Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System freezes with any multimedia interaction


  • This topic is locked This topic is locked
75 replies to this topic

#1 Kovid

Kovid

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 01 January 2013 - 04:15 PM

My system freezes and needs a hard reset every time I open a folder containing as little as one multimedia file or click/r-click on a multimedia file. I have tried running MBAM and Microsoft Safety Scanner, but they both freeze about 15 seconds into the scan. I was able to run a quick scan with MalwareBytes in Safe Mode (report attached), and then I ran MSS (0 errors). I have run a checkdisk that showed 0 errors. When I attempt to run sfc /scannow the system freezes in the same place every time (roughly halfway through). MBAM full system scan freezes in the same folders every time (Quicktime something, will run again to get exact file if needed). HJT report attached. DDS report attached.

Attached File  mbam-log-2012-12-28 (14-32-00).txt   2.02KB   4 downloads
Attached File  hijackthis.log   6.72KB   6 downloads
Attached File  attach.txt   25.8KB   4 downloads

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 03 January 2013 - 08:42 PM

Greetings Kovid and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.com
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


MBAM full system scan freezes in the same folders every time (Quicktime something, will run again to get exact file if needed).

This information would be helpful


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • Quicktime file information

Edited by Oh My, 03 January 2013 - 11:15 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Kovid

Kovid
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 January 2013 - 02:21 PM

Hello Gary. Thank you for helping me! My name is Troy. Typically I will only be able to reply in the evenings (CST). Here is the information you asked me to get.

OS:
Windows XP SP3 (WinNT 5.01.2600)
I do have the original Windows CD.

System freezes:
The CPU appears to hit max capacity leaving everything unresponsive, but I still have control of the mouse. The CPU indicator LED in the tower is fixed "on" when it freezes.

Causes of system freeze:
-click/r-click on multimedia file (image, video, haven't tried music)
-open a folder containing multimedia file
-let system idle for a few minutes (newer cause)

MBAM full system scan in SafeMode freezes on this file every time:
C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr

I tried to uninstall QuickTime (through Add/Remove Programs) a few days ago, but my system freezes before the uninstaller opens.

DDS logs:
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2008 7:18:53 AM
System Uptime: 1/4/2013 12:53:28 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-D
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 81.174 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1DF6DAD1E8C00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1DF6DAD1E8C00
Service: NIC1394
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP1459: 12/31/2012 1:53:45 PM - System Checkpoint
RP1460: 12/31/2012 1:53:45 PM - System Checkpoint
RP1461: 12/31/2012 1:53:45 PM - System Checkpoint
RP1462: 12/31/2012 1:53:45 PM - System Checkpoint
RP1463: 12/31/2012 1:53:44 PM - System Checkpoint
RP1464: 12/31/2012 1:53:44 PM - System Checkpoint
RP1465: 12/31/2012 1:53:44 PM - System Checkpoint
RP1466: 12/31/2012 1:53:44 PM - Software Distribution Service 3.0
RP1467: 12/31/2012 1:53:44 PM - System Checkpoint
RP1468: 12/31/2012 1:53:44 PM - System Checkpoint
RP1469: 12/31/2012 1:53:44 PM - System Checkpoint
RP1470: 12/31/2012 1:53:44 PM - System Checkpoint
RP1471: 12/31/2012 1:53:43 PM - System Checkpoint
RP1472: 12/31/2012 1:53:43 PM - System Checkpoint
RP1473: 12/31/2012 1:53:43 PM - System Checkpoint
RP1474: 12/31/2012 1:53:43 PM - System Checkpoint
RP1475: 12/31/2012 1:53:43 PM - System Checkpoint
RP1476: 12/31/2012 1:53:43 PM - System Checkpoint
RP1477: 12/31/2012 1:53:43 PM - System Checkpoint
RP1478: 12/31/2012 1:53:42 PM - System Checkpoint
RP1479: 12/31/2012 1:53:42 PM - System Checkpoint
RP1480: 12/31/2012 1:53:42 PM - System Checkpoint
RP1481: 12/31/2012 1:53:42 PM - System Checkpoint
RP1482: 12/31/2012 1:53:42 PM - System Checkpoint
RP1483: 12/31/2012 1:53:42 PM - System Checkpoint
RP1484: 12/31/2012 1:53:42 PM - System Checkpoint
RP1485: 11/1/2012 2:39:36 PM - System Checkpoint
RP1486: 11/2/2012 5:07:35 PM - System Checkpoint
RP1487: 11/3/2012 5:15:20 PM - System Checkpoint
RP1488: 11/4/2012 5:25:02 PM - System Checkpoint
RP1489: 11/5/2012 8:38:53 PM - System Checkpoint
RP1490: 11/7/2012 7:05:13 PM - System Checkpoint
RP1491: 11/9/2012 4:52:39 PM - System Checkpoint
RP1492: 11/10/2012 6:55:15 PM - System Checkpoint
RP1493: 11/13/2012 10:05:59 AM - System Checkpoint
RP1494: 11/13/2012 10:41:21 PM - Software Distribution Service 3.0
RP1495: 11/15/2012 8:09:35 AM - System Checkpoint
RP1496: 11/16/2012 5:58:25 PM - System Checkpoint
RP1497: 11/17/2012 6:05:22 PM - System Checkpoint
RP1498: 11/18/2012 6:16:53 PM - System Checkpoint
RP1499: 11/19/2012 6:41:34 PM - System Checkpoint
RP1500: 11/20/2012 7:04:34 PM - System Checkpoint
RP1501: 11/21/2012 10:25:51 PM - System Checkpoint
RP1502: 11/23/2012 7:53:19 AM - System Checkpoint
RP1503: 11/24/2012 8:53:17 AM - System Checkpoint
RP1504: 11/25/2012 10:40:00 AM - System Checkpoint
RP1505: 11/26/2012 11:22:11 AM - System Checkpoint
RP1506: 11/27/2012 11:47:11 AM - System Checkpoint
RP1507: 11/28/2012 1:29:43 PM - System Checkpoint
RP1508: 11/29/2012 1:29:58 PM - System Checkpoint
RP1509: 11/30/2012 1:40:20 PM - System Checkpoint
RP1510: 12/1/2012 2:18:49 PM - System Checkpoint
RP1511: 12/2/2012 2:57:15 PM - System Checkpoint
RP1512: 12/3/2012 8:03:32 PM - System Checkpoint
RP1513: 12/4/2012 8:19:40 PM - System Checkpoint
RP1514: 12/6/2012 8:24:47 AM - System Checkpoint
RP1515: 12/7/2012 1:33:20 PM - System Checkpoint
RP1516: 12/8/2012 1:54:21 PM - System Checkpoint
RP1517: 12/9/2012 3:30:34 PM - System Checkpoint
RP1518: 12/10/2012 4:22:54 PM - System Checkpoint
RP1519: 12/11/2012 4:24:45 PM - System Checkpoint
RP1520: 12/12/2012 7:05:10 AM - Software Distribution Service 3.0
RP1521: 12/13/2012 11:05:32 AM - System Checkpoint
RP1522: 12/14/2012 11:30:23 AM - System Checkpoint
RP1523: 12/15/2012 2:58:37 PM - System Checkpoint
RP1524: 12/16/2012 4:06:26 PM - System Checkpoint
RP1525: 12/17/2012 4:31:16 PM - System Checkpoint
RP1526: 12/18/2012 4:48:09 PM - System Checkpoint
RP1527: 12/19/2012 7:14:45 PM - System Checkpoint
RP1528: 12/20/2012 7:20:12 PM - System Checkpoint
RP1529: 12/21/2012 7:23:03 PM - System Checkpoint
RP1530: 12/22/2012 12:11:12 AM - Software Distribution Service 3.0
RP1531: 12/23/2012 12:43:35 AM - System Checkpoint
RP1532: 12/24/2012 10:22:11 AM - System Checkpoint
RP1533: 12/25/2012 11:17:55 AM - System Checkpoint
RP1534: 12/26/2012 11:59:48 AM - System Checkpoint
RP1535: 12/27/2012 12:09:29 PM - System Checkpoint
RP1536: 12/28/2012 12:49:15 PM - System Checkpoint
RP1537: 12/28/2012 9:14:06 PM - Removed Print Creations
RP1538: 12/28/2012 9:16:21 PM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
RP1539: 12/28/2012 9:18:49 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP1540: 12/28/2012 9:20:16 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP1541: 12/28/2012 9:21:11 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1542: 12/28/2012 9:22:01 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
RP1543: 12/28/2012 9:22:25 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP1544: 12/29/2012 10:35:20 AM - Software Distribution Service 3.0
RP1545: 12/30/2012 4:21:36 PM - System Checkpoint
RP1546: 1/3/2013 1:12:58 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.3.1
Apple Application Support
Apple Software Update
Bonjour
CCleaner
CCScore
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Cobian Backup 11 Gravity
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Diablo III
DivX Web Player
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
EVE Online (remove only)
Fraps (remove only)
Google Chrome
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 6
Java™ 6 Update 7
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kingdoms of Amalur: Reckoning™
Kodak EasyShare software
Logitech High Quality Video
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.70.0.1100
MATLAB R2011a Student Version
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 ??? Language Pack
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Language Pack - JPN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XNA Framework Redistributable 3.1
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NCsoft Launcher
netbrdg
NVIDIA Control Panel 295.73
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 295.73
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
OfotoXMI
OGA Notifier 2.0.0048.0
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
Sid Meier's Civilization V
skin0001
SKINXSDK
Skype™ 6.0
staticcr
Steam
StencylWorks
Team Fortress 2
TeamSpeak 3 Client
tooltips
Unity Web Player
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
12/31/2012 8:23:16 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
12/31/2012 12:03:41 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
12/31/2012 12:03:41 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.
12/31/2012 12:03:41 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
12/31/2012 11:22:11 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
12/30/2012 8:33:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/30/2012 3:25:42 PM, error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
12/30/2012 2:05:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/30/2012 2:05:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/30/2012 2:04:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
12/30/2012 2:04:52 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2012 2:04:52 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2012 2:04:52 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2012 2:04:52 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2012 2:04:52 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/30/2012 10:34:54 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
1/3/2013 2:57:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/3/2013 2:56:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/3/2013 2:33:42 PM, error: Service Control Manager [7034] - The Cobian Backup 11 Volume Shadow Copy Requester service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17115 BrowserJavaVersion: 1.6.0_31
Run by Troy at 13:13:45 on 2013-01-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1480 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/410
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\troy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PlayNC Launcher] <no file>
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212817567217
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 206.255.244.169 206.255.244.170
TCP: Interfaces\{7888B726-8E71-4DCB-8C74-C2D5FE3F4577} : DHCPNameServer = 206.255.244.169 206.255.244.170
TCP: Interfaces\{E234F579-5398-4175-B39F-9A305579FC47} : DHCPNameServer = 206.255.244.169 206.255.244.170
TCP: Interfaces\{EBC07E66-4B93-4336-BA37-4E337C39EBC6} : DHCPNameServer = 206.255.244.177 204.174.16.4 204.174.18.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-12-30 67584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-28 40776]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\drivers\niede.sys --> c:\windows\system32\drivers\niede.sys [?]
S3 niraptrkw;niraptrkw;c:\windows\system32\drivers\niraptrkw.sys --> c:\windows\system32\drivers\niraptrkw.sys [?]
S3 niufurkw;niufurkw;c:\windows\system32\drivers\niufurkw.sys --> c:\windows\system32\drivers\niufurkw.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-12-12 362944]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\easyshare.exe"
ShellExec: matlab.exe: Open="c:\program files\matlab\r2011a student\bin\win32\matlab.exe"
ShellExec: matlab.exe: Run="c:\program files\matlab\r2011a student\bin\win32\matlab.exe"
.
=============== Created Last 30 ================
.
2012-12-31 04:26:16 -------- d-----w- c:\program files\CCleaner
2012-12-31 03:41:24 -------- d-----w- c:\program files\Cobian Backup 11
2012-12-30 01:38:29 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-12-30 01:13:58 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-12-30 01:12:59 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-12-30 01:11:58 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-12-30 01:10:58 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2012-12-30 01:09:59 29768 -c--a-w- c:\windows\system32\dllcache\divasu.dll
2012-12-30 01:08:59 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2012-12-30 01:07:54 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-12-29 20:13:36 5955584 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 20:13:35 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-28 23:50:08 -------- d-----w- c:\program files\Unlocker
2012-12-28 20:47:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-12 01:25:19 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-12-29 20:13:55 1070792 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-12-29 20:13:55 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-12-29 20:13:52 1070792 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-03 15:40:50 7606272 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:40:50 4153600 ----a-w- c:\windows\system32\nv4_disp.dll
2012-12-03 15:40:50 2611560 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:40:50 2441728 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:40:50 19460096 ----a-w- c:\windows\system32\nvoglnt.dll
2012-12-03 15:40:50 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:40:50 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:40:50 11053992 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-12-03 15:40:50 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-01 04:53:45 15524712 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:53:44 164712 ----a-w- c:\windows\system32\nvsvc32.exe
2012-12-01 04:53:43 143720 ----a-w- c:\windows\system32\nvcolor.exe
2012-12-01 04:53:43 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 04:52:17 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-11 02:29:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-11 02:29:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:30:04 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:30:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:30:04 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:30:04 17408 ----a-w- c:\windows\system32\corpol.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAKS-00VYA0 rev.12.01B01 -> Harddisk0\DR0 -> \Device\0000006c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A7949C0]<<
_asm { MOV EAX, 0x8a7948e0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a797c94; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8A704AB8]
\Driver\Disk[0x8A6FA900] -> IRP_MJ_CREATE -> 0x8A7949C0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8a7949c0
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 13:15:06.00 ===============

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 04 January 2013 - 05:12 PM

Hi Troy,

Welcome aboard and nice to meet you. Thanks for letting me know when you are available.

It appears your Master Boot Record (MBR) is corrupted but I would like to run another program to get a fresh look.


===================================================


Running mbr.exe

--------------------

  • Please download mbr.exe and save it to the root directory, usually C:\ <<<- (Important!)
  • Press the windows key Posted Image + r on your keyboard at the same time
  • Type cmd and press Enter
  • At the Command Prompt type:

    c:\mbr.exe >>"C:\mbr.log"
  • Press Enter
  • A black DOS window will open and quickly disappear
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\mbr.log).
  • Copy and paste the contents of that log in your next reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • mbr.log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Kovid

Kovid
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 January 2013 - 05:21 PM

mbr.log

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAKS-00VYA0 rev.12.01B01 -> Harddisk0\DR0 -> \Device\0000006c

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 04 January 2013 - 05:26 PM

Hi Troy,

Interesting, those results are different than the previous results in your DDS log. Good news if true but we will keep an eye on it.

Please do this for me.


===================================================


ComboFix

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.

Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image



Click on Yes, to continue scanning for malware.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue[/list]

If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Kovid

Kovid
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 January 2013 - 09:43 PM

My system freezes after ComboFix gets to the point "Completed Stage_48" every time. I tried twice before using the alternate method:

If Combofix fails to run properly using the above instructions please attempt the following:

Right click on the Combofix icon on your desktop and select Delete
Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
Restart your computer in Safe Mode
Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
Do not reboot your computer
Double click the freshcopy.exe icon (renamed Combofix file)
When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it


My system froze in the same spot using this method. Here is the Rkill log:

Rkill.txt

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/04/2013 07:41:12 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* AFD (AFD) is not Running.
Startup Type set to: System

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* AFD (AFD) is not Running.
Startup Type set to: System

* IPSEC driver (IPSec) is not Running.
Startup Type set to: System

* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System

* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\smss.exe [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/04/2013 07:42:23 PM
Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)

Edited by Kovid, 04 January 2013 - 09:44 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 04 January 2013 - 10:21 PM

Hi Troy,

Please do this for me.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please zip the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and attach it to your reply

===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:

    :filefind
    smss.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • TDKKKiller log (attach zip file)
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 04 January 2013 - 10:23 PM

Hi Troy,

Please do this for me.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please zip the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and attach it to your reply

===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:

    :filefind
    smss.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • TDKKKiller log (attach zip file)
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Kovid

Kovid
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 January 2013 - 11:55 PM

Hey Gary,

SystemLook is not able to complete a scan before my system freezes. Attached is the TDSSKiller log.

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 05 January 2013 - 02:57 PM

Hi Troy,

Do you get a blue screen at all or does the system just stop?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Kovid

Kovid
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 05 January 2013 - 03:09 PM

Gary,

I did not get a blue screen; the system just stops. I watched the process run in task manager a few times, and the memory usage slowly climbs from around 3k up to about 6.8k before freezing. I attempted running it once in SafeMode, and the same thing happened.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 05 January 2013 - 03:45 PM

Hi Troy,

Thank you for clarifying that for me.

Please attempt this.


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the Posted Image icon to launch the program
  • Make sure the following options are checked:

    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • aswMBR log
  • Results log
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Kovid

Kovid
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 05 January 2013 - 07:41 PM

Hey Gary,

I'm so excited everything ran to completion this time! Here are the requested logs:

aswMBR.txt

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-05 17:40:26
-----------------------------
17:40:26.046 OS Version: Windows 5.1.2600 Service Pack 3
17:40:26.046 Number of processors: 2 586 0xF0B
17:40:26.046 ComputerName: TROYMCGUIRE UserName: Troy
17:40:26.906 Initialize success
17:40:33.078 AVAST engine defs: 13010501
17:40:38.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
17:40:38.281 Disk 0 Vendor: WDC_WD3200AAKS-00VYA0 12.01B01 Size: 305245MB BusType: 3
17:40:38.312 Device \Driver\nvata -> MajorFunction 8a7ce4d0
17:40:38.343 Disk 0 MBR read successfully
17:40:38.359 Disk 0 MBR scan
17:40:38.375 Disk 0 Windows XP default MBR code
17:40:38.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
17:40:38.437 Disk 0 scanning sectors +625137345
17:40:38.546 Disk 0 scanning C:\WINDOWS\system32\drivers
17:41:00.625 Service scanning
17:41:03.484 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
17:41:11.234 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:41:14.250 Modules scanning
17:41:25.218 Disk 0 trace - called modules:
17:41:25.421 ntoskrnl.exe >>UNKNOWN [0x8a7820e8]<<
17:41:25.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a63d030]
17:41:25.781 \Driver\Disk[0x8a73b868] -> IRP_MJ_CREATE -> 0x8a7820e8
17:41:26.421 AVAST engine scan C:\WINDOWS
17:41:59.859 AVAST engine scan C:\WINDOWS\system32
17:47:33.921 AVAST engine scan C:\WINDOWS\system32\drivers
17:48:31.343 AVAST engine scan C:\Documents and Settings\Troy
18:22:17.812 AVAST engine scan C:\Documents and Settings\All Users
18:33:05.250 Scan finished successfully
18:33:13.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Troy\Desktop\MBR.dat"
18:33:13.984 The log file has been saved successfully to "C:\Documents and Settings\Troy\Desktop\aswMBR.txt"

Result.txt

MiniToolBox by Farbar Version: 25-11-2012
Ran by Troy (administrator) on 05-01-2013 at 16:17:57
Running from "C:\Documents and Settings\Troy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/29/2012 03:03:12 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module GdiPlus.dll, version 5.2.6002.22791, fault address 0x000652f4.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/29/2012 03:03:09 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft GDI+ because of this error.

Program: Microsoft GDI+
File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3

Error: (12/29/2012 02:29:02 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module GdiPlus.dll, version 5.2.6002.22791, fault address 0x000652f4.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/29/2012 02:29:00 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft GDI+ because of this error.

Program: Microsoft GDI+
File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3

Error: (12/29/2012 02:13:07 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe, version 2.1002.95.599, faulting module nvi2ui.dll, version 2.1002.95.599, fault address 0x000b4a84.
Processing media-specific event for [setup.exe!ws!]

Error: (12/29/2012 02:11:16 PM) (Source: Application Error) (User: )
Description: Faulting application setup.exe, version 2.1002.95.599, faulting module nvi2ui.dll, version 2.1002.95.599, fault address 0x000b4a84.
Processing media-specific event for [setup.exe!ws!]

Error: (12/28/2012 04:58:41 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module GdiPlus.dll, version 5.2.6002.22791, fault address 0x00065360.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/28/2012 04:58:38 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft GDI+ because of this error.

Program: Microsoft GDI+
File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3

Error: (12/28/2012 00:27:30 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.51.0.1118, faulting module unknown, version 0.0.0.0, fault address 0x00030005.
Processing media-specific event for [mbam.exe!ws!]

Error: (12/27/2012 11:39:29 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft GDI+ because of this error.

Program: Microsoft GDI+
File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3


System errors:
=============
Error: (01/05/2013 04:01:11 PM) (Source: System Error) (User: )
Description: Error code 100000d1, parameter1 b87f3000, parameter2 00000002, parameter3 00000001, parameter4 b7e1bc14.

Error: (01/05/2013 03:59:46 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 b7d42f89, parameter3 b273488c, parameter4 00000000.

Error: (01/05/2013 03:59:40 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error:
%%3

Error: (01/05/2013 03:59:40 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/05/2013 03:59:40 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (01/05/2013 03:49:22 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error:
%%3

Error: (01/05/2013 03:49:22 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/05/2013 03:49:22 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (01/05/2013 02:05:45 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error:
%%3

Error: (01/05/2013 02:05:45 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/29/2012 03:03:12 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512GdiPlus.dll5.2.6002.22791000652f4

Error: (12/29/2012 03:03:09 PM) (Source: Application Error)(User: )
Description: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dllMicrosoft GDI+C00001853

Error: (12/29/2012 02:29:02 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512GdiPlus.dll5.2.6002.22791000652f4

Error: (12/29/2012 02:29:00 PM) (Source: Application Error)(User: )
Description: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dllMicrosoft GDI+C00001853

Error: (12/29/2012 02:13:07 PM) (Source: Application Error)(User: )
Description: setup.exe2.1002.95.599nvi2ui.dll2.1002.95.599000b4a84

Error: (12/29/2012 02:11:16 PM) (Source: Application Error)(User: )
Description: setup.exe2.1002.95.599nvi2ui.dll2.1002.95.599000b4a84

Error: (12/28/2012 04:58:41 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512GdiPlus.dll5.2.6002.2279100065360

Error: (12/28/2012 04:58:38 PM) (Source: Application Error)(User: )
Description: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dllMicrosoft GDI+C00001853

Error: (12/28/2012 00:27:30 PM) (Source: Application Error)(User: )
Description: mbam.exe1.51.0.1118unknown0.0.0.000030005

Error: (12/27/2012 11:39:29 PM) (Source: Application Error)(User: )
Description: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dllMicrosoft GDI+C00001853


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader 8.3.1 (Version: 8.3.1)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.2)
CCleaner (Version: 3.26)
CCScore (Version: 7.00.0000.0001)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Cobian Backup 11 Gravity
Combined Community Codec Pack 2008-09-21 16:18 (Version: 2008.09.21.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Diablo III (Version: 1.0.5.12811)
DivX Web Player (Version: 1.4.0)
ESSBrwr (Version: 7.01.0000.0001)
ESSCDBK (Version: 7.01.0000.0002)
ESScore (Version: 7.01.0000.0012)
ESSgui (Version: 7.01.0000.0002)
ESSini (Version: 7.01.0000.0002)
ESSPCD (Version: 7.01.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 7.01.0000.0001)
Fraps (remove only)
Google Chrome (Version: 23.0.1271.97)
HI-TECH C51-lite V9.60PL0 (Version: 9.60)
HI-TECH PICC lite V9.60PL0 (Version: 9.60)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 6 (Version: 1.6.0.60)
Java™ 6 Update 7 (Version: 1.6.0.70)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kingdoms of Amalur: Reckoning™
Kodak EasyShare software
Logitech High Quality Video (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MATLAB R2011a Student Version (Version: 7.12)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 ??? Language Pack
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Language Pack - DEU (Version: 1.1.50727.42)
Microsoft .NET Framework 2.0 Language Pack - FRA (Version: 1.1.50727.42)
Microsoft .NET Framework 2.0 Language Pack - JPN (Version: 2.0.50727)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
NCsoft Launcher (Version: 1.5.7.0)
netbrdg (Version: 7.01.0000.0001)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA ForceWare Network Access Manager (Version: 2.03.6027)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA nView Desktop Manager (Version: 6.14.10.13065)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
OfotoXMI (Version: 7.01.0000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PCDADDIN (Version: 6.02.0001.0003)
PCDHELP (Version: 6.02.0001.0001)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.5506)
SFR (Version: 7.01.0000.0003)
SHASTA (Version: 7.01.0000.0001)
Sid Meier's Civilization V
skin0001 (Version: 7.01.0000.0003)
SKINXSDK (Version: 7.01.0000.0001)
Skype™ 6.0 (Version: 6.0.126)
staticcr (Version: 7.01.0000.0005)
Steam (Version: 1.0.0.0)
StencylWorks (Version: 1.1.1)
Team Fortress 2
TeamSpeak 3 Client
tooltips (Version: 7.01.0000.0001)
Unity Web Player (Version: )
Unity Web Player (Version: 2.5.4b3_944)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.4)
VPRINTOL (Version: 7.01.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WIRELESS (Version: 7.01.0000.0001)
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================

Name: ACPI Multiprocessor PC
Description: ACPI Multiprocessor PC
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPI

Name: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI bus
Description: PCI bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: NVIDIA GeForce 8600 GT
Description: NVIDIA GeForce 8600 GT
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: nv

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard monitor types)
Service:

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: isapnp

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: High precision event timer
Description: High precision event timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System speaker
Description: System speaker
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc

Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial

Name: Printer Port (LPT1)
Description: Printer Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Parport

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: NVIDIA nForce PCI System Management
Description: NVIDIA nForce PCI System Management
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Motorola SURFboard SB5100 USB Cable Modem
Description: Motorola SURFboard SB5100 USB Cable Modem
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Motorola
Service: ndiscm

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Logitech USB Camera (Webcam Pro 9000)
Description: Logitech USB Camera (Webcam Pro 9000)
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Logitech
Service: usbccgp

Name: Logitech Webcam Pro 9000
Description: Logitech Webcam Pro 9000
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Logitech
Service: LVUVC

Name: Logitech Mic (Webcam Pro 9000)
Description: Logitech Mic (Webcam Pro 9000)
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service: usbaudio

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: TSSTcorp CDW/DVD TS-H492A
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: NVIDIA nForce 430/410 Serial ATA Controller
Description: NVIDIA nForce 430/410 Serial ATA Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA Corporation
Service: nvata

Name: WDC WD3200AAKS-00VYA0
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: NVIDIA nForce 430/410 Serial ATA Controller
Description: NVIDIA nForce 430/410 Serial ATA Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA Corporation
Service: nvata

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: VIA OHCI Compliant IEEE 1394 Host Controller
Description: VIA OHCI Compliant IEEE 1394 Host Controller
Class Guid: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Manufacturer: VIA
Service: ohci1394

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft UAA Bus Driver for High Definition Audio
Description: Microsoft UAA Bus Driver for High Definition Audio
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: IntcAzAudAddService

Name: NVIDIA Network Bus Enumerator
Description: NVIDIA Network Bus Enumerator
Class Guid: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}
Manufacturer: NVIDIA
Service: nvnetbus

Name: NVIDIA nForce Networking Controller #2
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD

Name: Extended IO Bus
Description: Extended IO Bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: SCSI/RAID Host Controller
Description: SCSI/RAID Host Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: dtscsi

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Logical Disk Manager
Description: Logical Disk Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: dmio

Name: Volume Manager
Description: Volume Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: ftdisk

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: AFD
Description: AFD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Arp1394

Name: Aspi32
Description: Aspi32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Aspi32

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: catchme
Description: catchme
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: catchme

Name: Citrix USB Monitor Driver
Description: Citrix USB Monitor Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctxusbm

Name: dmboot
Description: dmboot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmboot

Name: dmload
Description: dmload
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmload

Name: Fips
Description: Fips
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fips

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Gpc

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: IntelIde
Description: IntelIde
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IntelIde

Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpNat

Name: IPSEC driver
Description: IPSEC driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IPSec

Name: ksecdd
Description: ksecdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ksecdd

Name: MBAMSwissArmy
Description: MBAMSwissArmy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MBAMSwissArmy

Name: mnmdd
Description: mnmdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mnmdd

Name: mountmgr
Description: mountmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NdisTapi

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: NetBios over Tcpip
Description: NetBios over Tcpip
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: PartMgr
Description: PartMgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PartMgr

Name: ParVdm
Description: ParVdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ParVdm

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: Secdrv
Description: Secdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Secdrv

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: UnlockerDriver5
Description: UnlockerDriver5
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: UnlockerDriver5

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: VolSnap
Description: VolSnap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VolSnap

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarp

Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WS2IFSL

Name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf

Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Motorola SURFboard SB5100 USB Cable Modem - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Direct Parallel
Description: Direct Parallel
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Raspti

Name: Terminal Server Device Redirector
Description: Terminal Server Device Redirector
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: rdpdr

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: wdmaud

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio

Name: Microsoft Kernel Wave Audio Mixer
Description: Microsoft Kernel Wave Audio Mixer
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: kmixer

Name: Microcode Update Device
Description: Microcode Update Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: update

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: mssmbios


**** End of log ****

FSS.txt

Farbar Service Scanner Version: 05-01-2013
Ran by Troy (administrator) on 05-01-2013 at 16:19:34
Running from "C:\Documents and Settings\Troy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,789 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:48 AM

Posted 05 January 2013 - 10:26 PM

Hi Troy,

Glad we received some information!

Please do this first.


===================================================


Run chkdsk /r in Windows XP

--------------------

  • Click Start, Select My Computer, right click Local Disk C:, and select Properties
  • Click on the Tools tab
  • Select Check Now
  • Select Automatically fix file system errors, and Scan for and attempt recovery of bad sectors
  • You will receive a warning that disk check could not be performed because...... and it will ask if you want to schedule disk check to run the next time you restart
  • Click Yes
  • Click Start, Turn Off Computer, then Restart
  • Upon reboot you will see the following on your screen

    Posted Image
  • Do not touch your keyboard or mouse during this operation
  • When completed, your computer will boot into Windows
  • Test your computer to see if it still freezes

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users