Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Networking Problems, Malware?


  • Please log in to reply
13 replies to this topic

#1 imthere2

imthere2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 October 2012 - 12:57 AM

Mod Edit: Split from http://www.bleepingcomputer.com/forums/topic460500.html/page__st__45__p__2877964#entry2877964 - Hamluis.


Folks, my first post here: similar issues to the one that started the thread. I am unable to access the internet as it is constantly acquiring network address. Below is the output from both FSS and MiniToolBox:

Farbar Service Scanner Version: 19-10-2012
Ran by administrator on 24-10-2012 at 22:52:51
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000900000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****



MiniToolBox by Farbar Version: 23-07-2012
Ran by administrator on 24-10-2012 at 22:54:18
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set address name="Local Area Connection 3" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dimension4700

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-87-B5-98

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 0.0.0.0

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 87 b5 98 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/24/2012 07:48:54 PM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00036822.
Processing media-specific event for [spoolsv.exe!ws!]

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2012 10:46:18 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
0xc0041801 (0xc0041801)

Error: (10/19/2012 08:30:11 AM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF11
Description:. 0x8004FF11.


System errors:
=============
Error: (10/24/2012 08:18:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/24/2012 08:18:07 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.

Error: (10/24/2012 08:17:34 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (10/24/2012 08:17:34 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Error: (10/24/2012 08:17:34 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (10/24/2012 08:03:56 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (10/24/2012 08:03:37 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the following nonexistent service: NetBT

Error: (10/24/2012 07:57:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/24/2012 07:57:49 PM) (Source: Service Control Manager) (User: )
Description: The MSCamSvc service hung on starting.

Error: (10/24/2012 07:57:49 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (10/24/2012 07:48:54 PM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024ntdll.dll5.1.2600.605500036822

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2012 10:46:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)
Search.TripoliIndexer

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
0xc0041801 (0xc0041801)

Error: (10/19/2012 08:30:11 AM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x8004FF11
Description:. 0x8004FF11.


**** End of log ****

Edited by hamluis, 25 October 2012 - 09:31 AM.
Split to Am I Infected forum from Networking, PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:28 AM

Posted 25 October 2012 - 10:03 AM

Download

Netbt

Launch it and click YES

Restart the PC ,post the new FSS log

#3 imthere2

imthere2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 October 2012 - 08:51 PM

Sure. See below...thanks.

Farbar Service Scanner Version: 19-10-2012
Ran by administrator on 25-10-2012 at 18:44:37
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000900000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:28 AM

Posted 25 October 2012 - 08:55 PM

You're infected.We are going to restore the internet and then run scans to remove infections.

Download

Winsock fix

Launch it ,Click on FIX

Restart your PC after it gets completed

Check your browser.If that doesnt work try this


PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.

Post the NEW FSS log

Good luck

#5 imthere2

imthere2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 October 2012 - 09:25 PM

winsock.fix worked. what next...do I need to run some anti-virus/malware?

Edited by imthere2, 25 October 2012 - 09:27 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:28 AM

Posted 25 October 2012 - 09:28 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#7 imthere2

imthere2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 26 October 2012 - 09:35 AM

Done; see below:

19:40:13.0734 2856 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:40:13.0953 2856 ============================================================
19:40:13.0953 2856 Current date / time: 2012/10/25 19:40:13.0953
19:40:13.0953 2856 SystemInfo:
19:40:13.0953 2856
19:40:13.0953 2856 OS Version: 5.1.2600 ServicePack: 3.0
19:40:13.0953 2856 Product type: Workstation
19:40:13.0953 2856 ComputerName: DIMENSION4700
19:40:13.0953 2856 Windows directory: C:\WINDOWS2
19:40:13.0953 2856 System windows directory: C:\WINDOWS2
19:40:13.0953 2856 Processor architecture: Intel x86
19:40:13.0953 2856 Number of processors: 1
19:40:13.0953 2856 Page size: 0x1000
19:40:13.0953 2856 Boot type: Normal boot
19:40:13.0953 2856 ============================================================
19:40:15.0765 2856 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:40:15.0781 2856 Drive \Device\Harddisk1\DR4 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:40:15.0796 2856 Drive \Device\Harddisk2\DR6 - Size: 0x3EE00000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:40:15.0796 2856 ============================================================
19:40:15.0796 2856 \Device\Harddisk0\DR0:
19:40:15.0796 2856 MBR partitions:
19:40:15.0796 2856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x1CA81427
19:40:15.0796 2856 \Device\Harddisk1\DR4:
19:40:15.0796 2856 MBR partitions:
19:40:15.0796 2856 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D383734
19:40:15.0796 2856 \Device\Harddisk2\DR6:
19:40:15.0796 2856 MBR partitions:
19:40:15.0796 2856 \Device\Harddisk2\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F6FE0
19:40:15.0796 2856 ============================================================
19:40:15.0843 2856 C: <-> \Device\Harddisk0\DR0\Partition1
19:40:15.0859 2856 F: <-> \Device\Harddisk1\DR4\Partition1
19:40:15.0859 2856 ============================================================
19:40:15.0859 2856 Initialize success
19:40:15.0859 2856 ============================================================
19:40:23.0312 3548 ============================================================
19:40:23.0312 3548 Scan started
19:40:23.0312 3548 Mode: Manual;
19:40:23.0312 3548 ============================================================
19:40:23.0984 3548 ================ Scan system memory ========================
19:40:23.0984 3548 System memory - ok
19:40:23.0984 3548 ================ Scan services =============================
19:40:24.0109 3548 Abiosdsk - ok
19:40:24.0125 3548 abp480n5 - ok
19:40:24.0171 3548 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS2\system32\DRIVERS\ACPI.sys
19:40:24.0187 3548 ACPI - ok
19:40:24.0234 3548 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS2\system32\drivers\ACPIEC.sys
19:40:24.0234 3548 ACPIEC - ok
19:40:24.0421 3548 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
19:40:24.0437 3548 Adobe Version Cue CS3 - ok
19:40:24.0531 3548 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:24.0546 3548 AdobeFlashPlayerUpdateSvc - ok
19:40:24.0546 3548 adpu160m - ok
19:40:24.0640 3548 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS2\system32\drivers\aec.sys
19:40:24.0640 3548 aec - ok
19:40:24.0687 3548 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS2\System32\drivers\afd.sys
19:40:24.0703 3548 AFD - ok
19:40:24.0703 3548 Aha154x - ok
19:40:24.0718 3548 aic78u2 - ok
19:40:24.0718 3548 aic78xx - ok
19:40:24.0968 3548 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:40:24.0968 3548 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:40:24.0984 3548 Akamai ( HiddenFile.Multi.Generic ) - warning
19:40:24.0984 3548 Akamai - detected HiddenFile.Multi.Generic (1)
19:40:25.0031 3548 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS2\System32\alg.exe
19:40:25.0031 3548 ALG - ok
19:40:25.0046 3548 AliIde - ok
19:40:25.0062 3548 amsint - ok
19:40:25.0156 3548 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:40:25.0156 3548 Apple Mobile Device - ok
19:40:25.0203 3548 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS2\System32\appmgmts.dll
19:40:25.0203 3548 AppMgmt - ok
19:40:25.0203 3548 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS2\system32\DRIVERS\arp1394.sys
19:40:25.0218 3548 Arp1394 - ok
19:40:25.0218 3548 asc - ok
19:40:25.0234 3548 asc3350p - ok
19:40:25.0234 3548 asc3550 - ok
19:40:25.0453 3548 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:40:25.0500 3548 aspnet_state - ok
19:40:25.0531 3548 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS2\system32\DRIVERS\asyncmac.sys
19:40:25.0531 3548 AsyncMac - ok
19:40:25.0593 3548 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS2\system32\DRIVERS\atapi.sys
19:40:25.0609 3548 atapi - ok
19:40:25.0609 3548 Atdisk - ok
19:40:25.0687 3548 [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS2\system32\Ati2evxx.exe
19:40:25.0687 3548 Ati HotKey Poller - ok
19:40:25.0734 3548 [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag C:\WINDOWS2\system32\DRIVERS\ati2mtag.sys
19:40:25.0734 3548 ati2mtag - ok
19:40:25.0781 3548 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS2\system32\DRIVERS\atmarpc.sys
19:40:25.0781 3548 Atmarpc - ok
19:40:25.0828 3548 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS2\System32\audiosrv.dll
19:40:25.0828 3548 AudioSrv - ok
19:40:25.0890 3548 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS2\system32\DRIVERS\audstub.sys
19:40:25.0890 3548 audstub - ok
19:40:26.0031 3548 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
19:40:26.0031 3548 Autodesk Content Service - ok
19:40:26.0125 3548 [ 9F29157695EE58875B06724743CE9C42 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
19:40:26.0125 3548 Autodesk Licensing Service - ok
19:40:26.0234 3548 [ DBF43DB0C648DB9101D61041E00DF5C4 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:40:26.0250 3548 BBSvc - ok
19:40:26.0296 3548 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS2\system32\drivers\Beep.sys
19:40:26.0296 3548 Beep - ok
19:40:26.0437 3548 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:40:26.0453 3548 Bonjour Service - ok
19:40:26.0500 3548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS2\system32\drivers\cbidf2k.sys
19:40:26.0500 3548 cbidf2k - ok
19:40:26.0546 3548 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS2\system32\DRIVERS\CCDECODE.sys
19:40:26.0546 3548 CCDECODE - ok
19:40:26.0562 3548 cd20xrnt - ok
19:40:26.0593 3548 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS2\system32\drivers\Cdaudio.sys
19:40:26.0609 3548 Cdaudio - ok
19:40:26.0656 3548 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS2\system32\drivers\Cdfs.sys
19:40:26.0656 3548 Cdfs - ok
19:40:26.0718 3548 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS2\system32\DRIVERS\cdrom.sys
19:40:26.0718 3548 Cdrom - ok
19:40:26.0734 3548 Changer - ok
19:40:26.0750 3548 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS2\system32\cisvc.exe
19:40:26.0765 3548 CiSvc - ok
19:40:26.0812 3548 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS2\system32\clipsrv.exe
19:40:26.0812 3548 ClipSrv - ok
19:40:26.0906 3548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:26.0906 3548 clr_optimization_v2.0.50727_32 - ok
19:40:26.0953 3548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:27.0031 3548 clr_optimization_v4.0.30319_32 - ok
19:40:27.0046 3548 CmdIde - ok
19:40:27.0046 3548 COMSysApp - ok
19:40:27.0062 3548 Cpqarray - ok
19:40:27.0109 3548 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS2\System32\cryptsvc.dll
19:40:27.0109 3548 CryptSvc - ok
19:40:27.0109 3548 dac2w2k - ok
19:40:27.0125 3548 dac960nt - ok
19:40:27.0187 3548 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS2\system32\rpcss.dll
19:40:27.0328 3548 DcomLaunch - ok
19:40:27.0390 3548 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS2\System32\dhcpcsvc.dll
19:40:27.0390 3548 Dhcp - ok
19:40:27.0453 3548 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS2\system32\DRIVERS\disk.sys
19:40:27.0453 3548 Disk - ok
19:40:27.0453 3548 dmadmin - ok
19:40:27.0531 3548 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS2\system32\drivers\dmboot.sys
19:40:27.0593 3548 dmboot - ok
19:40:27.0609 3548 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS2\system32\drivers\dmio.sys
19:40:27.0625 3548 dmio - ok
19:40:27.0734 3548 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS2\system32\drivers\dmload.sys
19:40:27.0734 3548 dmload - ok
19:40:27.0828 3548 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS2\System32\dmserver.dll
19:40:27.0828 3548 dmserver - ok
19:40:27.0890 3548 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS2\system32\drivers\DMusic.sys
19:40:27.0890 3548 DMusic - ok
19:40:27.0953 3548 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS2\System32\dnsrslvr.dll
19:40:27.0953 3548 Dnscache - ok
19:40:28.0000 3548 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS2\System32\dot3svc.dll
19:40:28.0000 3548 Dot3svc - ok
19:40:28.0000 3548 dpti2o - ok
19:40:28.0062 3548 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS2\system32\drivers\drmkaud.sys
19:40:28.0062 3548 drmkaud - ok
19:40:28.0125 3548 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS2\system32\DRIVERS\e100b325.sys
19:40:28.0125 3548 E100B - ok
19:40:28.0171 3548 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS2\System32\eapsvc.dll
19:40:28.0171 3548 EapHost - ok
19:40:28.0218 3548 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS2\System32\ersvc.dll
19:40:28.0218 3548 ERSvc - ok
19:40:28.0296 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS2\system32\services.exe
19:40:28.0312 3548 Eventlog - ok
19:40:28.0359 3548 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS2\system32\Es.dll
19:40:28.0375 3548 EventSystem - ok
19:40:28.0437 3548 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS2\system32\drivers\Fastfat.sys
19:40:28.0437 3548 Fastfat - ok
19:40:28.0500 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS2\System32\shsvcs.dll
19:40:28.0500 3548 FastUserSwitchingCompatibility - ok
19:40:28.0562 3548 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS2\system32\drivers\Fdc.sys
19:40:28.0562 3548 Fdc - ok
19:40:28.0625 3548 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS2\system32\drivers\Fips.sys
19:40:28.0625 3548 Fips - ok
19:40:28.0750 3548 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:40:28.0796 3548 FLEXnet Licensing Service - ok
19:40:28.0812 3548 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS2\system32\drivers\Flpydisk.sys
19:40:28.0812 3548 Flpydisk - ok
19:40:28.0875 3548 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS2\system32\DRIVERS\fltMgr.sys
19:40:28.0875 3548 FltMgr - ok
19:40:28.0968 3548 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:40:28.0968 3548 FontCache3.0.0.0 - ok
19:40:29.0031 3548 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS2\system32\drivers\Fs_Rec.sys
19:40:29.0031 3548 Fs_Rec - ok
19:40:29.0046 3548 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS2\system32\DRIVERS\ftdisk.sys
19:40:29.0046 3548 Ftdisk - ok
19:40:29.0093 3548 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys
19:40:29.0093 3548 GEARAspiWDM - ok
19:40:29.0109 3548 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS2\system32\DRIVERS\msgpc.sys
19:40:29.0109 3548 Gpc - ok
19:40:29.0218 3548 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:40:29.0218 3548 gupdate - ok
19:40:29.0218 3548 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:40:29.0218 3548 gupdatem - ok
19:40:29.0328 3548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:40:29.0343 3548 gusvc - ok
19:40:29.0406 3548 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:40:29.0406 3548 helpsvc - ok
19:40:29.0468 3548 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS2\System32\hidserv.dll
19:40:29.0468 3548 HidServ - ok
19:40:29.0500 3548 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS2\system32\DRIVERS\hidusb.sys
19:40:29.0500 3548 hidusb - ok
19:40:29.0578 3548 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS2\System32\kmsvc.dll
19:40:29.0578 3548 hkmsvc - ok
19:40:29.0578 3548 hpn - ok
19:40:29.0640 3548 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS2\system32\Drivers\HTTP.sys
19:40:29.0640 3548 HTTP - ok
19:40:29.0703 3548 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS2\System32\w3ssl.dll
19:40:29.0703 3548 HTTPFilter - ok
19:40:29.0718 3548 i2omgmt - ok
19:40:29.0718 3548 i2omp - ok
19:40:29.0734 3548 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS2\system32\drivers\i8042prt.sys
19:40:29.0734 3548 i8042prt - ok
19:40:29.0906 3548 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:40:29.0906 3548 IDriverT - ok
19:40:30.0046 3548 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:40:30.0093 3548 idsvc - ok
19:40:30.0156 3548 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS2\system32\DRIVERS\imapi.sys
19:40:30.0156 3548 Imapi - ok
19:40:30.0203 3548 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS2\system32\imapi.exe
19:40:30.0203 3548 ImapiService - ok
19:40:30.0218 3548 ini910u - ok
19:40:30.0328 3548 [ FCAB28FFD3A8964581E16455EFAF81C8 ] IntelC51 C:\WINDOWS2\system32\DRIVERS\IntelC51.sys
19:40:30.0406 3548 IntelC51 - ok
19:40:30.0437 3548 [ A288E7E3A6255255B9066686D860FBC5 ] IntelC52 C:\WINDOWS2\system32\DRIVERS\IntelC52.sys
19:40:30.0484 3548 IntelC52 - ok
19:40:30.0500 3548 [ D5E5A1ABF6BDBA7CA49941A044F04598 ] IntelC53 C:\WINDOWS2\system32\DRIVERS\IntelC53.sys
19:40:30.0500 3548 IntelC53 - ok
19:40:30.0546 3548 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS2\system32\DRIVERS\intelide.sys
19:40:30.0546 3548 IntelIde - ok
19:40:30.0609 3548 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS2\system32\DRIVERS\intelppm.sys
19:40:30.0609 3548 intelppm - ok
19:40:30.0765 3548 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:40:30.0765 3548 IntuitUpdateService - ok
19:40:30.0828 3548 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:40:30.0828 3548 IntuitUpdateServiceV4 - ok
19:40:30.0843 3548 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS2\system32\DRIVERS\Ip6Fw.sys
19:40:30.0843 3548 Ip6Fw - ok
19:40:30.0875 3548 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS2\system32\DRIVERS\ipfltdrv.sys
19:40:30.0875 3548 IpFilterDriver - ok
19:40:30.0875 3548 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS2\system32\DRIVERS\ipinip.sys
19:40:30.0875 3548 IpInIp - ok
19:40:30.0890 3548 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS2\system32\DRIVERS\ipnat.sys
19:40:30.0890 3548 IpNat - ok
19:40:31.0437 3548 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:40:31.0562 3548 iPod Service - ok
19:40:31.0625 3548 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS2\system32\DRIVERS\ipsec.sys
19:40:31.0625 3548 IPSec - ok
19:40:31.0671 3548 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS2\system32\DRIVERS\irenum.sys
19:40:31.0671 3548 IRENUM - ok
19:40:31.0734 3548 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS2\system32\DRIVERS\isapnp.sys
19:40:31.0734 3548 isapnp - ok
19:40:31.0906 3548 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:40:31.0906 3548 JavaQuickStarterService - ok
19:40:31.0953 3548 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
19:40:31.0953 3548 Kbdclass - ok
19:40:32.0015 3548 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS2\system32\DRIVERS\kbdhid.sys
19:40:32.0015 3548 kbdhid - ok
19:40:32.0046 3548 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS2\system32\drivers\kmixer.sys
19:40:32.0046 3548 kmixer - ok
19:40:32.0109 3548 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS2\system32\drivers\KSecDD.sys
19:40:32.0109 3548 KSecDD - ok
19:40:32.0171 3548 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS2\System32\srvsvc.dll
19:40:32.0171 3548 LanmanServer - ok
19:40:32.0171 3548 Lbd - ok
19:40:32.0187 3548 lbrtfdc - ok
19:40:32.0250 3548 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS2\System32\lmhsvc.dll
19:40:32.0250 3548 LmHosts - ok
19:40:32.0406 3548 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:40:32.0421 3548 MDM - ok
19:40:32.0500 3548 Microsoft SharePoint Workspace Audit Service - ok
19:40:32.0562 3548 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS2\system32\drivers\mnmdd.sys
19:40:32.0562 3548 mnmdd - ok
19:40:32.0640 3548 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS2\system32\mnmsrvc.exe
19:40:32.0640 3548 mnmsrvc - ok
19:40:32.0656 3548 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS2\system32\drivers\Modem.sys
19:40:32.0656 3548 Modem - ok
19:40:32.0718 3548 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS2\system32\drivers\MODEMCSA.sys
19:40:32.0718 3548 MODEMCSA - ok
19:40:32.0734 3548 [ C6A08C4F34B3048A73BBB2951150F98D ] mohfilt C:\WINDOWS2\system32\DRIVERS\mohfilt.sys
19:40:32.0734 3548 mohfilt - ok
19:40:32.0750 3548 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS2\system32\DRIVERS\mouclass.sys
19:40:32.0750 3548 Mouclass - ok
19:40:32.0765 3548 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS2\system32\DRIVERS\mouhid.sys
19:40:32.0765 3548 mouhid - ok
19:40:32.0812 3548 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS2\system32\drivers\MountMgr.sys
19:40:32.0828 3548 MountMgr - ok
19:40:32.0859 3548 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS2\system32\DRIVERS\MpFilter.sys
19:40:32.0859 3548 MpFilter - ok
19:40:32.0875 3548 mraid35x - ok
19:40:32.0875 3548 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
19:40:32.0875 3548 MRxDAV - ok
19:40:32.0984 3548 [ 31E023681015C35EBFE1498B07813B87 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:40:33.0000 3548 MSCamSvc - ok
19:40:33.0046 3548 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS2\system32\msdtc.exe
19:40:33.0062 3548 MSDTC - ok
19:40:33.0078 3548 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS2\system32\drivers\Msfs.sys
19:40:33.0078 3548 Msfs - ok
19:40:33.0140 3548 [ 29E0EC2A9DC4C7913657A51DFFF97856 ] MSHUSBVideo C:\WINDOWS2\system32\Drivers\nx6000.sys
19:40:33.0140 3548 MSHUSBVideo - ok
19:40:33.0140 3548 MSIServer - ok
19:40:33.0218 3548 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS2\system32\drivers\MSKSSRV.sys
19:40:33.0218 3548 MSKSSRV - ok
19:40:33.0281 3548 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS2\system32\drivers\MSPCLOCK.sys
19:40:33.0281 3548 MSPCLOCK - ok
19:40:33.0312 3548 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS2\system32\drivers\MSPQM.sys
19:40:33.0312 3548 MSPQM - ok
19:40:33.0406 3548 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
19:40:33.0406 3548 mssmbios - ok
19:40:33.0453 3548 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS2\system32\drivers\MSTEE.sys
19:40:33.0453 3548 MSTEE - ok
19:40:33.0500 3548 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS2\system32\drivers\Mup.sys
19:40:33.0500 3548 Mup - ok
19:40:33.0546 3548 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS2\system32\DRIVERS\NABTSFEC.sys
19:40:33.0562 3548 NABTSFEC - ok
19:40:33.0609 3548 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS2\System32\qagentrt.dll
19:40:33.0609 3548 napagent - ok
19:40:33.0671 3548 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS2\system32\drivers\NDIS.sys
19:40:33.0671 3548 NDIS - ok
19:40:33.0734 3548 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS2\system32\DRIVERS\NdisIP.sys
19:40:33.0734 3548 NdisIP - ok
19:40:33.0781 3548 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
19:40:33.0781 3548 NdisTapi - ok
19:40:33.0843 3548 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
19:40:33.0843 3548 Ndisuio - ok
19:40:33.0875 3548 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
19:40:33.0875 3548 NdisWan - ok
19:40:33.0921 3548 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS2\system32\drivers\NDProxy.sys
19:40:33.0921 3548 NDProxy - ok
19:40:33.0984 3548 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS2\system32\DRIVERS\netaapl.sys
19:40:33.0984 3548 Netaapl - ok
19:40:34.0046 3548 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS2\system32\DRIVERS\netbt.sys
19:40:34.0046 3548 NetBT - ok
19:40:34.0109 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS2\system32\netdde.exe
19:40:34.0109 3548 NetDDE - ok
19:40:34.0125 3548 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS2\system32\netdde.exe
19:40:34.0125 3548 NetDDEdsdm - ok
19:40:34.0187 3548 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS2\System32\netman.dll
19:40:34.0187 3548 Netman - ok
19:40:34.0250 3548 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:40:34.0328 3548 NetTcpPortSharing - ok
19:40:34.0375 3548 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS2\system32\DRIVERS\nic1394.sys
19:40:34.0390 3548 NIC1394 - ok
19:40:34.0437 3548 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS2\System32\mswsock.dll
19:40:34.0453 3548 Nla - ok
19:40:34.0468 3548 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS2\system32\drivers\Npfs.sys
19:40:34.0468 3548 Npfs - ok
19:40:34.0500 3548 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS2\system32\drivers\Ntfs.sys
19:40:34.0515 3548 Ntfs - ok
19:40:34.0578 3548 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS2\system32\ntmssvc.dll
19:40:34.0609 3548 NtmsSvc - ok
19:40:34.0656 3548 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS2\system32\drivers\Null.sys
19:40:34.0656 3548 Null - ok
19:40:34.0703 3548 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS2\system32\DRIVERS\nwlnkflt.sys
19:40:34.0703 3548 NwlnkFlt - ok
19:40:34.0718 3548 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS2\system32\DRIVERS\nwlnkfwd.sys
19:40:34.0718 3548 NwlnkFwd - ok
19:40:34.0765 3548 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS2\system32\DRIVERS\ohci1394.sys
19:40:34.0765 3548 ohci1394 - ok
19:40:34.0812 3548 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:40:34.0812 3548 ose - ok
19:40:35.0437 3548 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:40:35.0625 3548 osppsvc - ok
19:40:35.0687 3548 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS2\system32\DRIVERS\parport.sys
19:40:35.0687 3548 Parport - ok
19:40:35.0703 3548 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS2\system32\drivers\PartMgr.sys
19:40:35.0703 3548 PartMgr - ok
19:40:35.0750 3548 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS2\system32\drivers\ParVdm.sys
19:40:35.0750 3548 ParVdm - ok
19:40:35.0812 3548 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS2\system32\DRIVERS\pci.sys
19:40:35.0812 3548 PCI - ok
19:40:35.0828 3548 PCIDump - ok
19:40:35.0828 3548 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS2\system32\DRIVERS\pciide.sys
19:40:35.0843 3548 PCIIde - ok
19:40:35.0906 3548 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS2\system32\drivers\Pcmcia.sys
19:40:35.0906 3548 Pcmcia - ok
19:40:35.0906 3548 PDCOMP - ok
19:40:35.0921 3548 PDFRAME - ok
19:40:35.0921 3548 PDRELI - ok
19:40:35.0937 3548 PDRFRAME - ok
19:40:35.0937 3548 perc2 - ok
19:40:35.0953 3548 perc2hib - ok
19:40:35.0984 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS2\system32\services.exe
19:40:35.0984 3548 PlugPlay - ok
19:40:36.0000 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS2\system32\lsass.exe
19:40:36.0000 3548 PolicyAgent - ok
19:40:36.0015 3548 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS2\system32\DRIVERS\raspptp.sys
19:40:36.0015 3548 PptpMiniport - ok
19:40:36.0031 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS2\system32\lsass.exe
19:40:36.0031 3548 ProtectedStorage - ok
19:40:36.0031 3548 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS2\system32\DRIVERS\psched.sys
19:40:36.0031 3548 PSched - ok
19:40:36.0046 3548 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS2\system32\DRIVERS\ptilink.sys
19:40:36.0046 3548 Ptilink - ok
19:40:36.0062 3548 ql1080 - ok
19:40:36.0062 3548 Ql10wnt - ok
19:40:36.0078 3548 ql12160 - ok
19:40:36.0093 3548 ql1240 - ok
19:40:36.0093 3548 ql1280 - ok
19:40:36.0125 3548 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS2\system32\DRIVERS\rasacd.sys
19:40:36.0125 3548 RasAcd - ok
19:40:36.0171 3548 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS2\System32\rasauto.dll
19:40:36.0171 3548 RasAuto - ok
19:40:36.0187 3548 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
19:40:36.0187 3548 Rasl2tp - ok
19:40:36.0234 3548 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS2\System32\rasmans.dll
19:40:36.0234 3548 RasMan - ok
19:40:36.0250 3548 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
19:40:36.0250 3548 RasPppoe - ok
19:40:36.0281 3548 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS2\system32\DRIVERS\raspti.sys
19:40:36.0281 3548 Raspti - ok
19:40:36.0281 3548 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS2\system32\DRIVERS\RDPCDD.sys
19:40:36.0296 3548 RDPCDD - ok
19:40:36.0328 3548 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
19:40:36.0343 3548 rdpdr - ok
19:40:36.0406 3548 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS2\system32\drivers\RDPWD.sys
19:40:36.0406 3548 RDPWD - ok
19:40:36.0468 3548 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS2\system32\sessmgr.exe
19:40:36.0468 3548 RDSessMgr - ok
19:40:36.0484 3548 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS2\system32\DRIVERS\redbook.sys
19:40:36.0484 3548 redbook - ok
19:40:36.0562 3548 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS2\System32\mprdim.dll
19:40:36.0562 3548 RemoteAccess - ok
19:40:36.0625 3548 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS2\system32\regsvc.dll
19:40:36.0625 3548 RemoteRegistry - ok
19:40:36.0656 3548 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS2\system32\rpcss.dll
19:40:36.0656 3548 RpcSs - ok
19:40:36.0718 3548 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS2\system32\rsvp.exe
19:40:36.0718 3548 RSVP - ok
19:40:36.0734 3548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS2\system32\lsass.exe
19:40:36.0734 3548 SamSs - ok
19:40:36.0796 3548 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS2\System32\SCardSvr.exe
19:40:36.0796 3548 SCardSvr - ok
19:40:36.0843 3548 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS2\system32\schedsvc.dll
19:40:36.0859 3548 Schedule - ok
19:40:36.0890 3548 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:40:36.0890 3548 SeaPort - ok
19:40:36.0906 3548 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS2\system32\DRIVERS\secdrv.sys
19:40:36.0921 3548 Secdrv - ok
19:40:36.0968 3548 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS2\System32\seclogon.dll
19:40:36.0968 3548 seclogon - ok
19:40:37.0046 3548 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS2\system32\drivers\senfilt.sys
19:40:37.0046 3548 senfilt - ok
19:40:37.0078 3548 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS2\system32\sens.dll
19:40:37.0078 3548 SENS - ok
19:40:37.0109 3548 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS2\system32\DRIVERS\serenum.sys
19:40:37.0109 3548 serenum - ok
19:40:37.0109 3548 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS2\system32\DRIVERS\serial.sys
19:40:37.0109 3548 Serial - ok
19:40:37.0140 3548 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS2\system32\drivers\Sfloppy.sys
19:40:37.0156 3548 Sfloppy - ok
19:40:37.0171 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS2\System32\shsvcs.dll
19:40:37.0171 3548 ShellHWDetection - ok
19:40:37.0187 3548 Simbad - ok
19:40:37.0531 3548 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users.WINDOWS2\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:40:37.0671 3548 Skype C2C Service - ok
19:40:37.0734 3548 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:40:37.0750 3548 SkypeUpdate - ok
19:40:37.0796 3548 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS2\system32\DRIVERS\SLIP.sys
19:40:37.0796 3548 SLIP - ok
19:40:37.0859 3548 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS2\system32\drivers\smwdm.sys
19:40:37.0859 3548 smwdm - ok
19:40:37.0875 3548 Sparrow - ok
19:40:37.0937 3548 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS2\system32\drivers\splitter.sys
19:40:37.0937 3548 splitter - ok
19:40:37.0984 3548 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS2\system32\spoolsv.exe
19:40:37.0984 3548 Spooler - ok
19:40:38.0046 3548 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS2\system32\DRIVERS\sr.sys
19:40:38.0046 3548 sr - ok
19:40:38.0062 3548 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS2\system32\srsvc.dll
19:40:38.0062 3548 srservice - ok
19:40:38.0140 3548 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS2\system32\DRIVERS\srv.sys
19:40:38.0140 3548 Srv - ok
19:40:38.0218 3548 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS2\System32\ssdpsrv.dll
19:40:38.0218 3548 SSDPSRV - ok
19:40:38.0312 3548 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS2\system32\DRIVERS\serscan.sys
19:40:38.0312 3548 StillCam - ok
19:40:38.0390 3548 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS2\system32\wiaservc.dll
19:40:38.0406 3548 stisvc - ok
19:40:38.0453 3548 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS2\system32\DRIVERS\StreamIP.sys
19:40:38.0453 3548 streamip - ok
19:40:38.0515 3548 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS2\system32\DRIVERS\swenum.sys
19:40:38.0515 3548 swenum - ok
19:40:38.0546 3548 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS2\system32\drivers\swmidi.sys
19:40:38.0546 3548 swmidi - ok
19:40:38.0546 3548 SwPrv - ok
19:40:38.0562 3548 symc810 - ok
19:40:38.0562 3548 symc8xx - ok
19:40:38.0578 3548 sym_hi - ok
19:40:38.0593 3548 sym_u3 - ok
19:40:38.0625 3548 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS2\system32\drivers\sysaudio.sys
19:40:38.0625 3548 sysaudio - ok
19:40:38.0640 3548 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS2\system32\smlogsvc.exe
19:40:38.0640 3548 SysmonLog - ok
19:40:38.0703 3548 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS2\System32\tapisrv.dll
19:40:38.0703 3548 TapiSrv - ok
19:40:38.0765 3548 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS2\system32\DRIVERS\tcpip.sys
19:40:38.0765 3548 Tcpip - ok
19:40:38.0828 3548 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS2\system32\drivers\TDPIPE.sys
19:40:38.0828 3548 TDPIPE - ok
19:40:38.0843 3548 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS2\system32\drivers\TDTCP.sys
19:40:38.0843 3548 TDTCP - ok
19:40:38.0906 3548 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS2\system32\DRIVERS\termdd.sys
19:40:38.0906 3548 TermDD - ok
19:40:38.0937 3548 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS2\System32\termsrv.dll
19:40:38.0937 3548 TermService - ok
19:40:38.0968 3548 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS2\System32\shsvcs.dll
19:40:38.0968 3548 Themes - ok
19:40:39.0000 3548 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS2\system32\tlntsvr.exe
19:40:39.0015 3548 TlntSvr - ok
19:40:39.0015 3548 TosIde - ok
19:40:39.0078 3548 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS2\system32\trkwks.dll
19:40:39.0078 3548 TrkWks - ok
19:40:39.0140 3548 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS2\system32\drivers\Udfs.sys
19:40:39.0140 3548 Udfs - ok
19:40:39.0171 3548 ultra - ok
19:40:39.0234 3548 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS2\system32\DRIVERS\update.sys
19:40:39.0234 3548 Update - ok
19:40:39.0265 3548 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS2\System32\upnphost.dll
19:40:39.0265 3548 upnphost - ok
19:40:39.0296 3548 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS2\System32\ups.exe
19:40:39.0296 3548 UPS - ok
19:40:39.0375 3548 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS2\system32\Drivers\usbaapl.sys
19:40:39.0375 3548 USBAAPL - ok
19:40:39.0437 3548 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS2\system32\drivers\usbaudio.sys
19:40:39.0437 3548 usbaudio - ok
19:40:39.0500 3548 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
19:40:39.0500 3548 usbccgp - ok
19:40:39.0562 3548 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS2\system32\DRIVERS\usbehci.sys
19:40:39.0562 3548 usbehci - ok
19:40:39.0578 3548 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS2\system32\DRIVERS\usbhub.sys
19:40:39.0578 3548 usbhub - ok
19:40:39.0640 3548 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS2\system32\DRIVERS\usbprint.sys
19:40:39.0640 3548 usbprint - ok
19:40:39.0671 3548 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS2\system32\DRIVERS\usbscan.sys
19:40:39.0671 3548 usbscan - ok
19:40:39.0687 3548 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS
19:40:39.0687 3548 USBSTOR - ok
19:40:39.0718 3548 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
19:40:39.0718 3548 usbuhci - ok
19:40:39.0750 3548 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS2\system32\Drivers\usbvideo.sys
19:40:39.0750 3548 usbvideo - ok
19:40:39.0765 3548 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS2\System32\drivers\vga.sys
19:40:39.0765 3548 VgaSave - ok
19:40:39.0765 3548 ViaIde - ok
19:40:39.0812 3548 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS2\system32\drivers\VolSnap.sys
19:40:39.0812 3548 VolSnap - ok
19:40:39.0859 3548 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS2\System32\vssvc.exe
19:40:39.0875 3548 VSS - ok
19:40:39.0937 3548 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS2\system32\w32time.dll
19:40:39.0937 3548 W32Time - ok
19:40:39.0968 3548 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS2\system32\DRIVERS\wanarp.sys
19:40:39.0968 3548 Wanarp - ok
19:40:40.0031 3548 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS2\system32\Drivers\wdf01000.sys
19:40:40.0031 3548 Wdf01000 - ok
19:40:40.0046 3548 WDICA - ok
19:40:40.0062 3548 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS2\system32\drivers\wdmaud.sys
19:40:40.0062 3548 wdmaud - ok
19:40:40.0093 3548 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS2\System32\webclnt.dll
19:40:40.0093 3548 WebClient - ok
19:40:40.0203 3548 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS2\system32\wbem\WMIsvc.dll
19:40:40.0218 3548 winmgmt - ok
19:40:40.0296 3548 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS2\system32\WsmSvc.dll
19:40:40.0343 3548 WinRM - ok
19:40:40.0406 3548 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS2\system32\MsPMSNSv.dll
19:40:40.0406 3548 WmdmPmSN - ok
19:40:40.0468 3548 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS2\System32\advapi32.dll
19:40:40.0484 3548 Wmi - ok
19:40:40.0546 3548 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS2\system32\wbem\wmiapsrv.exe
19:40:40.0546 3548 WmiApSrv - ok
19:40:40.0640 3548 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:40:40.0687 3548 WMPNetworkSvc - ok
19:40:40.0812 3548 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:40:40.0828 3548 WPFFontCache_v0400 - ok
19:40:40.0890 3548 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS2\System32\drivers\ws2ifsl.sys
19:40:40.0890 3548 WS2IFSL - ok
19:40:40.0890 3548 WSearch - ok
19:40:40.0937 3548 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS2\system32\DRIVERS\WSTCODEC.SYS
19:40:40.0937 3548 WSTCODEC - ok
19:40:41.0000 3548 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS2\system32\DRIVERS\WudfPf.sys
19:40:41.0000 3548 WudfPf - ok
19:40:41.0062 3548 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS2\system32\DRIVERS\wudfrd.sys
19:40:41.0062 3548 WudfRd - ok
19:40:41.0109 3548 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS2\System32\WUDFSvc.dll
19:40:41.0125 3548 WudfSvc - ok
19:40:41.0218 3548 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS2\System32\wzcsvc.dll
19:40:41.0218 3548 WZCSVC - ok
19:40:41.0265 3548 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS2\System32\xmlprov.dll
19:40:41.0265 3548 xmlprov - ok
19:40:41.0296 3548 ================ Scan global ===============================
19:40:41.0343 3548 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS2\system32\basesrv.dll
19:40:41.0406 3548 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS2\system32\winsrv.dll
19:40:41.0421 3548 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS2\system32\winsrv.dll
19:40:41.0468 3548 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS2\system32\services.exe
19:40:41.0468 3548 [Global] - ok
19:40:41.0484 3548 ================ Scan MBR ==================================
19:40:41.0515 3548 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:40:41.0765 3548 \Device\Harddisk0\DR0 - ok
19:40:41.0781 3548 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk1\DR4
19:40:42.0140 3548 \Device\Harddisk1\DR4 - ok
19:40:42.0140 3548 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR6
19:40:44.0937 3548 \Device\Harddisk2\DR6 - ok
19:40:44.0937 3548 ================ Scan VBR ==================================
19:40:44.0937 3548 [ C51C7A3F3FB4FD7E477BD8AE584EB0E2 ] \Device\Harddisk0\DR0\Partition1
19:40:44.0937 3548 \Device\Harddisk0\DR0\Partition1 - ok
19:40:44.0968 3548 [ 5E1329A6D54857F8D060D933F2392CD9 ] \Device\Harddisk1\DR4\Partition1
19:40:44.0984 3548 \Device\Harddisk1\DR4\Partition1 - ok
19:40:44.0984 3548 [ 38A4C81F548F712FC8C35B961BF3552F ] \Device\Harddisk2\DR6\Partition1
19:40:44.0984 3548 \Device\Harddisk2\DR6\Partition1 - ok
19:40:44.0984 3548 ============================================================
19:40:44.0984 3548 Scan finished
19:40:44.0984 3548 ============================================================
19:40:45.0000 1964 Detected object count: 1
19:40:45.0000 1964 Actual detected object count: 1
19:40:55.0125 1964 c:\program files\common files\akamai/netsession_win_5891ae0.dll - copied to quarantine
19:40:55.0125 1964 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 19:42:20
-----------------------------
19:42:20.468 OS Version: Windows 5.1.2600 Service Pack 3
19:42:20.468 Number of processors: 1 586 0x304
19:42:20.468 ComputerName: DIMENSION4700 UserName: Mama_Daddy
19:42:21.250 Initialize success
19:51:00.390 AVAST engine defs: 12102502
19:51:05.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:51:05.984 Disk 0 Vendor: WDC_WD2500JD-75HBB0 08.02D08 Size: 238418MB BusType: 3
19:51:06.000 Disk 0 MBR read successfully
19:51:06.000 Disk 0 MBR scan
19:51:06.046 Disk 0 Windows XP default MBR code
19:51:06.046 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 62 MB offset 63
19:51:06.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234754 MB offset 128520
19:51:06.125 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 480921840
19:51:06.125 Disk 0 scanning sectors +488263545
19:51:06.218 Disk 0 scanning C:\WINDOWS2\system32\drivers
19:51:18.796 Service scanning
19:51:42.984 Modules scanning
19:51:49.562 Disk 0 trace - called modules:
19:51:50.109 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:51:50.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5f9ab8]
19:51:50.109 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a5bcd98]
19:51:51.015 AVAST engine scan C:\WINDOWS2
19:52:06.015 AVAST engine scan C:\WINDOWS2\system32
19:55:57.968 AVAST engine scan C:\WINDOWS2\system32\drivers
19:56:21.578 AVAST engine scan C:\Documents and Settings\Alok
20:25:53.468 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS2
20:38:31.421 Scan finished successfully
20:41:00.828 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
20:41:01.171 The log file has been saved successfully to "G:\aswMBR_log.txt"


ESET

C:\Documents and Settings\Us\139d2e78.dll a variant of Win32/Kryptik.ANKF trojan cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1644491937-1532298954-1606980848-1003\Dc16.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:28 AM

Posted 26 October 2012 - 09:43 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 imthere2

imthere2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 27 October 2012 - 05:29 PM

-----------------------------------------------------------------------------------------------------------------------
MBM Log
-----------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.26.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

10/26/2012 7:16:11 PM
mbam-log-2012-10-26 (19-16-11).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 815695
Time elapsed: 5 hour(s), 13 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------------------------------------------------------------
MTB Log
-----------------------------------------------------------------------------------------------------------------------
MiniToolBox by Farbar Version: 23-07-2012
Ran by administrator on 27-10-2012 at 01:18:42
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dimension4700

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : oc.cox.net



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : oc.cox.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-87-B5-98

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.136

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Saturday, October 27, 2012 1:13:51 AM

Lease Expires . . . . . . . . . . : Sunday, October 28, 2012 1:13:51 AM

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.227.103, 74.125.227.104, 74.125.227.105, 74.125.227.110
74.125.227.96, 74.125.227.97, 74.125.227.98, 74.125.227.99, 74.125.227.100
74.125.227.101, 74.125.227.102



Pinging google.com [74.125.227.105] with 32 bytes of data:



Reply from 74.125.227.105: bytes=32 time=524ms TTL=53

Reply from 74.125.227.105: bytes=32 time=554ms TTL=53



Ping statistics for 74.125.227.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 524ms, Maximum = 554ms, Average = 539ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=802ms TTL=53

Reply from 98.139.183.24: bytes=32 time=701ms TTL=53



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 701ms, Maximum = 802ms, Average = 751ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 11 11 87 b5 98 ...... Intel® PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.136 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.136 192.168.1.136 20
192.168.1.0 255.255.255.0 192.168.1.136 192.168.1.136 20
192.168.1.136 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.136 192.168.1.136 20
224.0.0.0 240.0.0.0 192.168.1.136 192.168.1.136 20
255.255.255.255 255.255.255.255 192.168.1.136 192.168.1.136 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/26/2012 06:52:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10354610

Error: (10/26/2012 06:52:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10354610

Error: (10/26/2012 06:52:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/24/2012 07:48:54 PM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00036822.
Processing media-specific event for [spoolsv.exe!ws!]

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2012 10:46:18 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)


System errors:
=============
Error: (10/27/2012 01:15:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/27/2012 01:15:38 AM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.

Error: (10/27/2012 01:15:02 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (10/27/2012 01:14:53 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/27/2012 00:58:53 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/27/2012 00:58:42 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/26/2012 06:55:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/26/2012 06:55:12 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.

Error: (10/26/2012 06:54:48 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (10/25/2012 07:17:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd


Microsoft Office Sessions:
=========================
Error: (10/26/2012 06:52:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10354610

Error: (10/26/2012 06:52:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10354610

Error: (10/26/2012 06:52:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/24/2012 07:48:54 PM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024ntdll.dll5.1.2600.605500036822

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28191453

Error: (10/23/2012 04:15:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2012 10:46:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (10/19/2012 10:00:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)


=========================== Installed Programs ============================

Add or Remove Adobe Creative Suite 3 Design Premium (Version: 1.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 9 Plugin (Version: 9.0.45.0)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Version Cue CS3 Server {ko_KR} (Version: 3.0.0.0 {ko_KR} )
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Akamai NetSession Interface Service
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel (Version: 6.14.10.5120)
ATI Display Driver (Version: 8.051-040825a-019641C-Dell)
AutoCAD 2005 - English (Version: 16.1.63.10)
AutoCAD 2012 - English (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0)
Autodesk Content Service (Version: 2.0.90)
Autodesk DWF Viewer (Version: 4.1)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
Bing Bar (Version: 7.0.614.0)
Bonjour (Version: 3.0.0.10)
Canon MX860 series MP Drivers
Canon PIXMA iP3000
CCleaner (Version: 3.22)
Cisco Connect (Version: 1.3.11006.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager (Version: 3.0.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Version: 3.1.5907.39)
ESET Online Scanner v3
FARO LS 1.1.406.58 (Version: 4.6.58.2)
Fisher-Price iXL - Cars 2 (Version: 1.0.0)
Fisher-Price iXL Computer Software (Version: 2.0.2.8)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.5.4)
GeoSetter 3.4.16
Google Chrome (Version: 22.0.1229.94)
Google Earth (Version: 6.1.0.5001)
Google SketchUp Pro 8 (Version: 3.0.11752)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
InstallMgr (Version: 1.0.39.0)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Invoke Solutions Participant 6.2.0.1452
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MFworks Client
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft Default Manager (Version: 1.1.53.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft LifeCam (Version: 3.0.215.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Move Media Player
MSN
MSN Toolbar (Version: 1.0.39.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.1.0)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings (Version: 1.0)
Picture Control Utility (Version: 1.1.0)
Podium Plants & Trees version 2.0
PrimoPDF -- by Nitro PDF Software (Version: 5.0.0.19)
Quicken 2012 (Version: 21.1.7.18)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Recuva (Version: 1.42)
Safari (Version: 5.33.20.27)
Skype Click to Call (Version: 6.2.10687)
Skype™ 5.10 (Version: 5.10.116)
SoundMAX (Version: 5.12.01.5246)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SU Podium V2 1.0
TurboTax 2008
TurboTax 2008 wcaiper (Version: 008.000.0140)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0332)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0217)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0189)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0993)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0426)
TurboTax 2008 wrapper (Version: 008.000.0063)
TurboTax 2009
TurboTax 2009 wcaiper (Version: 009.000.0862)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2163)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1393)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wcaiper (Version: 011.000.1647)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Premier 2007
Unity Web Player (Version: 2.5.0f5_21627)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
UserZoom survey tool (Version: 3.5)
VBA (2627.01) (Version: 6.03.00.9402)
ViewNX (Version: 1.1.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.9 (Version: 1.1.9)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Search 4.0 (Version: 04.00.6001.503)
Wizard101 (Version: 1.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2046.07 MB
Available physical RAM: 1474.67 MB
Total Pagefile: 3420.45 MB
Available Pagefile: 2979.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:229.25 GB) (Free:28.73 GB) NTFS
4 Drive f: (Maxtor 250GB) (Fixed) (Total:233.76 GB) (Free:177.72 GB) NTFS
5 Drive g: () (Removable) (Total:0.98 GB) (Free:0.93 GB) FAT

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

30-09-2012 15:40:04 System Checkpoint
01-10-2012 00:37:50 Software Distribution Service 3.0
02-10-2012 04:01:18 Software Distribution Service 3.0
02-10-2012 04:16:16 Software Distribution Service 3.0
03-10-2012 04:35:50 Software Distribution Service 3.0
04-10-2012 04:38:49 Software Distribution Service 3.0
05-10-2012 17:37:31 Software Distribution Service 3.0
06-10-2012 20:51:27 Software Distribution Service 3.0
08-10-2012 00:23:29 Software Distribution Service 3.0
09-10-2012 02:28:52 Software Distribution Service 3.0
10-10-2012 03:05:59 Software Distribution Service 3.0
10-10-2012 06:02:44 Software Distribution Service 3.0
11-10-2012 03:31:22 Software Distribution Service 3.0
12-10-2012 05:30:55 Software Distribution Service 3.0
13-10-2012 17:36:12 Software Distribution Service 3.0
13-10-2012 19:38:44 Software Distribution Service 3.0
14-10-2012 21:41:32 System Checkpoint
15-10-2012 00:46:19 Software Distribution Service 3.0
16-10-2012 15:14:54 Software Distribution Service 3.0
18-10-2012 03:21:32 Software Distribution Service 3.0
19-10-2012 03:52:15 System Checkpoint
19-10-2012 05:35:41 Software Distribution Service 3.0
20-10-2012 04:54:32 Restore Operation
20-10-2012 05:01:54 Restore Operation
21-10-2012 05:41:06 System Checkpoint
22-10-2012 03:52:59 Restore Operation
22-10-2012 04:05:30 Restore Operation
23-10-2012 14:47:22 System Checkpoint
25-10-2012 02:29:10 Restore Operation
25-10-2012 02:33:36 avast! Free Antivirus Setup
25-10-2012 03:12:45 NEW
26-10-2012 03:20:02 System Checkpoint
27-10-2012 04:56:58 System Checkpoint

**** End of log ****


-----------------------------------------------------------------------------------------------------------------------
FSS Log
-----------------------------------------------------------------------------------------------------------------------
Farbar Service Scanner Version: 19-10-2012
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000900000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

-----------------------------------------------------------------------------------------------------------------------
Adw Cleaner Log
-----------------------------------------------------------------------------------------------------------------------
# AdwCleaner v2.005 - Logfile created 10/27/2012 at 01:12:10
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# Boot Mode : Normal
# Running from : G:\adwcleaner3.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Alok\Application Data\Toolbar4
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Alok\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Alok\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [5380 octets] - [27/10/2012 01:12:10]

########## EOF - C:\AdwCleaner[S2].txt - [5440 octets] ##########


-----------------------------------------------------------------------------------------------------------------------
JRT Scan
-----------------------------------------------------------------------------------------------------------------------
Junkware Removal Tool (JRT) by Thisisu
Version: 2.2.1 (10.26.2012)
OS: Microsoft Windows XP x86
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values:

Successfully deleted: [VALUE] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [VALUE] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8660e5b3-6c41-44de-8503-98d99bbecd41}



*** Registry Keys:

Successfully deleted: [KEY] "hkey_current_user\software\appdatalow\software\freecause"
Successfully deleted: [KEY] "hkey_current_user\software\conduit"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\comobject.deskbarenabler"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\comobject.deskbarenabler.1"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook"
Successfully deleted: [KEY] "hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1"
Successfully deleted: [KEY] "hkey_local_machine\software\conduit"
Successfully deleted: [KEY] hkey_classes_root\interface\{01221fcc-4bfb-461c-b08c-f6d2df309921}
Successfully deleted: [KEY] hkey_classes_root\interface\{2a42d13c-d427-4787-821b-cf6973855778}
Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [KEY] hkey_classes_root\interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}
Successfully deleted: [KEY] hkey_classes_root\interface\{452ae416-9a97-44ca-93da-d0f15c36254f}
Successfully deleted: [KEY] hkey_classes_root\interface\{45cda4f7-594c-49a0-aad1-8224517fe979}
Successfully deleted: [KEY] hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Successfully deleted: [KEY] hkey_classes_root\interface\{4d8ed2b3-dc62-43ec-aba3-5b74f046b1be}
Successfully deleted: [KEY] hkey_classes_root\interface\{81e852cc-1fd5-4004-8761-79a48b975e29}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [KEY] hkey_classes_root\interface\{95b6a271-feb4-4160-b0ff-44394c21c8dc}
Successfully deleted: [KEY] hkey_classes_root\interface\{b2ca345d-adb8-4f5d-ac64-4ab34322f659}
Successfully deleted: [KEY] hkey_classes_root\interface\{b9f43021-60d4-42a6-a065-9ba37f38ac47}
Successfully deleted: [KEY] hkey_classes_root\interface\{bf921dd3-732a-4a11-933b-a5ea49f2fd2c}
Successfully deleted: [KEY] hkey_classes_root\interface\{d83b296a-2fa6-425b-8ae8-a1f33d99fbd6}
Successfully deleted: [KEY] hkey_classes_root\interface\{e67d5bc7-7129-493e-9281-f47bdaface4f}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{e8daaa30-6caa-4b58-9603-8e54238219e2}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{e8daaa30-6caa-4b58-9603-8e54238219e2}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{fcbccb87-9224-4b8d-b117-f56d924beb18}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{fcbccb87-9224-4b8d-b117-f56d924beb18}

*** Files:

Successfully deleted: [FILE] C:\eula.1028.txt
Successfully deleted: [FILE] C:\eula.1031.txt
Successfully deleted: [FILE] C:\eula.1033.txt
Successfully deleted: [FILE] C:\eula.1036.txt
Successfully deleted: [FILE] C:\eula.1040.txt
Successfully deleted: [FILE] C:\eula.1041.txt
Successfully deleted: [FILE] C:\eula.1042.txt
Successfully deleted: [FILE] C:\eula.2052.txt
Successfully deleted: [FILE] C:\install.res.1028.dll
Successfully deleted: [FILE] C:\install.res.1031.dll
Successfully deleted: [FILE] C:\install.res.1033.dll
Successfully deleted: [FILE] C:\install.res.1036.dll
Successfully deleted: [FILE] C:\install.res.1040.dll
Successfully deleted: [FILE] C:\install.res.1041.dll
Successfully deleted: [FILE] C:\install.res.1042.dll
Successfully deleted: [FILE] C:\install.res.2052.dll
Successfully deleted: [FILE] C:\install.res.3082.dll

*** Folders:

Successfully deleted: [FOLDER] "C:\Documents and Settings\Alok\Local Settings\Application Data\conduit"
Successfully deleted: [FOLDER] "C:\Program Files\conduit"

*** Event Viewer Logs - NOT cleared

**************************************************************
Scan was completed on Sat 10/27/2012 at 1:04:30.37
End of Report

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:28 AM

Posted 27 October 2012 - 05:33 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 imthere2

imthere2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 27 October 2012 - 10:53 PM

Hi, see FSS and Autoruns outputs below. A couple of issues: the computer crashes everytime I try to run RKill (even in Safe Mode), and the computer has become painfully slow...thanks!

---------------------------------
FSS
---------------------------------

Farbar Service Scanner Version: 19-10-2012
Ran by administrator on 27-10-2012 at 16:39:23
Running from "G:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000080000000900000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

---------------------------------
Autoruns
---------------------------------
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "Adobe_ID0EYTHM" "Adobe Version Cue CS3" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3tray.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ATIPTA" "ATI Desktop Control Panel" "ATI Technologies, Inc." "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files\microsoft office\office14\bcssync.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "iXL_MiddleWare" "iXL" "Fisher-Price" "c:\program files\fisher-price\ixl\ixl.middleware.exe"
+ "LifeCam" "LifeExp.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\lifeexp.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corp." "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SoundMAXPnP" "SMax4PNP MFC Application" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\real\realplayer\update\realsched.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "AvgUninstallURL" "" "" "File not found: start"
"C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup" "" "" ""
+ "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Akamai NetSession Interface" "Akamai NetSession Client" "Akamai Technologies, Inc." "c:\documents and settings\alok\local settings\application data\akamai\netsession_win.exe"
+ "DW6" "" "" "File not found: C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AcShellExtension.AcContextMenuHandler" "AutoCAD Dwg common shell extension handler" "Autodesk" "c:\program files\common files\autodesk shared\acshellex\acshellextension.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "GeoSetterShellExt" "Shell extension to show GeoSetter menu entries in file context menus" "Friedemann Schmidt" "c:\program files\geosetter\geosettershellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "AcColumnHandler" "AutoCAD Dwg common shell extension handler" "Autodesk" "c:\program files\common files\autodesk shared\acshellex\acshellextension.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "GeoSetterShellExt" "Shell extension to show GeoSetter menu entries in file context menus" "Friedemann Schmidt" "c:\program files\geosetter\geosettershellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "AutoCAD Digital Signatures Icon Overlay Handler" "AutoCAD component" "Autodesk, Inc." "c:\windows2\system32\acsignicon.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\documents and settings\all users.windows2\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "UserZoom survey tool" "" "" "c:\program files\userzoom survey tool\userzoom.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair"
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows2\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "RealUpgradeLogonTaskS-1-5-21-1644491937-1532298954-1606980848-1003.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeScheduledTaskS-1-5-21-1644491937-1532298954-1606980848-1003.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "ReclaimerResumeInstall_Mama_Daddy.job" "RealNetworks Installer" "RealNetworks, Inc." "c:\documents and settings\alok\application data\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Adobe Version Cue CS3" "Adobe Version Cue CS3" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows2\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Akamai" "Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly." "Akamai Technologies, Inc." "c:\program files\common files\akamai/netsession_win_5891ae0.dll"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati HotKey Poller" "" "" "c:\windows2\system32\ati2evxx.exe"
+ "Autodesk Content Service" "Autodesk Content Service" "" "c:\program files\autodesk\content service\connect.service.contentservice.exe"
+ "Autodesk Licensing Service" "Anchor service for Autodesk products licensed with SafeCast" "Autodesk, Inc." "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "BITS" "Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled." "Microsoft Corporation" "c:\windows\system32\qmgr.dll"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Flexera Software, Inc." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "IntuitUpdateService" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service\intuitupdateservice.exe"
+ "IntuitUpdateServiceV4" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service v4\intuitupdateservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MSCamSvc" "MsCamSvc.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\mscams32.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\documents and settings\all users.windows2\application data\skype\toolbars\skype c2c service\c2c_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "wuauserv" "Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site." "Microsoft Corporation" "c:\windows\system32\wuauserv.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows2\system32\drivers\ati2mtag.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS2\System32\Drivers\Changer.sys"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows2\system32\drivers\e100b325.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows2\system32\drivers\gearaspiwdm.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS2\System32\Drivers\i2omgmt.sys"
+ "IntelC51" "Modem DSP Driver" "Intel Corporation" "c:\windows2\system32\drivers\intelc51.sys"
+ "IntelC52" "Modem CP Driver" "Intel Corporation" "c:\windows2\system32\drivers\intelc52.sys"
+ "IntelC53" "Modem AFE Driver" "Intel Corporation" "c:\windows2\system32\drivers\intelc53.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "" "File not found: system32\DRIVERS\Lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS2\System32\Drivers\lbrtfdc.sys"
+ "mohfilt" "Filter Driver to Support Modem-on-Hold" "Intel Corporation" "c:\windows2\system32\drivers\mohfilt.sys"
+ "Netaapl" "Apple Mobile Device Ethernet" "Apple Inc." "c:\windows2\system32\drivers\netaapl.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS2\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS2\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS2\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS2\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS2\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows2\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows2\system32\drivers\secdrv.sys"
+ "senfilt" "Creative WDM Audio Driver" "Creative Technology Ltd." "c:\windows2\system32\drivers\senfilt.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows2\system32\drivers\smwdm.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows2\system32\drivers\usbaapl.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS2\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows2\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows2\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows2\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows2\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows2\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows2\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows2\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows2\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows2\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows2\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows2\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows2\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows2\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows2\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows2\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows2\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows2\system32\ir50_32.dll"
+ "MainConcept (Nikon) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Nikon) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonesmpeg.ax"
+ "MainConcept (Nikon) MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonspmpeg.ax"
+ "MainConcept (Nikon) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows2\system32\l3codecx.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee WAV Encoder" "mvWavEncoder Filter (Sample)" "Microsoft Corporation" "c:\program files\common files\muvee technologies\030625\mvwavenc.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows2\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MX860 series" "IJ Language Monitor" "CANON INC." "c:\windows2\system32\cnmlm9n.dll"
+ "Canon BJ Language Monitor PIXMA iP3000" "BJ Language Monitor" "CANON INC." "c:\windows2\system32\cnmlm61.dll"
+ "Canon MP FAX Language Monitor MX860 series" "MP FAX Language Monitor DLL" "Canon Inc." "c:\windows2\system32\cncf2lj.dll"
+ "PrimoMon" "" "" "c:\windows2\system32\primomonnt.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:28 AM

Posted 28 October 2012 - 01:13 AM

Try to run RKILL from safemode and post the log

#13 imthere2

imthere2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 28 October 2012 - 03:16 AM

Unfortunately, RKILL crashes in safemode as well...

Edited by imthere2, 28 October 2012 - 03:16 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:28 AM

Posted 28 October 2012 - 03:52 AM

Launch Autoruns and uncheck these entries
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Lbd" "Ad-Aware mini-filter driver" "" "File not found: system32\DRIVERS\Lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS2\System32\Drivers\lbrtfdc.sys"

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Let me know how system behaves now.

Edited by narenxp, 28 October 2012 - 03:52 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users