Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connection Problems


  • This topic is locked This topic is locked
117 replies to this topic

#1 jamiehart

jamiehart

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 17 October 2011 - 11:16 AM

I've been told to post here something I posted in the Internet section and I'm hoping someone can help. Copied below

Hi,

I'm hoping someone here can help.

I've two separate problems.

I connect to the internet via a wireless network which I have used for several years. It's a high speed connection at around 50mbps. A couple of weeks back I got infected with the google redirect virus. I came here and downloaded combofix and ran the program and was able to solve this problem. However, I now get a situation where when I'm browing and have maybe 3 or 4 screens open the connection freezes and no new pages can be loaded or existing pages reloaded. I'm still connected to the internet at this stage. Sometimes the problem rectifies itself after a few minutes or the quickest option is to disable the connection, enable immediately after and everything is fine again. Does anyone have any idea as to what may be causing this ?

Additionally I have a further browsing problem. I also access the internet from home via another wireless network - Orange. This entails using portable modem which plugs in to the back of the computer in one of the USB ports. Again, this connection, whilst slower, around 7.2 mbps, has worked fine for at least a year now, until last week which was the first time I had occassion to use it for a few weeks.

Normally when I insert the modem I go to run and Orange shows up on drive E and Ucan ( which is the program used to actually connect) show up on Drive F. I then type in run ucan.exe, the modem loads and I connect.

Now when I insert the modem it only shows drive E not F, which means I can't connect. I've verified that the modem works on another computer fine which tells me again that I've some sort of problem - trouble is I don't know what !

I've recently run Malwarebytes Anti- Malware and that cleaned up some infected files and I also Ppaid for ParetoLogic PC Health Adviser and run that. During the running of that program it identified some drivers which were out of date. However whilst I tried to update them it transpired during the installation that in fact the "new" drivers were for the US market and not Europe where I am so the installation never finished.

I'm wondering if the second problem of not being able to connect at all with my temporary modem might be related to this in any way.

I'd be really grateful for some assistance on this and hope someone can help with this.

Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:01 PM

Posted 17 October 2011 - 11:56 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 18 October 2011 - 04:14 AM

Hi,

Thanks for getting back to me.

I started at step 6 as requested and the fact that I didn't have to reboot presumably means that I didn't have any CD emulation programs present.

Step 7 causes a problem. I had three attempts at this. On each occasion it appears to be working fine and a series of # signs run about 75% of the way across the screen then everything stops, the screen freezes, clock stops and I have to turn off the computer.

Step 8 went OK and a copy of the log is attached.

Attached Files

  • Attached File  ark.txt   1.61KB   7 downloads


#4 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 20 October 2011 - 02:32 AM

Trying to contact Orange Blossom.

Completed tasks that I was requested to do and attached logs where possible and nothing else has happened and the problem is not going away ! Can anyone else here help ?

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 22 October 2011 - 11:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423886 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 25 October 2011 - 03:49 AM

Hi

Thanks for getting back to me.

In short the problems are still pretty much the same with one extra one to report.

Firstly, I can't run the first dds program as the thing freezes each time. I put full details in the earlier post. I'm attaching the log again to the the GMER scan for your info and advice.

I'm pretty certain I don't have the original Windows installation CD as I recently moved house and a load of stuff went missing - I'll double check anyway.

Basic symptoms are still the same. I'm connected to the internet in my office, everything is going fine and then suddenly you can't load new sites, refresh pages etc even though you are still connected. This sometimes clears itself in a few minutes, generally I just disable the connection then enable and its fine again. It's a real pain !

The other problem was the other internet connection I use at home which requires me to insert the modem in the USB socket at the back of my laptop. Basically, when I do this it shows up drives E and F on my computer. I connect through a program called ucan.exe which is located on drive F. Recently when I've inserted the modem drive F n longer appears making it impossible to connect to the internet using this device.

I've tested the modem on other computers and it works fine.

The new problem I have is of my own making. In an effort to 'find' drive F I read some information that you can rename this with a higher letter in the alphabet and this can help. Obviously not reliable info as I renamed it Z and now I can't find it anywhere !!

Really hoping you can help with all this.

Attached Files

  • Attached File  ark.txt   1.61KB   5 downloads


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 25 October 2011 - 08:07 AM

Hello jamiehart,

Apologies for the delay.

We need to check a few things.

  • See if we can retrieve the Combofix log(s).
    Please go to Start =>run, copy and paste the following and press Enter:

    cmd /c dir /a/s/b c:\combo*.txt >log1.txt & log1.txt

    A log file opens. In case the log shows some files please attach them to your reply.
  • Please go to Start =>run, copy and paste the following and press Enter:

    cmd /c dir /a/s/b c:\qobox >log2.txt & log2.txt

    A log file opens. Please post the content to your reply.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Under Output select "Standard Output" checkbox.
    • Set Services, Drivers to All.
    • Click Run Scan button.
    • Two reports will open, copy and paste OTL.txt and attach Extra.txt to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#8 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 25 October 2011 - 12:14 PM

Hi,

Thanks for the reply.

The first two requests produced nothing. I ran both command instructions which brought up the blank black screen and it stayed that way.

I'm attaching the Minitool box report.

Copied below is the OTL text:

OTL logfile created on: 10/25/2011 6:54:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\N800C\Desktop\Internet Security
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

511.36 Mb Total Physical Memory | 196.14 Mb Available Physical Memory | 38.36% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.34% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.58 Gb Total Space | 1.36 Gb Free Space | 7.72% Space Free | Partition Type: NTFS
Drive D: | 19.68 Gb Total Space | 18.58 Gb Free Space | 94.38% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-C71F7BA3 | User Name: N800C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 18:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\N800C\Desktop\Internet Security\OTL.exe
PRC - [2011/09/29 08:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/11/23 11:30:52 | 000,736,464 | ---- | M] ( James J. Jones, LLC.) -- C:\Program Files\Micro Niche Finder\bggoogle.exe
PRC - [2009/06/15 12:54:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 02:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2003/04/18 15:06:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Micro Niche Finder\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/21 09:14:29 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 08:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/08/08 23:19:46 | 000,027,648 | ---- | M] () -- C:\WINDOWS\system32\rksfaxpm.dll
MOD - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2003/04/18 15:06:26 | 000,010,240 | ---- | M] () -- C:\Program Files\Micro Niche Finder\srvany.exe


========== Win32 Services (All) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/19 12:39:49 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/08/27 07:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2009/06/15 12:54:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/06/10 08:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2009/01/30 20:33:54 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2009/01/30 17:46:12 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2008/07/29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 22:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/14 02:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2008/04/14 02:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 02:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2008/04/14 02:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2008/04/14 02:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2008/04/14 02:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2008/04/14 02:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 02:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 02:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 02:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2008/04/14 02:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2008/04/14 02:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2008/04/14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2008/04/14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 02:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 02:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 02:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 02:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2008/04/14 02:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 02:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2008/04/14 02:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 02:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/14 02:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2008/04/14 02:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 02:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 02:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2008/04/14 02:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2008/04/14 02:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2008/04/14 02:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2008/04/14 02:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2008/04/14 02:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 02:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 02:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 02:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 02:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2008/04/14 02:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/04/14 02:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 02:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2008/04/14 02:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 02:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 02:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
SRV - [2008/04/14 02:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2008/04/14 02:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 02:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 02:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/14 02:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/04/14 02:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 02:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 02:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
SRV - [2008/04/14 02:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 02:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/14 02:11:55 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/14 02:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2008/04/14 02:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 02:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 02:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 02:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 02:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 02:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 02:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/02/28 14:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2005/08/02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/06/08 08:14:18 | 000,368,640 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/04/18 15:06:26 | 000,010,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Micro Niche Finder\srvany.exe -- (Micro Niche Finder Background Download Service)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (PCIIde)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Cdrom)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2011/08/17 15:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/07/15 15:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 16:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/06/24 16:10:36 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/04/21 15:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 15:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 17:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009/10/20 18:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 13:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/13 16:57:46 | 000,066,560 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/05/13 16:56:46 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/05/13 16:56:24 | 000,107,520 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 02:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 02:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 02:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 21:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 21:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 21:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 21:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 21:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 21:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 21:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 21:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 21:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 21:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 21:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 20:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 20:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 20:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 20:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 20:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 20:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 20:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 20:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 20:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 20:54:36 | 000,088,192 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\irda.sys -- (irda)
DRV - [2008/04/13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 20:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 20:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 20:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 20:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 20:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 20:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 20:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 20:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 20:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 20:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 20:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 20:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 20:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 20:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 20:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 20:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 20:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 20:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 20:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 20:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 20:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 20:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 20:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 20:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 20:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 20:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 20:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 20:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 20:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 20:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 20:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 20:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 20:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 20:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 20:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 20:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 20:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 20:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 20:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 20:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 20:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 20:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 20:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 20:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 18:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 10:47:45 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/05 12:57:48 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\semwl5.sys -- (SEM43XX)
DRV - [2007/05/14 15:35:12 | 000,108,928 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GCXX.sys -- (SEMWModem)
DRV - [2007/05/10 15:34:48 | 000,053,248 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GCXXNet.sys -- (SEMWWNIC)
DRV - [2007/05/10 15:32:52 | 000,019,328 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GCXXSC.sys -- (Sony_EricssonWWSC)
DRV - [2006/11/20 11:11:58 | 000,184,832 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8180.sys -- (LSWPCv4)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/02/28 14:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2006/02/28 14:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2006/02/28 14:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2006/02/28 14:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2006/02/28 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/28 14:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2006/02/28 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2006/02/28 14:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2006/02/28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2006/02/28 14:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2006/02/28 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2006/02/28 14:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2006/02/28 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2006/02/28 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2006/02/28 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2006/02/28 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2006/02/28 14:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2005/08/02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/08 08:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 15:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 14:51:32 | 000,019,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 14:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-1935655697-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-796845957-1935655697-854245398-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-796845957-1935655697-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/19 12:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/08 13:37:19 | 000,000,000 | ---D | M]

[2010/06/23 10:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Extensions
[2010/06/23 10:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/19 13:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Firefox\Profiles\2y5xp3z2.default\extensions
[2010/10/05 10:29:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Firefox\Profiles\2y5xp3z2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/19 12:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/19 12:40:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 08:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/19 12:39:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 02:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Live Search ()
CHR - default_search_provider: search_url = http://search.live.com/results.aspx?setlang=en-US&mkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/03/07 11:14:22 | 000,000,090 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 64.22.112.53 howtofindapartner.com www.howtofindapartner.com
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-796845957-1935655697-854245398-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1935655697-854245398-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-1935655697-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-1935655697-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-1935655697-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKU\S-1-5-21-796845957-1935655697-854245398-1004\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228161618984 (WUWebControl Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC28965-6A01-4E94-BCE9-E498CEFA07CA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-796845957-1935655697-854245398-1004 Winlogon: Shell - (C:\Documents and Settings\N800C\Local Settings\Application Data\7b9aefc5\X) -C:\Documents and Settings\N800C\Local Settings\Application Data\7b9aefc5\X ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\N800C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\N800C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/01 14:17:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[4108/12/01 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[4108/12/01 15:40:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[4108/12/01 14:46:43 | 000,000,000 | ---D | C] -- D:\Dokumenty\RKSFax
[4108/12/01 14:45:16 | 000,000,000 | ---D | C] -- D:\Dokumenty\OpenOffice.org 2.3 Installation Files
[4108/12/01 14:44:25 | 000,000,000 | R--D | C] -- D:\Dokumenty\My Pictures
[4108/12/01 14:44:13 | 000,000,000 | R--D | C] -- D:\Dokumenty\My Music
[4108/12/01 14:44:12 | 000,000,000 | ---D | C] -- D:\Dokumenty\My Web CEO Projects
[4108/12/01 14:44:11 | 000,000,000 | ---D | C] -- D:\Dokumenty\Monkey Folder
[4108/12/01 14:44:08 | 000,000,000 | ---D | C] -- D:\Dokumenty\Loans VC Info
[4108/12/01 14:43:52 | 000,000,000 | ---D | C] -- D:\Dokumenty\HSBC Info
[4108/12/01 14:43:47 | 000,000,000 | ---D | C] -- D:\Dokumenty\GREEK ARTICLE PROJECT
[4108/12/01 14:43:23 | 000,000,000 | ---D | C] -- D:\Dokumenty\Cartus
[4108/12/01 14:43:20 | 000,000,000 | ---D | C] -- D:\Dokumenty\Capital First Info
[4108/12/01 14:43:06 | 000,000,000 | ---D | C] -- D:\Dokumenty\Brita Info
[2011/10/25 13:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Desktop\Google+1 Software
[2011/10/19 17:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Desktop\Lead Comet
[2011/10/19 12:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/19 12:40:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/19 12:40:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/19 12:40:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/19 12:40:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/19 12:38:09 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\jre-6u29-windows-i586-iftw.exe
[2011/10/18 08:26:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\N800C\Desktop\dds.scr
[2011/10/17 11:23:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/17 10:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/10/17 10:29:14 | 000,000,000 | ---D | C] -- D:\Dokumenty\My Drivers
[2011/10/17 10:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Local Settings\Application Data\Innovative Solutions
[2011/10/15 10:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Application Data\WinPatrol
[2011/10/14 10:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Desktop\Facebook CPA
[2011/10/14 10:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Start Menu\Programs\BACKLINKS CHECK PRO
[2011/10/13 11:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Desktop\CB Evolution
[2011/10/13 09:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\BACKLINKS CHECK PRO
[2011/10/12 09:45:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/10 16:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Local Settings\Application Data\SlimWare Utilities Inc
[2011/10/10 16:48:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2011/10/10 16:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/10/08 13:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/08 13:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/08 13:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/10/08 13:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/08 11:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Desktop\Infoproduct-Empire
[2011/10/07 14:41:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\N800C\UserData
[2011/10/07 10:52:35 | 000,000,000 | ---D | C] -- C:\backup
[2011/10/07 10:11:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/10/07 10:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2011/10/07 10:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Application Data\BitZipper
[2011/10/07 09:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Application Data\ParetoLogic
[2011/10/07 09:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Start Menu\Programs\ParetoLogic
[2011/10/07 09:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/10/07 09:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/10/05 10:09:38 | 004,255,422 | R--- | C] (Swearware) -- D:\Dokumenty\ComboFix.exe
[2011/10/05 09:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/05 09:56:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/05 09:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Desktop\Internet Security
[2011/10/05 09:30:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/04 10:36:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\N800C\Local Settings\Application Data\7b9aefc5
[2011/10/01 14:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Application Data\KeywordOptimizerPro
[2011/10/01 14:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Keyword Optimizer Pro
[2011/10/01 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Keyword Optimizer Pro
[2011/10/01 10:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Desktop\RCR
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2099/01/01 12:00:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\N800C\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2099/01/01 12:00:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/25 18:45:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/25 18:45:51 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2011/10/25 18:45:49 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1935655697-854245398-1004.job
[2011/10/25 18:45:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 18:00:25 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/10/21 10:46:14 | 536,297,472 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/10/21 10:16:34 | 000,025,282 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\Apartment 1.jpg
[2011/10/21 10:16:32 | 000,085,616 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\86.jpg
[2011/10/21 10:16:21 | 000,028,528 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\Strona 1.jpg
[2011/10/21 09:14:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/19 12:39:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/19 12:39:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/10/19 12:39:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/10/19 12:39:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/10/19 12:39:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/10/19 12:38:10 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u29-windows-i586-iftw.exe
[2011/10/19 12:02:10 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\N800C\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/19 12:02:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/18 08:26:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\N800C\Desktop\dds.scr
[2011/10/18 08:24:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\N800C\defogger_reenable
[2011/10/17 17:43:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/17 15:05:55 | 000,460,308 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/17 15:05:54 | 000,076,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 09:36:36 | 001,497,764 | ---- | M] () -- D:\Dokumenty\cb-evolution.pdf
[2011/10/12 11:44:09 | 001,430,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/12 11:20:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/12 10:20:47 | 000,552,541 | ---- | M] () -- D:\Dokumenty\WebsiteCommando-Presentation2.pdf
[2011/10/12 09:44:29 | 004,255,422 | R--- | M] (Swearware) -- D:\Dokumenty\ComboFix.exe
[2011/10/08 14:01:26 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Micro Niche Finder 5.0.lnk
[2011/10/08 13:24:06 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 10:29:23 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Betometer.lnk
[2011/10/08 09:31:12 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\Bet Angel - Basic.lnk
[2011/10/07 09:54:28 | 000,000,625 | ---- | M] () -- C:\0.bak
[2011/10/07 09:19:52 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/10/07 09:19:51 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/10/07 09:19:50 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/10/06 12:53:05 | 002,748,641 | ---- | M] () -- D:\Dokumenty\contentnotifieruserguide.pdf
[2011/10/04 11:14:36 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/03 10:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/10/01 14:28:39 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Keyword Optimizer Pro.lnk
[2011/10/01 14:27:40 | 002,083,354 | ---- | M] () -- C:\KeywordOptimizerPro.air
[2011/09/29 09:49:33 | 000,000,102 | ---- | M] () -- C:\WINDOWS\ANS2000.INI
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 10:16:32 | 000,085,616 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\86.jpg
[2011/10/21 10:16:21 | 000,028,528 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\Strona 1.jpg
[2011/10/21 10:16:07 | 000,025,282 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\Apartment 1.jpg
[2011/10/18 08:24:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\N800C\defogger_reenable
[2011/10/13 09:36:36 | 001,497,764 | ---- | C] () -- D:\Dokumenty\cb-evolution.pdf
[2011/10/12 10:20:47 | 000,552,541 | ---- | C] () -- D:\Dokumenty\WebsiteCommando-Presentation2.pdf
[2011/10/08 13:24:05 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/08 13:21:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/10/07 09:54:14 | 000,000,625 | ---- | C] () -- C:\0.bak
[2011/10/07 09:20:15 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/10/07 09:19:51 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/10/07 09:19:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/10/07 09:19:48 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/10/06 12:53:05 | 002,748,641 | ---- | C] () -- D:\Dokumenty\contentnotifieruserguide.pdf
[2011/10/04 11:14:36 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/01 14:28:39 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Keyword Optimizer Pro.lnk
[2011/10/01 14:27:39 | 002,083,354 | ---- | C] () -- C:\KeywordOptimizerPro.air
[2011/09/07 14:25:51 | 000,000,102 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2011/09/07 14:25:51 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2011/09/07 14:25:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2011/05/07 12:56:46 | 000,009,955 | ---- | C] () -- C:\Documents and Settings\N800C\Application Data\4426.A7C
[2011/03/04 17:29:40 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2010/10/06 10:31:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/06 10:31:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/06 10:31:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/06 10:31:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/06 10:31:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/06 09:14:41 | 000,000,078 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2010/10/05 14:56:15 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/05 14:56:15 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/05 14:56:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/05 14:56:15 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/09/01 14:14:14 | 000,184,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/06 10:14:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/07/06 09:51:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/06/14 12:20:14 | 000,022,536 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/11 15:11:26 | 000,163,601 | ---- | C] () -- C:\WINDOWS\XHeader Bonus Download Uninstaller.exe
[2010/02/11 14:47:09 | 000,203,288 | ---- | C] () -- C:\WINDOWS\XHeader Uninstaller.exe
[2009/10/10 17:55:12 | 000,145,920 | ---- | C] () -- C:\WINDOWS\spellm32.DLL
[2009/10/09 14:53:55 | 000,000,594 | ---- | C] () -- C:\WINDOWS\dev.ini
[2009/09/04 17:36:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\N800C\Local Settings\Application Data\fusioncache.dat
[2009/08/11 12:56:49 | 000,000,053 | ---- | C] () -- C:\WINDOWS\ArticleAssistant.ini
[2009/08/11 12:56:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ovas.ini
[2009/08/11 12:55:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\aasinst.ini
[2009/05/16 10:50:04 | 000,163,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/05/14 11:10:37 | 000,042,304 | ---- | C] () -- C:\WINDOWS\System32\fmrsslink.dll
[2008/12/19 13:02:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/07 10:56:00 | 000,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32(2).dll
[2008/09/08 19:03:38 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/09/08 19:03:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/09/08 19:03:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/08 19:03:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/08 19:03:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 19:03:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/29 13:09:59 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/07/14 13:04:48 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/15 12:17:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\COMCTLW32.DLL
[2008/04/29 14:42:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/03/15 19:03:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2008/02/27 13:31:48 | 000,004,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\powjnvfp.pmy
[2008/02/27 13:27:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\rksfaxpm.dll
[2008/02/16 14:25:25 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008/02/15 16:46:08 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/15 16:46:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A4FA5FE004.sys
[2007/12/27 15:32:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/27 15:32:23 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/27 15:32:23 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/27 15:32:23 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/27 15:32:23 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/27 15:32:23 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/27 15:32:23 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/27 15:32:23 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/27 15:32:23 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/27 15:32:23 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/27 15:32:23 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/12/27 15:32:23 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/27 15:32:23 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/27 15:32:23 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/27 15:32:23 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/27 15:32:23 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/27 15:32:23 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/12/27 15:32:23 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/12/27 15:32:23 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/27 15:28:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEDX8400EXPORT.ini
[2007/12/20 16:21:35 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2007/12/13 12:48:18 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/26 18:19:28 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\N800C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/08 16:10:01 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2007/04/04 14:28:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/13 17:50:08 | 001,188,914 | -H-- | C] () -- C:\WINDOWS\wkp100301_1173804670_588395.exe
[2007/03/01 14:20:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/03/01 14:13:58 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/01 06:05:46 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/01 06:04:16 | 001,430,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/02/28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 14:00:00 | 000,460,308 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 14:00:00 | 000,076,622 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/02 23:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/05 09:36:02 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\Codejock.CommandBars.9700.lic
[2005/05/04 02:18:54 | 000,093,878 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6E66F5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

The extras text is also being attached.

Thanks

Attached Files



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 25 October 2011 - 02:36 PM

My bad, a little typo.

Please go to Start =>run, copy and paste the following and press Enter:

cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

A log file opens. Please post the content to your reply.

#10 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 26 October 2011 - 02:16 AM

Hi,

OK this time worked fine, info copied below:

c:\qoobox\BackEnv
c:\qoobox\LastRun
c:\qoobox\Quarantine
c:\qoobox\Test
c:\qoobox\TestC
c:\qoobox\BackEnv\AppData.folder.dat
c:\qoobox\BackEnv\Cache.folder.dat
c:\qoobox\BackEnv\Cookies.folder.dat
c:\qoobox\BackEnv\Desktop.folder.dat
c:\qoobox\BackEnv\Favorites.folder.dat
c:\qoobox\BackEnv\History.folder.dat
c:\qoobox\BackEnv\LocalAppData.folder.dat
c:\qoobox\BackEnv\LocalSettings.folder.dat
c:\qoobox\BackEnv\Music.folder.dat
c:\qoobox\BackEnv\NetHood.folder.dat
c:\qoobox\BackEnv\Personal.folder.dat
c:\qoobox\BackEnv\Pictures.folder.dat
c:\qoobox\BackEnv\PrintHood.folder.dat
c:\qoobox\BackEnv\Profiles.Folder.dat
c:\qoobox\BackEnv\Profiles.Folder.folder.dat
c:\qoobox\BackEnv\Programs.folder.dat
c:\qoobox\BackEnv\Recent.folder.dat
c:\qoobox\BackEnv\SendTo.folder.dat
c:\qoobox\BackEnv\SetPath.bat
c:\qoobox\BackEnv\StartMenu.folder.dat
c:\qoobox\BackEnv\StartUp.folder.dat
c:\qoobox\BackEnv\SysPath.dat
c:\qoobox\BackEnv\Templates.folder.dat
c:\qoobox\BackEnv\VikPev00
c:\qoobox\LastRun\Gateway
c:\qoobox\Quarantine\C
c:\qoobox\Quarantine\catchme.log
c:\qoobox\Quarantine\Registry_backups
c:\qoobox\Quarantine\C\WINDOWS
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\_1243960160_.zip
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\@.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\L
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\_click_.tlb.zip
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\_loader_.tlb.zip
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\L\nepvncrj.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@00000001.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@000000c0.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@000000cb.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@000000cf.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@80000000.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@800000c0.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@800000cb.vir
c:\qoobox\Quarantine\C\WINDOWS\$NtUninstallKB27552$\2073751493\U\@800000cf.vir

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 26 October 2011 - 08:21 AM

Please post or attach the logs the way they are requested to be posted.

We need to restore some winsock entries.

  • Please download MiniRegTool.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9
    • Check Export keys radio button.
    • Press Go button and attach the result.
  • Go to Start > Run and type in cmd
    Type in the following line and press Enter:

    netsh winsock reset

    You should get notified that the operation is successful.
  • Run MiniToolBox again.
    Check "List Winsock entries".
    Press "Go" and copy and paste the log.


#12 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 27 October 2011 - 01:57 AM

Hi,
I've completed step 1 and the log is attached as requested.

Step 2 was successful as you suggested.

Step 3 hasn't been done as I don't have an option box for "List Winsock Entries". Tried typing the entry in the screen but no good so I'll wait for further advice.

Thanks again

Attached Files



#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 27 October 2011 - 02:12 AM

Please do the step 3. It is MiniToolBox and not MiniRegTool.

#14 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 27 October 2011 - 04:52 AM

Sorry, I should learn to read properly !!

Log copied below:

MiniToolBox by Farbar
Ran by N800C (administrator) on 27-10-2011 at 11:50:25
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

**** End of log ****

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 27 October 2011 - 05:48 AM

  • Seems the "netsh winsock reset" command has (partially) worked as expected and restore some entries. The rest we should do manually.

    Please download
    Double-click to run it and confirm the prompt.
  • We need to scan the system with this special tool.
    • Please download Junction.zip and save it.
    • Unzip it and put junction.exe in the Windows directory (C:\Windows). No need to run it.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @ECHO OFF
    junction -s c:\>log.txt
    start log.txt
    
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop and double-click to run it.
    • The command prompt opens, wait until a notepad opens, copy and paste the content (log.txt) to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users