journal Unread Percentage 4858 Database Commits 4860 Database Lookups 2222 Generic IKE and AuthIP 2224 IKE Main Mode Negotiation Time 2226 AuthIP Main Mode Negotiation Time 2228 IKE Quick Mode Negotiation Time 2230 AuthIP Quick Mode Negotiation Time 2232 Extended Mode Negotiation Time 2234 Packets Received/sec 2236 Invalid Packets Received/sec 2238 Successful Negotiations 2240 Successful Negotiations/sec 2242 Failed Negotiations 2244 Failed Negotiations/sec 2102 IPsec AuthIPv4 2104 Active Main Mode SAs 2106 Pending Main Mode Negotiations 2108 Main Mode Negotiations 2110 Main Mode Negotiations/sec 2112 Successful Main Mode Negotiations 2114 Successful Main Mode Negotiations/sec 2116 Failed Main Mode Negotiations 2118 Failed Main Mode Negotiations/sec 2120 Main Mode Negotiation Requests Received 2122 Main Mode Negotiation Requests Received/sec 2124 Main Mode SAs That Used Impersonation 2126 Main Mode SAs That Used Impersonation/sec 2128 Active Quick Mode SAs 2130 Pending Quick Mode Negotiations 2132 Quick Mode Negotiations 2134 Quick Mode Negotiations/sec 2136 Successful Quick Mode Negotiations 2138 Successful Quick Mode Negotiations/sec 2140 Failed Quick Mode Negotiations 2142 Failed Quick Mode Negotiations/sec 2144 Active Extended Mode SAs 2146 Pending Extended Mode Negotiations 2148 Extended Mode Negotiations 2150 Extended Mode Negotiations/sec 2152 Successful Extended Mode Negotiations 2154 Successful Extended Mode Negotiations/sec 2156 Failed Extended Mode Negotiations 2158 Failed Extended Mode Negotiations/sec 2160 Extended Mode SAs That Used Impersonation 2162 IPsec AuthIPv6 2164 Active Main Mode SAs 2166 Pending Main Mode Negotiations 2168 Main Mode Negotiations 2170 Main Mode Negotiations/sec 2172 Successful Main Mode Negotiations 2174 Successful Main Mode Negotiations/sec 2176 Failed Main Mode Negotiations 2178 Failed Main Mode Negotiations/sec 2180 Main Mode Negotiation Requests Received 2182 Main Mode Negotiation Requests Received/sec 2184 Main Mode SAs That Used Impersonation 2186 Main Mode SAs That Used Impersonation/sec 2188 Active Quick Mode SAs 2190 Pending Quick Mode Negotiations 2192 Quick Mode Negotiations 2194 Quick Mode Negotiations/sec 2196 Successful Quick Mode Negotiations 2198 Successful Quick Mode Negotiations/sec 2200 Failed Quick Mode Negotiations 2202 Failed Quick Mode Negotiations/sec 2204 Active Extended Mode SAs 2206 Pending Extended Mode Negotiations 2208 Extended Mode Negotiations 2210 Extended Mode Negotiations/sec 2212 Successful Extended Mode Negotiations 2214 Successful Extended Mode Negotiations/sec 2216 Failed Extended Mode Negotiations 2218 Failed Extended Mode Negotiations/sec 2220 Extended Mode SAs That Used Impersonation 2026 IPsec IKEv4 2028 Active Main Mode SAs 2030 Pending Main Mode Negotiations 2032 Main Mode Negotiations 2034 Main Mode Negotiations/sec 2036 Successful Main Mode Negotiations 2038 Successful Main Mode Negotiations/sec 2040 Failed Main Mode Negotiations 2042 Failed Main Mode Negotiations/sec 2044 Main Mode Negotiation Requests Received 2046 Main Mode Negotiation Requests Received/sec 2048 Active Quick Mode SAs 2050 Pending Quick Mode Negotiations 2052 Quick Mode Negotiations 2054 Quick Mode Negotiations/sec 2056 Successful Quick Mode Negotiations 2058 Successful Quick Mode Negotiations/sec 2060 Failed Quick Mode Negotiations 2062 Failed Quick Mode Negotiations/sec 2064 IPsec IKEv6 2066 Active Main Mode SAs 2068 Pending Main Mode Negotiations 2070 Main Mode Negotiations 2072 Main Mode Negotiations/sec 2074 Successful Main Mode Negotiations 2076 Successful Main Mode Negotiations/sec 2078 Failed Main Mode Negotiations 2080 Failed Main Mode Negotiations/sec 2082 Main Mode Negotiation Requests Received 2084 Main Mode Negotiation Requests Received/sec 2086 Active Quick Mode SAs 2088 Pending Quick Mode Negotiations 2090 Quick Mode Negotiations 2092 Quick Mode Negotiations/sec 2094 Successful Quick Mode Negotiations 2096 Successful Quick Mode Negotiations/sec 2098 Failed Quick Mode Negotiations 2100 Failed Quick Mode Negotiations/sec 4696 HTTP Service Request Queues 4698 CurrentQueueSize 4700 MaxQueueItemAge 4702 ArrivalRate 4704 RejectionRate 4706 RejectedRequests 4708 CacheHitRate 4676 HTTP Service Url Groups 4678 BytesSentRate 4680 BytesReceivedRate 4682 BytesTransferredRate 4684 CurrentConnections 4686 MaxConnections 4688 ConnectionAttempts 4690 GetRequests 4692 HeadRequests 4694 AllRequests 4662 HTTP Service 4664 CurrentUrisCached 4666 TotalUrisCached 4668 UriCacheHits 4670 UriCacheMisses 4672 UriCacheFlushes 4674 TotalFlushedUris 4648 Netlogon 4650 Semaphore Waiters 4652 Semaphore Holders 4654 Semaphore Acquires 4656 Semaphore Timeouts 4658 Average Semaphore Hold Time 4660 Semaphore Hold Time Base 3418 TBS counters 3420 CurrentContexts 3422 CurrentResources"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/sec 92 Async Data Maps/sec 94 Data Map Hits % 96 Data Map Pins/sec 98 Pin Reads/sec 100 Sync Pin Reads/sec 102 Async Pin Reads/sec 104 Pin Read Hits % 106 Copy Reads/sec 108 Sync Copy Reads/sec 110 Async Copy Reads/sec 112 Copy Read Hits % 114 MDL Reads/sec 116 Sync MDL Reads/sec 118 Async MDL Reads/sec 120 MDL Read Hits % 122 Read Aheads/sec 124 Fast Reads/sec 126 Sync Fast Reads/sec 128 Async Fast Reads/sec 130 Fast Read Resource Misses/sec 132 Fast Read Not Possibles/sec 134 Lazy Write Flushes/sec 136 Lazy Write Pages/sec 138 Data Flushes/sec 140 Data Flush Pages/sec 142 % User Time 144 % Privileged Time 146 Context Switches/sec 148 Interrupts/sec 150 System Calls/sec 152 Level 1 TLB Fills/sec 154 Level 2 TLB Fills/sec 156 Enumerations Server/sec 158 Enumerations Domain/sec 160 Enumerations Other/sec 162 Missed Server Announcements 164 Missed Mailslot Datagrams 166 Missed Server List Requests 168 Server Announce Allocations Failed/sec 170 Mailslot Allocations Failed 172 Virtual Bytes Peak 174 Virtual Bytes 178 Working Set Peak 180 Working Set 182 Page File Bytes Peak 184 Page File Bytes 186 Private Bytes 188 Announcements Total/sec 190 Enumerations Total/sec 198 Current Disk Queue Length 200 % Disk Time 202 % Disk Read Time 204 % Disk Write Time 206 Avg. Disk sec/Transfer 208 Avg. Disk sec/Read 210 Avg. Disk sec/Write 212 Disk Transfers/sec 214 Disk Reads/sec 216 Disk Writes/sec 218 Disk Bytes/sec 220 Disk Read Bytes/sec 222 Disk Write Bytes/sec 224 Avg. Disk Bytes/Transfer 226 Avg. Disk Bytes/Read 228 Avg. Disk Bytes/Write 230 Process 232 Thread 234 PhysicalDisk 236 LogicalDisk 238 Processor 240 % Total Processor Time 242 % Total User Time 244 % Total Privileged Time 246 Total Interrupts/sec 248 Processes 250 Threads 252 Events 254 Semaphores 256 Mutexes 258 Sections 260 Objects 262 Redirector 264 Bytes Received/sec 266 Packets Received/sec 268 Read Bytes Paging/sec 270 Read Bytes Non-Paging/sec 272 Read Bytes Cache/sec 274 Read Bytes Network/sec 276 Bytes Transmitted/sec 278 Packets Transmitted/sec 280 Write Bytes Paging/sec 282 Write Bytes Non-Paging/sec 284 Write Bytes Cache/sec 286 Write Bytes Network/sec 288 Read Operations/sec 290 Read Operations Random/sec 292 Read Packets/sec 294 Reads Large/sec 296 Read Packets Small/sec 298 Write Operations/sec 300 Write Operations Random/sec 302 Write Packets/sec 304 Writes Large/sec 306 Write Packets Small/sec 308 Reads Denied/sec 310 Writes Denied/sec 312 Network Errors/sec 314 Server Sessions 316 Server Reconnects 318 Connects Core 320 Connects Lan Manager 2.0 322 Connects Lan Manager 2.1 324 Connects Windows NT 326 Server Disconnects 328 Server Sessions Hung 330 Server 336 Thread Wait Reason 340 Sessions Timed Out 342 Sessions Errored Out 344 Sessions Logged Off 346 Sessions Forced Off 348 Errors Logon 350 Errors Access Permissions 352 Errors Granted Access 354 Errors System 356 Blocking Requests Rejected 358 Work Item Shortages 360 Files Opened Total 362 Files Open 366 File Directory Searches 370 Pool Nonpaged Failures 372 Pool Nonpaged Peak 376 Pool Paged Failures 378 Pool Paged Peak 388 Bytes Total/sec 392 Current Commands 398 NWLink NetBIOS 400 Packets/sec 404 Context Blocks Queued/sec 406 File Data Operations/sec 408 % Free Space 410 Free Megabytes 412 Connections Open 414 Connections No Retries 416 Connections With Retries 418 Disconnects Local 420 Disconnects Remote 422 Failures Link 424 Failures Adapter 426 Connection Session Timeouts 428 Connections Canceled 430 Failures Resource Remote 432 Failures Resource Local 434 Failures Not Found 436 Failures No Listen 438 Datagrams/sec 440 Datagram Bytes/sec 442 Datagrams Sent/sec 444 Datagram Bytes Sent/sec 446 Datagrams Received/sec 448 Datagram Bytes Received/sec 452 Packets Sent/sec 456 Frames/sec 458 Frame Bytes/sec 460 Frames Sent/sec 462 Frame Bytes Sent/sec 464 Frames Received/sec 466 Frame Bytes Received/sec 468 Frames Re-Sent/sec 470 Frame Bytes Re-Sent/sec 472 Frames Rejected/sec 474 Frame Bytes Rejected/sec 476 Expirations Response 478 Expirations Ack 480 Window Send Maximum 482 Window Send Average 484 Piggyback Ack Queued/sec 486 Piggyback Ack Timeouts 488 NWLink IPX 490 NWLink SPX 492 NetBEUI 494 NetBEUI Resource 496 Used Maximum 498 Used Average 500 Times Exhausted 502 NBT Connection 506 Bytes Sent/sec 508 Total Bytes/sec 510 Network Interface 512 Bytes/sec 520 Current Bandwidth 524 Packets Received Unicast/sec 526 Packets Received Non-Unicast/sec 528 Packets Received Discarded 530 Packets Received Errors 532 Packets Received Unknown 536 Packets Sent Unicast/sec 538 Packets Sent Non-Unicast/sec 540 Packets Outbound Discarded 542 Packets Outbound Errors 544 Output Queue Length 546 IPv4 548 IPv6 552 Datagrams Received Header Errors 554 Datagrams Received Address Errors 556 Datagrams Forwarded/sec 558 Datagrams Received Unknown Protocol 560 Datagrams Received Discarded 562 Datagrams Received Delivered/sec 566 Datagrams Outbound Discarded 568 Datagrams Outbound No Route 570 Fragments Received/sec 572 Fragments Re-assembled/sec 574 Fragment Re-assembly Failures 576 Fragmented Datagrams/sec 578 Fragmentation Failures 580 Fragments Created/sec 582 ICMP 584 Messages/sec 586 Messages Received/sec 588 Messages Received Errors 590 Received Dest. Unreachable 592 Received Time Exceeded 594 Received Parameter Problem 596 Received Source Quench 598 Received Redirect/sec 600 Received Echo/sec 602 Received Echo Reply/sec 604 Received Timestamp/sec 606 Received Timestamp Reply/sec 608 Received Address Mask 610 Received Address Mask Reply 612 Messages Sent/sec 614 Messages Outbound Errors 616 Sent Destination Unreachable 618 Sent Time Exceeded 620 Sent Parameter Problem 622 Sent Source Quench 624 Sent Redirect/sec 626 Sent Echo/sec 628 Sent Echo Reply/sec 630 Sent Timestamp/sec 632 Sent Timestamp Reply/sec 634 Sent Address Mask 636 Sent Address Mask Reply 638 TCPv4 640 Segments/sec 642 Connections Established 644 Connections Active 646 Connections Passive 648 Connection Failures 650 Connections Reset 652 Segments Received/sec 654 Segments Sent/sec 656 Segments Retransmitted/sec 658 UDPv4 660 % Total DPC Time 662 % Total Interrupt Time 664 Datagrams No Port/sec 666 Datagrams Received Errors 670 Disk Storage Unit 672 Allocation Failures 674 System Up Time 676 System Handle Count 678 Free System Page Table Entries 680 Thread Count 682 Priority Base 684 Elapsed Time 686 Alignment Fixups/sec 688 Exception Dispatches/sec 690 Floating Emulations/sec 692 Logon/sec 694 Priority Current 696 % DPC Time 698 % Interrupt Time 700 Paging File 702 % Usage 704 % Usage Peak 706 Start Address 708 User PC 710 Mapped Space No Access 712 Mapped Space Read Only 714 Mapped Space Read/Write 716 Mapped Space Write Copy 718 Mapped Space Executable 720 Mapped Space Exec Read Only 722 Mapped Space Exec Read/Write 724 Mapped Space Exec Write Copy 726 Reserved Space No Access 728 Reserved Space Read Only 730 Reserved Space Read/Write 732 Reserved Space Write Copy 734 Reserved Space Executable 736 Reserved Space Exec Read Only 738 Reserved Space Exec Read/Write 740 Image 742 Reserved Space Exec Write Copy 744 Unassigned Space No Access 746 Unassigned Space Read Only 748 Unassigned Space Read/Write 750 Unassigned Space Write Copy 752 Unassigned Space Executable 754 Unassigned Space Exec Read Only 756 Unassigned Space Exec Read/Write 758 Unassigned Space Exec Write Copy 760 Image Space No Access 762 Image Space Read Only 764 Image Space Read/Write 766 Image Space Write Copy 768 Image Space Executable 770 Image Space Exec Read Only 772 Image Space Exec Read/Write 774 Image Space Exec Write Copy 776 Bytes Image Reserved 778 Bytes Image Free 780 Bytes Reserved 782 Bytes Free 784 ID Process 786 Process Address Space 788 No Access 790 Read Only 792 Read/Write 794 Write Copy 796 Executable 798 Exec Read Only 800 Exec Read/Write 802 Exec Write Copy 804 ID Thread 806 Mailslot Receives Failed 808 Mailslot Writes Failed 810 Mailslot Opens Failed/sec 812 Duplicate Master Announcements 814 Illegal Datagrams/sec 816 Thread Details 818 Cache Bytes 820 Cache Bytes Peak 822 Pages Input/sec 824 Transition Pages RePurposed/sec 872 Bytes Transmitted 874 Bytes Received 876 Frames Transmitted 878 Frames Received. 880 Percent Compression Out 882 Percent Compression In 884 CRC Errors 886 Timeout Errors 888 Serial Overrun Errors 890 Alignment Errors 892 Buffer Overrun Errors 894 Total Errors 896 Bytes Transmitted/Sec 898 Bytes Received/Sec 900 Frames Transmitted/Sec 902 Frames Received/Sec 904 Total Errors/Sec 908 Total Connections 920 WINS Server 922 Unique Registrations/sec 924 Group Registrations/sec 926 Total Number of Registrations/sec 928 Unique Renewals/sec 930 Group Renewals/sec 932 Total Number of Renewals/sec 934 Releases/sec 936 Queries/sec 938 Unique Conflicts/sec 940 Group Conflicts/sec 942 Total Number of Conflicts/sec 944 Successful Releases/sec 946 Failed Releases/sec 948 Successful Queries/sec 950 Failed Queries/sec 952 Handle Count 1000 MacFile Server 1002 Max Paged Memory 1004 Current Paged Memory 1006 Max NonPaged Memory 1008 Current NonPaged memory 1010 Current Sessions 1012 Maximum Sessions 1014 Current Files Open 1016 Maximum Files Open 1018 Failed Logons 1020 Data Read/sec 1022 Data Written/sec 1024 Data Received/sec 1026 Data Transmitted/sec 1028 Current Queue Length 1030 Maximum Queue Length 1032 Current Threads 1034 Maximum Threads 1050 AppleTalk 1052 Packets In/sec 1054 Packets Out/sec 1056 Bytes In/sec 1058 Bytes Out/sec 1060 Average Time/DDP Packet 1062 DDP Packets/sec 1064 Average Time/AARP Packet 1066 AARP Packets/sec 1068 Average Time/ATP Packet 1070 ATP Packets/sec 1072 Average Time/NBP Packet 1074 NBP Packets/sec 1076 Average Time/ZIP Packet 1078 ZIP Packets/sec 1080 Average Time/RTMP Packet 1082 RTMP Packets/sec 1084 ATP Retries Local 1086 ATP Response Timouts 1088 ATP XO Response/Sec 1090 ATP ALO Response/Sec 1092 ATP Recvd Release/Sec 1094 Current NonPaged Pool 1096 Packets Routed In/Sec 1098 Packets dropped 1100 ATP Retries Remote 1102 Packets Routed Out/Sec 1110 Network Segment 1112 Total frames received/second 1114 Total bytes received/second 1116 Broadcast frames received/second 1118 Multicast frames received/second 1120 % Network utilization 1124 % Broadcast Frames 1126 % Multicast Frames 1150 Telephony 1152 Lines 1154 Telephone Devices 1156 Active Lines 1158 Active Telephones 1160 Outgoing Calls/sec 1162 Incoming Calls/sec 1164 Client Apps 1166 Current Outgoing Calls 1168 Current Incoming Calls 1232 Packet Burst Read NCP Count/sec 1234 Packet Burst Read Timeouts/sec 1236 Packet Burst Write NCP Count/sec 1238 Packet Burst Write Timeouts/sec 1240 Packet Burst IO/sec 1260 Logon Total 1300 Server Work Queues 1302 Queue Length 1304 Active Threads 1306 Available Threads 1308 Available Work Items 1310 Borrowed Work Items 1312 Work Item Shortages 1314 Current Clients 1320 Bytes Transferred/sec 1324 Read Bytes/sec 1328 Write Bytes/sec 1332 Total Operations/sec 1334 DPCs Queued/sec 1336 DPC Rate 1342 Total DPCs Queued/sec 1344 Total DPC Rate 1350 % Registry Quota In Use 1360 VL Memory 1362 VLM % Virtual Size In Use 1364 VLM Virtual Size 1366 VLM Virtual Size Peak 1368 VLM Virtual Size Available 1370 VLM Commit Charge 1372 VLM Commit Charge Peak 1374 System VLM Commit Charge 1376 System VLM Commit Charge Peak 1378 System VLM Shared Commit Charge 1380 Available KBytes 1382 Available MBytes 1400 Avg. Disk Queue Length 1402 Avg. Disk Read Queue Length 1404 Avg. Disk Write Queue Length 1406 % Committed Bytes In Use 1408 Full Image 1410 Creating Process ID 1412 IO Read Operations/sec 1414 IO Write Operations/sec 1416 IO Data Operations/sec 1418 IO Other Operations/sec 1420 IO Read Bytes/sec 1422 IO Write Bytes/sec 1424 IO Data Bytes/sec 1426 IO Other Bytes/sec 1450 Print Queue 1452 Total Jobs Printed 1454 Bytes Printed/sec 1456 Total Pages Printed 1458 Jobs 1460 References 1462 Max References 1464 Jobs Spooling 1466 Max Jobs Spooling 1468 Out of Paper Errors 1470 Not Ready Errors 1472 Job Errors 1474 Enumerate Network Printer Calls 1476 Add Network Printer Calls 1478 Working Set - Private 1480 Working Set - Shared 1482 % Idle Time 1484 Split IO/Sec 1500 Job Object 1502 Current % Processor Time 1504 Current % User Mode Time 1506 Current % Kernel Mode Time 1508 This Period mSec - Processor 1510 This Period mSec - User Mode 1512 This Period mSec - Kernel Mode 1514 Pages/Sec 1516 Process Count - Total 1518 Process Count - Active 1520 Process Count - Terminated 1522 Total mSec - Processor 1524 Total mSec - User Mode 1526 Total mSec - Kernel Mode 1530 TCPv6 1532 UDPv6 1534 ICMPv6 1536 Received Packet Too Big 1538 Received Membership Query 1540 Received Membership Report 1542 Received Membership Reduction 1544 Received Router Solicit 1546 Received Router Advert 1548 Job Object Details 1550 Received Neighbor Solicit 1552 Received Neighbor Advert 1554 Sent Packet Too Big 1556 Sent Membership Query 1558 Sent Membership Report 1560 Sent Membership Reduction 1562 Sent Router Solicit 1564 Sent Router Advert 1566 Sent Neighbor Solicit 1568 Sent Neighbor Advert 1570 Security System-Wide Statistics 1572 NTLM Authentications 1574 Kerberos Authentications 1576 KDC AS Requests 1578 KDC TGS Requests 1580 Schannel Session Cache Entries 1582 Active Schannel Session Cache Entries 1584 SSL Client-Side Full Handshakes 1586 SSL Client-Side Reconnect Handshakes 1588 SSL Server-Side Full Handshakes 1590 SSL Server-Side Reconnect Handshakes 1592 Digest Authentications 1670 Security Per-Process Statistics 1672 Credential Handles 1674 Context Handles 1676 Free & Zero Page List Bytes 1678 Modified Page List Bytes 1680 Standby Cache Reserve Bytes 1682 Standby Cache Normal Priority Bytes 1684 Standby Cache Core Bytes 1746 % Idle Time 1748 % C1 Time 1750 % C2 Time 1752 % C3 Time 1754 C1 Transitions/sec 1756 C2 Transitions/sec 1758 C3 Transitions/sec 1760 Heap 1762 Committed Bytes 1764 Reserved Bytes 1766 Virtual Bytes 1768 Free Bytes 1770 Free List Length 1772 Avg. alloc rate 1774 Avg. free rate 1776 Uncommitted Ranges Length 1778 Allocs - Frees 1780 Cached Allocs/sec 1782 Cached Frees/sec 1784 Allocs <1K/sec 1786 Frees <1K/sec 1788 Allocs 1-8K/sec 1790 Frees 1-8K/sec 1792 Allocs over 8K/sec 1794 Frees over 8K/sec 1796 Total Allocs/sec 1798 Total Frees/sec 1800 Blocks in Heap Cache 1802 Largest Cache Depth 1804 % Fragmentation 1806 % VAFragmentation 1808 Heap Lock contention 1846 End Marker 1848 Telephony 1850 Number of Lines 1852 Number of Telephone devices 1854 Number of Active Lines 1856 Number of Active Telephones 1858 Outgoing calls/sec 1860 Incoming calls/sec 1862 Number of Client Apps 1864 Current Outgoing Calls 1866 Current Incoming Calls 1868 RAS Port 1870 Bytes Transmitted 1872 Bytes Received 1874 Frames Transmitted 1876 Frames Received 1878 Percent Compression Out 1880 Percent Compression In 1882 CRC Errors 1884 Timeout Errors 1886 Serial Overrun Errors 1888 Alignment Errors 1890 Buffer Overrun Errors 1892 Total Errors 1894 Bytes Transmitted/Sec 1896 Bytes Received/Sec 1898 Frames Transmitted/Sec 1900 Frames Received/Sec 1902 Total Errors/Sec 1904 RAS Total 1906 Total Connections 1908 BITS Net Utilization 1910 Remote Server Speed (Bits/Sec) 1912 Netcard Speed (Bits/Sec) 1914 Percent Netcard Free 1916 IGD Speed (Bits/Sec) 1918 Percent IGD Free 1920 BITS Download BlockSize (Bytes) 1922 BITS Download Response Interval (msec) 1924 Estimated bandwidth available to the remote system (Bits/sec) 2246 Database 2248 Pages Converted/sec 2250 Pages Converted 2252 Records Converted/sec 2254 Records Converted 2256 Heap Allocs/sec 2258 Heap Frees/sec 2260 Heap Allocations 2262 Heap Bytes Allocated 2264 Page Bytes Reserved 2266 Page Bytes Committed 2268 FCB Asynchronous Scan/sec 2270 FCB Asynchronous Purge/sec 2272 FCB Asynchronous Threshold-Scan/sec 2274 FCB Asynchronous Threshold-Purge/sec 2276 FCB Asynchronous Purge Conflicts/sec 2278 FCB Synchronous Purge/sec 2280 FCB Synchronous Purge Stalls/sec 2282 FCB Allocations Wait For Version Cleanup/sec 2284 FCB Purge On Cursor Close/sec 2286 FCB Cache % Hit 2288 No name 2290 FCB Cache Stalls/sec 2292 FCB Cache Maximum 2294 FCB Cache Preferred 2296 FCB Cache Allocated 2298 FCB Cache Available 2300 Sessions In Use 2302 Sessions % Used 2304 No name 2306 Table Open Cache % Hit 2308 No name 2310 Table Open Cache Hits/sec 2312 Table Open Cache Misses/sec 2314 Table Opens/sec 2316 Log Bytes Write/sec 2318 Log Buffer Bytes Used 2320 Log Buffer Bytes Free 2322 Log Threads Waiting 2324 Log Checkpoint Depth 2326 Log Generation Checkpoint Depth 2328 User Read Only Transaction Commits to Level 0/sec 2330 User Read/Write Transaction Commits to Level 0/sec 2332 User Transaction Commits to Level 0/sec 2334 User Read Only Transaction Rollbacks to Level 0/sec 2336 User Read/Write Transaction Rollbacks to Level 0/sec 2338 User Transaction Rollbacks to Level 0/sec 2340 System Read Only Transaction Commits to Level 0/sec 2342 System Read/Write Transaction Commits to Level 0/sec 2344 System Transaction Commits to Level 0/sec 2346 System Read Only Transaction Rollbacks to Level 0/sec 2348 System Read/Write Transaction Rollbacks to Level 0/sec 2350 System Transaction Rollbacks to Level 0/sec 2352 Database Page Allocation File Extension Async Consumed/sec 2354 Database Page Allocation File Extension Stalls/sec 2356 Log Records/sec 2358 Log Buffer Capacity Flushes/sec 2360 Log Buffer Commit Flushes/sec 2362 Log Buffer Flushes/sec 2364 Log Writes/sec 2366 Log Record Stalls/sec 2368 Version buckets allocated 2370 Version buckets allocated for deletes 2372 VER Bucket Allocations Wait For Version Cleanup/sec 2374 Version store average RCE bookmark length 2376 Version store unnecessary calls/sec 2378 Version store cleanup tasks asynchronously dispatched/sec 2380 Version store cleanup tasks synchronously dispatched/sec 2382 Version store cleanup tasks discarded/sec 2384 Version store cleanup tasks failures/sec 2386 Record Inserts/sec 2388 Record Deletes/sec 2390 Record Replaces/sec 2392 Record Unnecessary Replaces/sec 2394 Record Redundant Replaces/sec 2396 Record Escrow-Updates/sec 2398 Secondary Index Inserts/sec 2400 Secondary Index Deletes/sec 2402 False Index Column Updates/sec 2404 False Tuple Index Column Updates/sec 2406 Record Intrinsic Long-Values Updated/sec 2408 Record Separated Long-Values Added/sec 2410 Record Separated Long-Values Forced/sec 2412 Record Separated Long-Values All Forced/sec 2414 Record Separated Long-Values Reference All/sec 2416 Record Separated Long-Values Dereference All/sec 2418 Separated Long-Value Seeks/sec 2420 Separated Long-Value Retrieves/sec 2422 Separated Long-Value Creates/sec 2424 Separated Long-Value Updates/sec 2426 Separated Long-Value Deletes/sec 2428 Separated Long-Value Copies/sec 2430 Separated Long-Value Chunk Seeks/sec 2432 Separated Long-Value Chunk Retrieves/sec 2434 Separated Long-Value Chunk Appends/sec 2436 Separated Long-Value Chunk Replaces/sec 2438 Separated Long-Value Chunk Deletes/sec 2440 Separated Long-Value Chunk Copies/sec 2442 B+ Tree Append Splits/sec 2444 B+ Tree Right Splits/sec 2446 B+ Tree Right Hotpoint Splits/sec 2448 B+ Tree Vertical Splits/sec 2450 B+ Tree Splits/sec 2452 B+ Tree Empty Page Merges/sec 2454 B+ Tree Right Merges/sec 2456 B+ Tree Partial Merges/sec 2458 B+ Tree Merges/sec 2460 B+ Tree Failed Simple Page Cleanup Attempts/sec 2462 B+ Tree Seek Short Circuits/sec 2464 B+ Tree Unnecessary Sibling Latches/sec 2466 B+ Tree Move Nexts/sec 2468 B+ Tree Move Nexts (Non-Visible Nodes Skipped)/sec 2470 B+ Tree Move Prevs/sec 2472 B+ Tree Move Prevs (Non-Visible Nodes Skipped)/sec 2474 B+ Tree Seeks/sec 2476 B+ Tree Inserts/sec 2478 B+ Tree Replaces/sec 2480 B+ Tree Flag Deletes/sec 2482 B+ Tree Deletes/sec 2484 B+ Tree Appends/sec 2486 B+ Tree Creates/sec 2488 B+ Tree Creates (Total) 2490 B+ Tree Destroys/sec 2492 B+ Tree Destroys (Total) 2494 Database Cache % Hit 2496 No name 2498 Database Cache % Clean 2500 No name 2502 Database Pages Read Async/sec 2504 Database Pages Read Sync/sec 2506 Database Pages Written/sec 2508 Database Pages Transferred/sec 2510 Database Page Latches/sec 2512 Database Page Fast Latches/sec 2514 Database Page Bad Latch Hints/sec 2516 Database Cache % Fast Latch 2518 No name 2520 Database Page Latch Conflicts/sec 2522 Database Page Latch Stalls/sec 2524 Database Cache % Available 2526 No name 2528 Database Page Faults/sec 2530 Database Page Evictions/sec 2532 Database Page Fault Stalls/sec 2534 Database Cache Size (MB) 2536 Database Cache Size 2538 Database Cache Size Min 2540 Database Cache Size Max 2542 Database Cache % Available Min 2544 No name 2546 Database Cache % Available Max 2548 No name 2550 Database Pages Preread/sec 2552 Database Cached Pages Preread/sec 2554 Database Pages Preread Untouched/sec 2556 Database Pages Versioned / sec 2558 Database Cache % Versioned 2560 No name 2562 Database Pages Ordinarily Written/sec 2564 Database Pages Anomalously Written/sec 2566 Database Pages Opportunely Written/sec 2568 Database Pages Repeatedly Written/sec 2570 Database Pages Idly Written/sec 2572 Database Pages Coalesced Written/sec 2574 Database Pages Coalesced Read/sec 2576 Database Page History Records 2578 Database Page History % Hit 2580 No name 2582 Database Page Scans/sec 2584 Database Page Scans Out-of-order/sec 2586 No name 2588 Streaming Backup Pages Read/sec 2590 Online Defrag Pages Referenced/sec 2592 Online Defrag Pages Read/sec 2594 Online Defrag Pages Preread/sec 2596 Online Defrag Pages Dirtied/sec 2598 Online Defrag Pages Re-Dirtied/sec 2600 Online Defrag Log Records/sec 2602 Online Defrag Average Log Bytes 2604 No name 2606 Database Tasks Pages Referenced/sec 2608 Database Tasks Pages Read/sec 2610 Database Tasks Pages Preread/sec 2612 Database Tasks Pages Dirtied/sec 2614 Database Tasks Pages Re-Dirtied/sec 2616 Database Tasks Log Records/sec 2618 Database Tasks Average Log Bytes 2620 No name 2622 I/O Database Reads/sec 2624 I/O Database Reads Average Latency 2626 No name 2628 I/O Database Reads Average Bytes 2630 No name 2632 I/O Database Reads In Heap 2634 I/O Database Reads Async Pending 2636 I/O Database Reads Abnormal Latency/sec 2638 I/O Log Reads/sec 2640 I/O Log Reads Average Latency 2642 No name 2644 I/O Log Reads Average Bytes 2646 No name 2648 I/O Log Reads In Heap 2650 I/O Log Reads Async Pending 2652 I/O Log Reads Abnormal Latency/sec 2654 I/O Database Writes/sec 2656 I/O Database Writes Average Latency 2658 No name 2660 I/O Database Writes Average Bytes 2662 No name 2664 I/O Database Writes In Heap 2666 I/O Database Writes Async Pending 2668 I/O Database Writes Abnormal Latency/sec 2670 I/O Log Writes/sec 2672 I/O Log Writes Average Latency 2674 No name 2676 I/O Log Writes Average Bytes 2678 No name 2680 I/O Log Writes In Heap 2682 I/O Log Writes Async Pending 2684 I/O Log Writes Abnormal Latency/sec 2686 SLV File Table Inserts/sec 2688 SLV File Table Cleans/sec 2690 SLV File Table Deletes/sec 2692 SLV File Table Entries 2694 Threads Blocked/sec 2696 Threads Blocked 2698 Database ==> TableClasses 2700 Record Inserts/sec 2702 Record Deletes/sec 2704 Record Replaces/sec 2706 Record Unnecessary Replaces/sec 2708 Record Redundant Replaces/sec 2710 Record Escrow-Updates/sec 2712 Secondary Index Inserts/sec 2714 Secondary Index Deletes/sec 2716 False Index Column Updates/sec 2718 False Tuple Index Column Updates/sec 2720 Record Intrinsic Long-Values Updated/sec 2722 Record Separated Long-Values Added/sec 2724 Record Separated Long-Values Forced/sec 2726 Record Separated Long-Values All Forced/sec 2728 Record Separated Long-Values Reference All/sec 2730 Record Separated Long-Values Dereference All/sec 2732 Separated Long-Value Seeks/sec 2734 Separated Long-Value Retrieves/sec 2736 Separated Long-Value Creates/sec 2738 Separated Long-Value Updates/sec 2740 Separated Long-Value Deletes/sec 2742 Separated Long-Value Copies/sec 2744 Separated Long-Value Chunk Seeks/sec 2746 Separated Long-Value Chunk Retrieves/sec 2748 Separated Long-Value Chunk Appends/sec 2750 Separated Long-Value Chunk Replaces/sec 2752 Separated Long-Value Chunk Deletes/sec 2754 Separated Long-Value Chunk Copies/sec 2756 B+ Tree Append Splits/sec 2758 B+ Tree Right Splits/sec 2760 B+ Tree Right Hotpoint Splits/sec 2762 B+ Tree Vertical Splits/sec 2764 B+ Tree Splits/sec 2766 B+ Tree Empty Page Merges/sec 2768 B+ Tree Right Merges/sec 2770 B+ Tree Partial Merges/sec 2772 B+ Tree Merges/sec 2774 B+ Tree Failed Simple Page Cleanup Attempts/sec 2776 B+ Tree Seek Short Circuits/sec 2778 B+ Tree Unnecessary Sibling Latches/sec 2780 B+ Tree Move Nexts/sec 2782 B+ Tree Move Nexts (Non-Visible Nodes Skipped)/sec 2784 B+ Tree Move Prevs/sec 2786 B+ Tree Move Prevs (Non-Visible Nodes Skipped)/sec 2788 B+ Tree Seeks/sec 2790 B+ Tree Inserts/sec 2792 B+ Tree Replaces/sec 2794 B+ Tree Flag Deletes/sec 2796 B+ Tree Deletes/sec 2798 B+ Tree Appends/sec 2800 B+ Tree Creates/sec 2802 B+ Tree Creates (Total) 2804 B+ Tree Destroys/sec 2806 B+ Tree Destroys (Total) 2808 Database Cache Size (MB) 2810 Database Pages Read Async/sec 2812 Database Pages Read Sync/sec 2814 Database Pages Written/sec 2816 Database Pages Transferred/sec 2818 Database Pages Preread/sec 2820 Database Cached Pages Preread/sec 2822 Database Pages Preread Untouched/sec 2824 Database Pages Versioned / sec 2826 Database Pages Ordinarily Written/sec 2828 Database Pages Anomalously Written/sec 2830 Database Pages Opportunely Written/sec 2832 Database Pages Repeatedly Written/sec 2834 Database Pages Idly Written/sec 2836 Database Pages Coalesced Written/sec 2838 Database Pages Coalesced Read/sec 2840 Database ==> Instances 2842 Pages Converted/sec 2844 Pages Converted 2846 Records Converted/sec 2848 Records Converted 2850 FCB Asynchronous Scan/sec 2852 FCB Asynchronous Purge/sec 2854 FCB Asynchronous Threshold-Scan/sec 2856 FCB Asynchronous Threshold-Purge/sec 2858 FCB Asynchronous Purge Conflicts/sec 2860 FCB Synchronous Purge/sec 2862 FCB Synchronous Purge Stalls/sec 2864 FCB Allocations Wait For Version Cleanup/sec 2866 FCB Purge On Cursor Close/sec 2868 FCB Cache % Hit 2870 No name 2872 FCB Cache Stalls/sec 2874 FCB Cache Maximum 2876 FCB Cache Preferred 2878 FCB Cache Allocated 2880 FCB Cache Available 2882 Sessions In Use 2884 Sessions % Used 2886 No name 2888 Table Open Cache % Hit 2890 No name 2892 Table Open Cache Hits/sec 2894 Table Open Cache Misses/sec 2896 Table Opens/sec 2898 Log Bytes Write/sec 2900 Log Buffer Size 2902 Log Buffer Bytes Used 2904 Log Buffer Bytes Free 2906 Log Threads Waiting 2908 Log File Size 2910 Log Checkpoint Depth 2912 Log Generation Checkpoint Depth 2914 User Read Only Transaction Commits to Level 0/sec 2916 User Read/Write Transaction Commits to Level 0/sec 2918 User Transaction Commits to Level 0/sec 2920 User Read Only Transaction Rollbacks to Level 0/sec 2922 User Read/Write Transaction Rollbacks to Level 0/sec 2924 User Transaction Rollbacks to Level 0/sec 2926 System Read Only Transaction Commits to Level 0/sec 2928 System Read/Write Transaction Commits to Level 0/sec 2930 System Transaction Commits to Level 0/sec 2932 System Read Only Transaction Rollbacks to Level 0/sec 2934 System Read/Write Transaction Rollbacks to Level 0/sec 2936 System Transaction Rollbacks to Level 0/sec 2938 Database Page Allocation File Extension Async Consumed/sec 2940 Database Page Allocation File Extension Stalls/sec 2942 Log Records/sec 2944 Log Buffer Capacity Flushes/sec 2946 Log Buffer Commit Flushes/sec 2948 Log Buffer Flushes/sec 2950 Log Writes/sec 2952 Log Record Stalls/sec 2954 Version buckets allocated 2956 Version buckets allocated for deletes 2958 VER Bucket Allocations Wait For Version Cleanup/sec 2960 Version store average RCE bookmark length 2962 Version store unnecessary calls/sec 2964 Version store cleanup tasks asynchronously dispatched/sec 2966 Version store cleanup tasks synchronously dispatched/sec 2968 Version store cleanup tasks discarded/sec 2970 Version store cleanup tasks failures/sec 2972 Record Inserts/sec 2974 Record Deletes/sec 2976 Record Replaces/sec 2978 Record Unnecessary Replaces/sec 2980 Record Redundant Replaces/sec 2982 Record Escrow-Updates/sec 2984 Secondary Index Inserts/sec 2986 Secondary Index Deletes/sec 2988 False Index Column Updates/sec 2990 False Tuple Index Column Updates/sec 2992 Record Intrinsic Long-Values Updated/sec 2994 Record Separated Long-Values Added/sec 2996 Record Separated Long-Values Forced/sec 2998 Record Separated Long-Values All Forced/sec 3000 Record Separated Long-Values Reference All/sec 3002 Record Separated Long-Values Dereference All/sec 3004 Separated Long-Value Seeks/sec 3006 Separated Long-Value Retrieves/sec 3008 Separated Long-Value Creates/sec 3010 Separated Long-Value Updates/sec 3012 Separated Long-Value Deletes/sec 3014 Separated Long-Value Copies/sec 3016 Separated Long-Value Chunk Seeks/sec 3018 Separated Long-Value Chunk Retrieves/sec 3020 Separated Long-Value Chunk Appends/sec 3022 Separated Long-Value Chunk Replaces/sec 3024 Separated Long-Value Chunk Deletes/sec 3026 Separated Long-Value Chunk Copies/sec 3028 B+ Tree Append Splits/sec 3030 B+ Tree Right Splits/sec 3032 B+ Tree Right Hotpoint Splits/sec 3034 B+ Tree Vertical Splits/sec 3036 B+ Tree Splits/sec 3038 B+ Tree Empty Page Merges/sec 3040 B+ Tree Right Merges/sec 3042 B+ Tree Partial Merges/sec 3044 B+ Tree Merges/sec 3046 B+ Tree Failed Simple Page Cleanup Attempts/sec 3048 B+ Tree Seek Short Circuits/sec 3050 B+ Tree Unnecessary Sibling Latches/sec 3052 B+ Tree Move Nexts/sec 3054 B+ Tree Move Nexts (Non-Visible Nodes Skipped)/sec 3056 B+ Tree Move Prevs/sec 3058 B+ Tree Move Prevs (Non-Visible Nodes Skipped)/sec 3060 B+ Tree Seeks/sec 3062 B+ Tree Inserts/sec 3064 B+ Tree Replaces/sec 3066 B+ Tree Flag Deletes/sec 3068 B+ Tree Deletes/sec 3070 B+ Tree Appends/sec 3072 B+ Tree Creates/sec 3074 B+ Tree Creates (Total) 3076 B+ Tree Destroys/sec 3078 B+ Tree Destroys (Total) 3080 Database Pages Read Async/sec 3082 Database Pages Read Sync/sec 3084 Database Pages Written/sec 3086 Database Pages Transferred/sec 3088 Database Pages Preread/sec 3090 Database Cached Pages Preread/sec 3092 Database Pages Preread Untouched/sec 3094 Database Pages Versioned / sec 3096 Database Pages Ordinarily Written/sec 3098 Database Pages Anomalously Written/sec 3100 Database Pages Opportunely Written/sec 3102 Database Pages Repeatedly Written/sec 3104 Database Pages Idly Written/sec 3106 Database Pages Coalesced Written/sec 3108 Database Pages Coalesced Read/sec 3110 Streaming Backup Pages Read/sec 3112 Online Defrag Pages Referenced/sec 3114 Online Defrag Pages Read/sec 3116 Online Defrag Pages Preread/sec 3118 Online Defrag Pages Dirtied/sec 3120 Online Defrag Pages Re-Dirtied/sec 3122 Online Defrag Log Records/sec 3124 Online Defrag Average Log Bytes 3126 No name 3128 Database Tasks Pages Referenced/sec 3130 Database Tasks Pages Read/sec 3132 Database Tasks Pages Preread/sec 3134 Database Tasks Pages Dirtied/sec 3136 Database Tasks Pages Re-Dirtied/sec 3138 Database Tasks Log Records/sec 3140 Database Tasks Average Log Bytes 3142 No name 3144 I/O Database Reads/sec 3146 I/O Database Reads Average Latency 3148 No name 3150 I/O Database Reads Average Bytes 3152 No name 3154 I/O Database Reads In Heap 3156 I/O Database Reads Async Pending 3158 I/O Database Reads Abnormal Latency/sec 3160 I/O Log Reads/sec 3162 I/O Log Reads Average Latency 3164 No name 3166 I/O Log Reads Average Bytes 3168 No name 3170 I/O Log Reads In Heap 3172 I/O Log Reads Async Pending 3174 I/O Log Reads Abnormal Latency/sec 3176 I/O Database Writes/sec 3178 I/O Database Writes Average Latency 3180 No name 3182 I/O Database Writes Average Bytes 3184 No name 3186 I/O Database Writes In Heap 3188 I/O Database Writes Async Pending 3190 I/O Database Writes Abnormal Latency/sec 3192 I/O Log Writes/sec 3194 I/O Log Writes Average Latency 3196 No name 3198 I/O Log Writes Average Bytes 3200 No name 3202 I/O Log Writes In Heap 3204 I/O Log Writes Async Pending 3206 I/O Log Writes Abnormal Latency/sec 3208 Distributed Transaction Coordinator 3210 Active Transactions 3212 Committed Transactions 3214 Aborted Transactions 3216 In Doubt Transactions 3218 Active Transactions Maximum 3220 Force Committed Transactions 3222 Force Aborted Transactions 3224 Response Time -- Minimum 3226 Response Time -- Average 3228 Response Time -- Maximum 3230 Transactions/sec 3232 Committed Transactions/sec 3234 Aborted Transactions/sec 3424 Bulk Bytes/Sec 3426 Isochronous Bytes/Sec 3428 Interrupt Bytes/Sec 3430 Control Data Bytes/Sec 3432 Controller PCI Interrupts/Sec 3434 Controller WorkSignals/Sec 3436 % Total Bandwidth Used for Interrupt 3438 % Total Bandwidth Used for Iso 3440 USB 3442 Avg. Bytes/Transfer 3444 Iso Packet Errors/Sec 3446 Avg ms latency for ISO transfers 3448 Transfer Errors/Sec 3450 Host Controller Idle 3452 Host Controller Async Idle 3454 Host Controller Async Cache Flush Count 3456 Host Controller Perdiodic Idle 3458 Host Controller Periodic Cache Flush Count 3460 .NET CLR Networking 3462 Connections Established 3464 Bytes Received 3466 Bytes Sent 3468 Datagrams Received 3470 Datagrams Sent 3472 .NET Data Provider for SqlServer 3474 HardConnectsPerSecond 3476 HardDisconnectsPerSecond 3478 SoftConnectsPerSecond 3480 SoftDisconnectsPerSecond 3482 NumberOfNonPooledConnections 3484 NumberOfPooledConnections 3486 NumberOfActiveConnectionPoolGroups 3488 NumberOfInactiveConnectionPoolGroups 3490 NumberOfActiveConnectionPools 3492 NumberOfInactiveConnectionPools 3494 NumberOfActiveConnections 3496 NumberOfFreeConnections 3498 NumberOfStasisConnections 3500 NumberOfReclaimedConnections 3502 .NET CLR Data 3504 SqlClient: Current # pooled and nonpooled connections 3506 SqlClient: Current # pooled connections 3508 SqlClient: Current # connection pools 3510 SqlClient: Peak # pooled connections 3512 SqlClient: Total # failed connects 3514 SqlClient: Total # failed commands 3516 .NET CLR Memory 3518 # Gen 0 Collections 3520 # Gen 1 Collections 3522 # Gen 2 Collections 3524 Promoted Memory from Gen 0 3526 Promoted Memory from Gen 1 3528 Gen 0 Promoted Bytes/Sec 3530 Gen 1 Promoted Bytes/Sec 3532 Promoted Finalization-Memory from Gen 0 3534 Process ID 3536 Gen 0 heap size 3538 Gen 1 heap size 3540 Gen 2 heap size 3542 Large Object Heap size 3544 Finalization Survivors 3546 # GC Handles 3548 Allocated Bytes/sec 3550 # Induced GC 3552 % Time in GC 3554 Not Displayed 3556 # Bytes in all Heaps 3558 # Total committed Bytes 3560 # Total reserved Bytes 3562 # of Pinned Objects 3564 # of Sink Blocks in use 3566 .NET CLR Loading 3568 Total Classes Loaded 3570 % Time Loading 3572 Assembly Search Length 3574 Total # of Load Failures 3576 Rate of Load Failures 3578 Bytes in Loader Heap 3580 Total appdomains unloaded 3582 Rate of appdomains unloaded 3584 Current Classes Loaded 3586 Rate of Classes Loaded 3588 Current appdomains 3590 Total Appdomains 3592 Rate of appdomains 3594 Current Assemblies 3596 Total Assemblies 3598 Rate of Assemblies 3600 .NET CLR Jit 3602 # of Methods Jitted 3604 # of IL Bytes Jitted 3606 Total # of IL Bytes Jitted 3608 IL Bytes Jitted / sec 3610 Standard Jit Failures 3612 % Time in Jit 3614 Not Displayed 3616 .NET CLR Interop 3618 # of CCWs 3620 # of Stubs 3622 # of marshalling 3624 # of TLB imports / sec 3626 # of TLB exports / sec 3628 .NET CLR LocksAndThreads 3630 Total # of Contentions 3632 Contention Rate / sec 3634 Current Queue Length 3636 Queue Length Peak 3638 Queue Length / sec 3640 # of current logical Threads 3642 # of current physical Threads 3644 # of current recognized threads 3646 # of total recognized threads 3648 rate of recognized threads / sec 3650 .NET CLR Security 3652 Total Runtime Checks 3654 % Time Sig. Authenticating 3656 # Link Time Checks 3658 % Time in RT checks 3660 Not Displayed 3662 Stack Walk Depth 3664 .NET CLR Remoting 3666 Remote Calls/sec 3668 Channels 3670 Context Proxies 3672 Context-Bound Classes Loaded 3674 Context-Bound Objects Alloc / sec 3676 Contexts 3678 Total Remote Calls 3680 .NET CLR Exceptions 3682 # of Exceps Thrown 3684 # of Exceps Thrown / sec 3686 # of Filters / sec 3688 # of Finallys / sec 3690 Throw To Catch Depth / sec 3692 .NET Data Provider for Oracle 3694 HardConnectsPerSecond 3696 HardDisconnectsPerSecond 3698 SoftConnectsPerSecond 3700 SoftDisconnectsPerSecond 3702 NumberOfNonPooledConnections 3704 NumberOfPooledConnections 3706 NumberOfActiveConnectionPoolGroups 3708 NumberOfInactiveConnectionPoolGroups 3710 NumberOfActiveConnectionPools 3712 NumberOfInactiveConnectionPools 3714 NumberOfActiveConnections 3716 NumberOfFreeConnections 3718 NumberOfStasisConnections 3720 NumberOfReclaimedConnections 3722 Search Gatherer Projects 3724 Document Additions 3726 Document Add Rate 3728 Document Deletes 3730 Document Delete Rate 3732 Document Modifies 3734 Document Modifies Rate 3736 Waiting Documents 3738 Documents In Progress 3740 Documents On Hold 3742 Delayed Documents 3744 URLs in History 3746 Processed Documents 3748 Processed Documents Rate 3750 Status Success 3752 Success Rate 3754 Status Error 3756 Error Rate 3762 File Errors 3764 File Errors Rate 3770 Accessed Files 3772 Accessed File Rate 3778 Filtered Office 3780 Filtered Office Rate 3782 Filtered Text 3784 Filtered Text Rate 3786 Crawls in progress 3788 Gatherer Paused Flag 3790 Recovery In Progress Flag 3792 Not Modified 3794 Iterating History In Progress Flag 3796 Incremental Crawls 3798 Filtering Documents 3800 Started Documents 3802 Retries 3804 Retries Rate 3812 Adaptive Crawl Errors 3818 Changed Documents 3820 Document Moves/Renames 3822 Document Move and Rename Rate 3824 Unique Documents 3826 History Recovery Progress 3828 Search Gatherer 3830 Notification Sources 3832 Ext. Notifications Received 3834 Ext. Notifications Rate 3836 Admin Clients 3838 Heartbeats 3840 Heartbeats Rate 3842 Filtering Threads 3844 Idle Threads 3846 Document Entries 3848 Performance Level 3850 Active Queue Length 3852 Filter Processes 3854 Filter Processes Max 3856 Filter Process Created 3858 Delayed Documents 3860 Server Objects 3862 Server Objects Created 3864 Filter Objects 3866 Documents Filtered 3868 Documents Filtered Rate 3870 Time Outs 3872 Servers Currently Unavailable 3874 Servers Unavailable 3876 Threads Accessing Network 3878 Threads In Plug-ins 3880 Documents Successfully Filtered 3882 Documents Successfully Filtered Rate 3884 Documents Delayed Retry 3886 Word Breakers Cached 3888 Stemmers Cached 3890 All Notifications Received 3892 Notifications Rate 3894 System IO traffic rate 3896 Reason to back off 3898 Threads blocked due to back off 3900 Search Indexer 3902 Master Index Level. 3904 Master Merges to Date 3906 Master Merge Progress 3908 Shadow Merge Levels 3910 Shadow Merge Levels Threshold 3912 Persistent Indexes 3914 Index Size 3916 Unique Keys 3918 Documents Filtered 3920 Work Items Created 3922 Work Items Deleted 3924 Clean WidSets 3926 Dirty WidSets 3928 Master Merges Now. 3930 Active Connections 3932 Queries 3934 Queries Failed 3936 Queries Succeeded 3938 L0 Indexes (Wordlists) 3940 L0 Merges (flushes) Now. 3942 L0 Merge (Flush) Speed - Average 3944 L0 Merge (Flush) - Count 3946 L0 Merge (Flush) Speed - Last 3948 Persistent Indexes L1 3950 L1 Merges Now. 3952 L1 Merge Speed - average 3954 L1 Merge - Count 3956 L1 Merge Speed - last 3958 Persistent Indexes L2 3960 L2 Merges Now. 3962 L2 Merge Speed - average 3964 L2 Merge - Count 3966 L2 Merge Speed - last 3968 Persistent Indexes L3 3970 L3 Merges Now. 3972 L3 Merge Speed - average 3974 L3 Merge - Count 3976 L3 Merge Speed - last 3978 Persistent Indexes L4 3980 L4 Merges Now. 3982 L4 Merge Speed - average 3984 L4 Merge - Count 3986 L4 Merge Speed - last 3988 Persistent Indexes L5 3990 L5 Merges Now. 3992 L5 Merge Speed - average 3994 L5 Merge - Count 3996 L5 Merge Speed - last 3998 Persistent Indexes L6 4000 L6 Merges Now. 4002 L6 Merge Speed - average 4004 L6 Merge - Count 4006 L6 Merge Speed - last 4008 Persistent Indexes L7 4010 L7 Merges Now. 4012 L7 Merge Speed - average 4014 L7 Merge - Count 4016 L7 Merge Speed - last 4018 Persistent Indexes L8 4020 L8 Merges Now. 4022 L8 Merge Speed - average 4024 L8 Merge - Count 4026 L8 Merge Speed - last 4028 Peer Networking Resolution Protocol 4030 Number of IDs registered 4032 Number of resolves 4034 bytes sent/sec 4036 bytes received/sec 4038 Stale cache entry hits 4040 ServiceModelOperation 3.0.0.0 4042 Calls 4044 Calls Per Second 4046 Calls Outstanding 4048 Calls Failed 4050 Call Failed Per Second 4052 Calls Faulted 4054 Calls Faulted Per Second 4056 Calls Duration 4058 Calls Duration Base 4060 Transactions Flowed 4062 Transactions Flowed Per Second 4064 Security Validation and Authentication Failures 4066 Security Validation and Authentication Failures Per Second 4068 Security Calls Not Authorized 4070 Security Calls Not Authorized Per Second 4072 ReadyBoost Cache 4074 Hit read bytes/sec 4076 Total read bytes/sec 4078 Total write bytes/sec 4080 Update buffer read bytes/sec 4082 Bytes cached 4084 Invalidated update buffer bytes/sec 4086 Cache reads/sec 4088 Compression Ratio 4090 Sequential IOs bailed/sec 4092 Read-Size-Max IOs bailed/sec 4094 No-regions reschedules/sec 4096 No-update-buffers reschedules/sec 4098 Invalidated update buffer blocks/sec 4100 ServiceModelService 3.0.0.0 4102 Calls 4104 Calls Per Second 4106 Calls Outstanding 4108 Calls Failed 4110 Calls Failed Per Second 4112 Calls Faulted 4114 Calls Faulted Per Second 4116 Calls Duration 4118 Calls Duration Base 4120 Transactions Flowed 4122 Transactions Flowed Per Second 4124 Transacted Operations Committed 4126 Transacted Operations Committed Per Second 4128 Transacted Operations Aborted 4130 Transacted Operations Aborted Per Second 4132 Transacted Operations In Doubt 4134 Transacted Operations In Doubt Per Second 4136 Security Validation and Authentication Failures 4138 Security Validation and Authentication Failures Per Second 4140 Security Calls Not Authorized 4142 Security Calls Not Authorized Per Second 4144 Instances 4146 Instances Created Per Second 4148 Reliable Messaging Sessions Faulted 4150 Reliable Messaging Sessions Faulted Per Second 4152 Reliable Messaging Messages Dropped 4154 Reliable Messaging Messages Dropped Per Second 4156 Queued Poison Messages 4158 Queued Poison Messages Per Second 4160 Queued Messages Rejected 4162 Queued Messages Rejected Per Second 4164 Queued Messages Dropped 4166 Queued Messages Dropped Per Second 4168 MSDTC Bridge 3.0.0.0 4170 Message send failures/sec 4172 Prepare retry count/sec 4174 Commit retry count/sec 4176 Prepared retry count/sec 4178 Replay retry count/sec 4180 Faults received count/sec 4182 Faults sent count/sec 4184 Average participant prepare response time 4186 Average participant prepare response time Base 4188 Average participant commit response time 4190 Average participant commit response time Base 4272 SMSvcHost 3.0.0.0 4274 Protocol Failures over net.tcp 4276 Protocol Failures over net.pipe 4278 Dispatch Failures over net.tcp 4280 Dispatch Failures over net.pipe 4282 Connections Dispatched over net.tcp 4284 Connections Dispatched over net.pipe 4286 Connections Accepted over net.tcp 4288 Connections Accepted over net.pipe 4290 Registrations Active for net.tcp 4292 Registrations Active for net.pipe 4294 Uris Registered for net.tcp 4296 Uris Registered for net.pipe 4298 Uris Unregistered for net.tcp 4300 Uris Unregistered for net.pipe 4302 ServiceModelEndpoint 3.0.0.0 4304 Calls 4306 Calls Per Second 4308 Calls Outstanding 4310 Calls Failed 4312 Calls Failed Per Second 4314 Calls Faulted 4316 Calls Faulted Per Second 4318 Calls Duration 4320 Calls Duration Base 4322 Transactions Flowed 4324 Transactions Flowed Per Second 4326 Security Validation and Authentication Failures 4328 Security Validation and Authentication Failures Per Second 4330 Security Calls Not Authorized 4332 Security Calls Not Authorized Per Second 4334 Reliable Messaging Sessions Faulted 4336 Reliable Messaging Sessions Faulted Per Second 4338 Reliable Messaging Messages Dropped 4340 Reliable Messaging Messages Dropped Per Second 4342 Windows Workflow Foundation 4344 Workflows Created 4346 Workflows Created/sec 4348 Workflows Unloaded 4350 Workflows Unloaded/sec 4352 Workflows Loaded 4354 Workflows Loaded/sec 4356 Workflows Completed 4358 Workflows Completed/sec 4360 Workflows Suspended 4362 Workflows Suspended/sec 4364 Workflows Terminated 4366 Workflows Terminated/sec 4368 Workflows In Memory 4370 Workflows Aborted 4372 Workflows Aborted/sec 4374 Workflows Persisted 4376 Workflows Persisted/sec 4378 Workflows Executing 4380 Workflows Idle/sec 4382 Workflows Runnable 4384 Workflows Pending 4386 Pacer Flow 4388 Pacer Pipe 4390 Packets dropped 4392 Packets scheduled 4394 Packets transmitted 4396 Average packets in shaper 4398 Max packets in shaper 4400 Average packets in sequencer 4402 Max packets in sequencer 4404 Bytes scheduled 4406 Bytes transmitted 4408 Bytes transmitted/sec 4410 Bytes scheduled/sec 4412 Packets transmitted/sec 4414 Packets scheduled/sec 4416 Packets dropped/sec 4418 Nonconforming packets scheduled 4420 Nonconforming packets scheduled/sec 4422 Nonconforming packets transmitted 4424 Nonconforming packets transmitted/sec 4426 Maximum Packets in netcard 4428 Average Packets in netcard 4430 Out of packets 4432 Flows opened 4434 Flows closed 4436 Flows rejected 4438 Flows modified 4440 Flow mods rejected 4442 Max simultaneous flows 4444 Nonconforming packets scheduled 4446 Nonconforming packets scheduled/sec 4448 Nonconforming packets transmitted 4450 Nonconforming packets transmitted/sec 4452 Average packets in shaper 4454 Max packets in shaper 4456 Average packets in sequencer 4458 Max packets in sequencer 4460 Max packets in netcard 4462 Average packets in netcard 4728 Terminal Services Session 4730 Input WdBytes 4732 Input WdFrames 4734 Input WaitForOutBuf 4736 Input Frames 4738 Input Bytes 4740 Input Compressed Bytes 4742 Input Compress Flushes 4744 Input Errors 4746 Input Timeouts 4748 Input Async Frame Error 4750 Input Async Overrun 4752 Input Async Overflow 4754 Input Async Parity Error 4756 Input Transport Errors 4758 Output WdBytes 4760 Output WdFrames 4762 Output WaitForOutBuf 4764 Output Frames 4766 Output Bytes 4768 Output Compressed Bytes 4770 Output Compress Flushes 4772 Output Errors 4774 Output Timeouts 4776 Output Async Frame Error 4778 Output Async Overrun 4780 Output Async Overflow 4782 Output Async Parity Error 4784 Output Transport Errors 4786 Total WdBytes 4788 Total WdFrames 4790 Total WaitForOutBuf 4792 Total Frames 4794 Total Bytes 4796 Total Compressed Bytes 4798 Total Compress Flushes 4800 Total Errors 4802 Total Timeouts 4804 Total Async Frame Error 4806 Total Async Overrun 4808 Total Async Overflow 4810 Total Async Parity Error 4812 Total Transport Errors 4814 Total Protocol Cache Reads 4816 Total Protocol Cache Hits 4818 Total Protocol Cache Hit Ratio 4820 Protocol Bitmap Cache Reads 4822 Protocol Bitmap Cache Hits 4824 Protocol Bitmap Cache Hit Ratio 4826 Protocol Glyph Cache Reads 4828 Protocol Glyph Cache Hits 4830 Protocol Glyph Cache Hit Ratio 4832 Protocol Brush Cache Reads 4834 Protocol Brush Cache Hits 4836 Protocol Brush Cache Hit Ratio 4838 Protocol Save Screen Bitmap Cache Reads 4840 Protocol Save Screen Bitmap Cache Hits 4842 Protocol Save Screen Bitmap Cache Hit Ratio 4844 Input Compression Ratio 4846 Output Compression Ratio 4848 Total Compression Ratio 5114 Outlook 5116 RPCs Attempted 5118 RPCs Succeeded 5120 RPCs Failed 5122 RPCs Cancelled 5124 RPCs UI Shown 5126 RPCs Attempted - UI 5128 Time Avg (all) 5130 Time Avg (10) 5132 Time Avg (50) 5134 Time Avg (200) 5136 Time Min 5138 Time Max 5140 Count obj connection 5142 Count obj hcot table 5144 Count handle (AD) context 5146 Count handle (AD) binding 5148 Count handle (store) context 5150 Count handle (store) binding 5152 WMI Objects 5154 HiPerf Classes 5156 HiPerf Validity 5158 iSCSI Connections 5160 Bytes Received 5162 Bytes Sent 5164 PDUs Sent 5166 PDUs Received 5168 iSCSI Initiator Instance 5170 Session Cxn Timeout Errors 5172 Session Digest Errors 5174 Sessions Failed 5176 Session Format Errors 5178 iSCSI Initiator Login statistics 5180 Login Accept Responses 5182 Logins Failed 5184 Login Authentication Failed Responses 5186 Failed Logins 5188 Login Negotiation Failed 5190 Login Other Failed Responses 5192 Login Redirect Responses 5194 Logout Normal 5196 Logout Other Codes 5198 iSCSI HBA Main Mode IPSEC Statistics 5200 AcquireFailures 5202 AcquireHeapSize 5204 ActiveAcquire 5206 ActiveReceive 5208 AuthenticationFailures 5210 ConnectionListSize 5212 GetSPIFailures 5214 InvalidCookiesReceived 5216 InvalidPackets 5218 KeyAdditionFailures 5220 KeyAdditions 5222 KeyUpdateFailures 5224 KeyUpdates 5226 NegotiationFailures 5228 OakleyMainMode 5230 OakleyQuickMode 5232 ReceiveFailures 5234 ReceiveHeapSize 5236 SendFailures 5238 SoftAssociations 5240 TotalGetSPI 5242 MSiSCSI_NICPerformance 5244 BytesReceived 5246 BytesTransmitted 5248 PDUReceived 5250 PDUTransmitted 5252 iSCSI HBA Quick Mode IPSEC Statistics 5254 ActiveSA 5256 ActiveTunnels 5258 AuthenticatedBytesReceived 5260 AuthenticatedBytesSent 5262 BadSPIPackets 5264 ConfidentialBytesReceived 5266 ConfidentialBytesSent 5268 KeyAdditions 5270 KeyDeletions 5272 PacketsNotAuthenticated 5274 PacketsNotDecrypted 5276 PacketsWithReplayDetection 5278 PendingKeyOperations 5280 ReKeys 5282 TransportBytesReceived 5284 TransportBytesSent 5286 TunnelBytesReceived 5288 TunnelBytesSent 5290 iSCSI Request Processing Time 5292 Average Request Processing Time 5294 Max Request Processing Time 5296 iSCSI Sessions 5298 Bytes Received 5300 Bytes Sent 5302 ConnectionTimeout Errors 5304 Digest Errors 5306 Format Errors 5308 PDUs Sent 5310 PDUs Received 5312 Processor Performance 5314 Processor Frequency 5316 % of Maximum Frequency 5318 Processor State Flags 5320 Video Scheduler 5322 DMA Buffer Completed/Sec 5324 % GPU Busy 5326 GPU Context 5328 GPU Context Switch/Sec 5330 DMA Buffer Preempted/Sec 5332 Present/Sec 5334 DMA Buffer Submitted/Sec 4714 Terminal Services 4716 Active Sessions 4718 Inactive Sessions 4720 Total Sessions 1926 WFPv4 1928 Inbound Packets Discarded/sec 1930 Outbound Packets Discarded/sec 1932 Packets Discarded/sec 1934 Blocked Binds 1936 Inbound Connections Blocked/sec 1938 Outbound Connections Blocked/sec 1940 Inbound Connections Allowed/sec 1942 Outbound Connections Allowed/sec 1944 Inbound Connections 1946 Outbound Connections 1948 Active Inbound Connections 1950 Active Outbound Connections 1952 Allowed Classifies/sec 1986 IPsec Driver 1988 Active Security Associations 1990 Pending Security Associations 1992 Incorrect SPI Packets 1994 Bytes Received in Tunnel Mode/sec 1996 Bytes Sent in Tunnel Mode/sec 1998 Bytes Received in Transport Mode/sec 2000 Bytes Sent in Transport Mode/sec 2002 Offloaded Security Associations 2004 Offloaded Bytes Received/sec 2006 Offloaded Bytes Sent/sec 2008 Packets That Failed Replay Detection 2010 Packets Not Authenticated 2012 Packets Not Decrypted 2014 SA Rekeys 2016 Security Associations Added 2018 Packets That Failed ESP Validation 2020 Packets That Failed UDP-ESP Validation 2022 Packets Received Over Wrong SA 2024 Plaintext Packets Received 1982 WFP 1984 Provider Count 1954 WFPv6 1956 Inbound Packets Discarded/sec 1958 Outbound Packets Discarded/sec 1960 Packets Discarded/sec 1962 Blocked Binds 1964 Inbound Connections Blocked/sec 1966 Outbound Connections Blocked/sec 1968 Inbound Connections Allowed/sec 1970 Outbound Connections Allowed/sec 1972 Inbound Connections 1974 Outbound Connections 1976 Active Inbound Connections 1978 Active Outbound Connections 1980 Allowed Classifies/sec 4722 Authorization Manager Applications 4724 Total number of scopes 4726 Number of Scopes loaded in memory 4862 DFS Replicated Folders 4864 Conflict Files Generated 4866 Conflict Bytes Generated 4868 Conflict Files Cleaned up 4870 Conflict Bytes Cleaned up 4872 Conflict Space In Use 4874 Conflict Folder Cleanups Completed 4876 File Installs Succeeded 4878 File Installs Retried 4880 Updates Dropped 4882 Deleted Files Generated 4884 Deleted Bytes Generated 4886 Deleted Files Cleaned up 4888 Deleted Bytes Cleaned up 4890 Deleted Space In Use 4892 Total Files Received 4894 Size of Files Received 4896 Compressed Size of Files Received 4898 RDC Number of Files Received 4900 RDC Size of Files Received 4902 RDC Compressed Size of Files Received 4904 RDC Bytes Received 4906 Bandwidth Savings Using DFS Replication 4908 DFS Replication Connections 4910 Total Bytes Received 4912 Total Files Received 4914 Size of Files Received 4916 Compressed Size of Files Received 4918 Bytes Received Per Second 4920 RDC Number of Files Received 4922 RDC Size of Files Received 4924 RDC Compressed Size of Files Received 4926 RDC Bytes Received 4928 Bandwidth Savings Using DFS Replication 4850 DFS Replication Service Volumes 4852 USN Journal Records Read 4854 USN Journal Records Accepted 4856 USN Journal Unread Percentage 4858 Database Commits 4860 Database Lookups 2222 Generic IKE and AuthIP 2224 IKE Main Mode Negotiation Time 2226 AuthIP Main Mode Negotiation Time 2228 IKE Quick Mode Negotiation Time 2230 AuthIP Quick Mode Negotiation Time 2232 Extended Mode Negotiation Time 2234 Packets Received/sec 2236 Invalid Packets Received/sec 2238 Successful Negotiations 2240 Successful Negotiations/sec 2242 Failed Negotiations 2244 Failed Negotiations/sec 2102 IPsec AuthIPv4 2104 Active Main Mode SAs 2106 Pending Main Mode Negotiations 2108 Main Mode Negotiations 2110 Main Mode Negotiations/sec 2112 Successful Main Mode Negotiations 2114 Successful Main Mode Negotiations/sec 2116 Failed Main Mode Negotiations 2118 Failed Main Mode Negotiations/sec 2120 Main Mode Negotiation Requests Received 2122 Main Mode Negotiation Requests Received/sec 2124 Main Mode SAs That Used Impersonation 2126 Main Mode SAs That Used Impersonation/sec 2128 Active Quick Mode SAs 2130 Pending Quick Mode Negotiations 2132 Quick Mode Negotiations 2134 Quick Mode Negotiations/sec 2136 Successful Quick Mode Negotiations 2138 Successful Quick Mode Negotiations/sec 2140 Failed Quick Mode Negotiations 2142 Failed Quick Mode Negotiations/sec 2144 Active Extended Mode SAs 2146 Pending Extended Mode Negotiations 2148 Extended Mode Negotiations 2150 Extended Mode Negotiations/sec 2152 Successful Extended Mode Negotiations 2154 Successful Extended Mode Negotiations/sec 2156 Failed Extended Mode Negotiations 2158 Failed Extended Mode Negotiations/sec 2160 Extended Mode SAs That Used Impersonation 2162 IPsec AuthIPv6 2164 Active Main Mode SAs 2166 Pending Main Mode Negotiations 2168 Main Mode Negotiations 2170 Main Mode Negotiations/sec 2172 Successful Main Mode Negotiations 2174 Successful Main Mode Negotiations/sec 2176 Failed Main Mode Negotiations 2178 Failed Main Mode Negotiations/sec 2180 Main Mode Negotiation Requests Received 2182 Main Mode Negotiation Requests Received/sec 2184 Main Mode SAs That Used Impersonation 2186 Main Mode SAs That Used Impersonation/sec 2188 Active Quick Mode SAs 2190 Pending Quick Mode Negotiations 2192 Quick Mode Negotiations 2194 Quick Mode Negotiations/sec 2196 Successful Quick Mode Negotiations 2198 Successful Quick Mode Negotiations/sec 2200 Failed Quick Mode Negotiations 2202 Failed Quick Mode Negotiations/sec 2204 Active Extended Mode SAs 2206 Pending Extended Mode Negotiations 2208 Extended Mode Negotiations 2210 Extended Mode Negotiations/sec 2212 Successful Extended Mode Negotiations 2214 Successful Extended Mode Negotiations/sec 2216 Failed Extended Mode Negotiations 2218 Failed Extended Mode Negotiations/sec 2220 Extended Mode SAs That Used Impersonation 2026 IPsec IKEv4 2028 Active Main Mode SAs 2030 Pending Main Mode Negotiations 2032 Main Mode Negotiations 2034 Main Mode Negotiations/sec 2036 Successful Main Mode Negotiations 2038 Successful Main Mode Negotiations/sec 2040 Failed Main Mode Negotiations 2042 Failed Main Mode Negotiations/sec 2044 Main Mode Negotiation Requests Received 2046 Main Mode Negotiation Requests Received/sec 2048 Active Quick Mode SAs 2050 Pending Quick Mode Negotiations 2052 Quick Mode Negotiations 2054 Quick Mode Negotiations/sec 2056 Successful Quick Mode Negotiations 2058 Successful Quick Mode Negotiations/sec 2060 Failed Quick Mode Negotiations 2062 Failed Quick Mode Negotiations/sec 2064 IPsec IKEv6 2066 Active Main Mode SAs 2068 Pending Main Mode Negotiations 2070 Main Mode Negotiations 2072 Main Mode Negotiations/sec 2074 Successful Main Mode Negotiations 2076 Successful Main Mode Negotiations/sec 2078 Failed Main Mode Negotiations 2080 Failed Main Mode Negotiations/sec 2082 Main Mode Negotiation Requests Received 2084 Main Mode Negotiation Requests Received/sec 2086 Active Quick Mode SAs 2088 Pending Quick Mode Negotiations 2090 Quick Mode Negotiations 2092 Quick Mode Negotiations/sec 2094 Successful Quick Mode Negotiations 2096 Successful Quick Mode Negotiations/sec 2098 Failed Quick Mode Negotiations 2100 Failed Quick Mode Negotiations/sec 4696 HTTP Service Request Queues 4698 CurrentQueueSize 4700 MaxQueueItemAge 4702 ArrivalRate 4704 RejectionRate 4706 RejectedRequests 4708 CacheHitRate 4676 HTTP Service Url Groups 4678 BytesSentRate 4680 BytesReceivedRate 4682 BytesTransferredRate 4684 CurrentConnections 4686 MaxConnections 4688 ConnectionAttempts 4690 GetRequests 4692 HeadRequests 4694 AllRequests 4662 HTTP Service 4664 CurrentUrisCached 4666 TotalUrisCached 4668 UriCacheHits 4670 UriCacheMisses 4672 UriCacheFlushes 4674 TotalFlushedUris 4648 Netlogon 4650 Semaphore Waiters 4652 Semaphore Holders 4654 Semaphore Acquires 4656 Semaphore Timeouts 4658 Average Semaphore Hold Time 4660 Semaphore Hold Time Base 3418 TBS counters 3420 CurrentContexts 3422 CurrentResources"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\WFPIPsecHelperClass]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\WFP-IPsec Trace]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\NAPIPSecEnf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Parameters]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Parameters]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\WFPIPsecHelperClass]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\WMI\Autologger\WFP-IPsec Trace]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\NAPIPSecEnf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PolicyAgent\Parameters]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PolicyAgent\Parameters]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\WFPIPsecHelperClass]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WFP-IPsec Trace]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NAPIPSecEnf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\Qecs\79619]
"Friendly Name"="@%SystemRoot%\system32\napipsec.dll,-1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Performance]
"Open"="OpenIPSecPerformanceData"

-=End Of File=-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users