Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trend Micro Rootkit Buster found 50 items it's unable to fix


  • Please log in to reply
24 replies to this topic

#1 Julie 1960

Julie 1960

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 02 March 2013 - 10:59 PM

Hello,

 

Any help would be appreciated.  I had Kaspersky Internet Security until it expired beginning of Feb.  On 1/25/13 it had detected 2 files- UDS:DangerousObject.Multi.Generic which it quarantined. 

I installed McAfee Total Protection 2013 on 2/6 after uninstalling Kaspersky.  McAfee instructions said before you start, make sure computer is connected to the internet and uninstall any non-McAfee security products before installing McAfee, which I did. 

Approximately  2/15 or 2/16, my computer screen acted up twice.  It intermittently went back and forth from a black screen to the web page I was looking at at the time.  It went back and forth from black screen to webpage about 20 seconds and then it did that same thing one other time. 

I have also been hearing a clicking sound, like when you click a link in Internet Explorer.  I.E., when I typed in my password on eBay and clicked the login tab, I heard the clicking sound. 

Also, I had Windows host process (Rundll32) stop working and close happen one time yesterday.

Lastly, when I try to open the Control Panel, I get "Windows Explorer has stopped working and will restart".  This started happening on 2/26 or 2/27.  I searched online for solutions and tried most everything on this Microsoft support page http://support.microsoft.com/kb/2694911, but none of that helped.  I also tried to open each file/folder in the control panel (.cpl files) to see if one would cause Windows Explorer to stop working, but that did nothing either.  Also, I tried doing the command prompt scf /scannow to check for corrupt files.  This is the message I got:  "Windows Resource Protection found corrupt files and successfully repaired them.  Details are in the log, (etc. etc. about CBS log).  The system file repair changes will take effect after the next reboot."  So I reboot my computer and while it is shutting down, the computer says "Configuring updates 2 of 3" (like what is says when Windows does their updates when you shut down your computer).  Then I restart the computer and try to open Control Panel and it does the same thing and Windows Explorer shuts down.  This has done this to me at least 3 times.  Also, yesterday I did a system restore which made things worse, so I undid that.

I have scanned with Malwarebytes, SuperAntiSpyware, Windows Defender and they found nothing. 

I used Eset Scanner which found a variant of Win32/Bundled.Toolbar.Ask application which Eset then deleted. 

Last night,  I started GMER to see if it would find anything.   When I woke up this morning, this was the error message on my screen: "Windows has recovered from an unexpected shutdown. A problem caused Windows to stop working correctly."  I have read that if GMER gets shut down, it likely is from a rootkit shutting it down. 

I downloaded most of the programs on Bleeping Computer for rootkits, but most of them will not open for one reason or another.  I did get Trend Micro Rootkit Buster to run and it found 50 items that I tried to have it fix, but it was unable to.  I have the log for that if would be of help. 

As I stated in the beginning, any help is much apppreciated!  Also, I am assuming for now I should not pay any bills or do any banking online??  Thanks!



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 02 March 2013 - 11:07 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 12:24 PM

Thanks for your help.  Here are my logs.  I could not save the programs to my desktop as they automatically downloaded and didn't give me the option to save them, so I just opened and ran them (the TDSSKiller I put a shortcut on my desktop and ran from there).  I hope that doesn't make a difference..? 

 

Also, I keep getting the error "Your post was too long.  Please go back and shorten it a little."  It was the contents of the TDSS file, (which found nothing).  I will have to break it down into multiple posts if you want to see it.  Please let me know if I should do that.  Thanks.

 

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-02 22:24:37
-----------------------------
22:24:37.553    OS Version: Windows 6.0.6002 Service Pack 2
22:24:37.553    Number of processors: 2 586 0x170A
22:24:37.553    ComputerName: USE-PC  UserName: USE
22:25:18.051    Initialize success
22:28:28.422    AVAST engine defs: 13030201
22:29:06.220    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:29:06.220    Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
22:29:06.236    Disk 0 MBR read successfully
22:29:06.236    Disk 0 MBR scan
22:29:06.252    Disk 0 Windows VISTA default MBR code
22:29:06.267    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238473 MB offset 2048
22:29:06.283    Disk 0 scanning sectors +488394752
22:29:06.376    Disk 0 scanning C:\Windows\system32\drivers
22:29:19.465    Service scanning
22:30:05.688    Modules scanning
22:30:17.715    Disk 0 trace - called modules:
22:30:17.731    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:30:17.731    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89778420]
22:30:17.731    3 CLASSPNP.SYS[8c5ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x872aa028]
22:30:18.604    AVAST engine scan C:\Windows
22:30:21.756    AVAST engine scan C:\Windows\system32
22:33:58.485    AVAST engine scan C:\Windows\system32\drivers
22:34:21.963    AVAST engine scan C:\Users\USE
22:42:57.191    File: C:\Users\USE\Downloads\dds.scr  **INFECTED** Win32:Malware-gen
22:43:50.294    AVAST engine scan C:\ProgramData
22:47:26.058    Scan finished successfully
10:28:26.135    Disk 0 MBR has been saved successfully to "C:\Users\USE\Desktop\MBR.dat"
10:28:26.182    The log file has been saved successfully to "C:\Users\USE\Desktop\aswMBR.txt"






ESET Scanner results-3/2/2013

C:\Users\USE\Downloads\FoxitReader545.0124_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 03 March 2013 - 12:34 PM

Ignore TDSSkiller log

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 12:59 PM

MBAM

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.03.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
USE :: USE-PC [administrator]

3/3/2013 11:42:44 AM
mbam-log-2013-03-03 (11-42-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193248
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

 

(end)

 

 

 

Post #1 for MiniToolBox

 

MiniToolBox by Farbar  Version:01-03-2013
Ran by USE (administrator) on 03-03-2013 at 11:51:19
Running from "C:\Users\USE\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com

There are 15274 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : USE-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
   Physical Address. . . . . . . . . : 00-25-56-0F-77-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1d02:8738:7c9b:79ce%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, March 03, 2013 10:59:01 AM
   Lease Expires . . . . . . . . . . : Monday, March 04, 2013 10:59:01 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 268445014
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-28-9F-68-00-23-AE-35-75-32
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-AE-35-75-32
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{BDD55997-0299-4A2A-B97B-926B40038C5D}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{C365AE03-D8BB-44A5-B3A5-7DF092EE3F25}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:93:32b7:3f57:fefc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::93:32b7:3f57:fefc%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4009:803::1007
      74.125.225.132
      74.125.225.133
      74.125.225.134
      74.125.225.135
      74.125.225.136
      74.125.225.137
      74.125.225.142
      74.125.225.128
      74.125.225.129
      74.125.225.130
      74.125.225.131



Pinging google.com [74.125.225.131] with 32 bytes of data:

Reply from 74.125.225.131: bytes=32 time=438ms TTL=53

Reply from 74.125.225.131: bytes=32 time=35ms TTL=53



Ping statistics for 74.125.225.131:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 35ms, Maximum = 438ms, Average = 236ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=456ms TTL=44

Reply from 206.190.36.45: bytes=32 time=463ms TTL=43



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 456ms, Maximum = 463ms, Average = 459ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 25 56 0f 77 d7 ...... Dell Wireless 1397 WLAN Mini-Card
 10 ...00 23 ae 35 75 32 ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{BDD55997-0299-4A2A-B97B-926B40038C5D}
 13 ...00 00 00 00 00 00 00 e0  isatap.{C365AE03-D8BB-44A5-B3A5-7DF092EE3F25}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:9d38:953c:93:32b7:3f57:fefc/128
                                    On-link
 11    281 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::93:32b7:3f57:fefc/128
                                    On-link
 11    281 fe80::1d02:8738:7c9b:79ce/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/03/2013 11:01:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e607a207-d79e-4428-b011-12f2e4ca1a0e}

Error: (03/03/2013 10:59:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2013 10:57:32 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/03/2013 10:31:01 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 10:31:01.856]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:31:01 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 10:31:01.762]: [00002736]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 10:31:00 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 10:31:00.202]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:31:00 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 10:31:00.108]: [00002736]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 10:30:22 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 10:30:22.060]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:30:21 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 10:30:21.093]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:29:52 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 10:29:52.014]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error


System errors:
=============
Error: (03/03/2013 11:00:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/03/2013 10:59:12 AM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Service%%2

Error: (03/03/2013 10:59:12 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/03/2013 10:59:12 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (03/03/2013 10:58:07 AM) (Source: Service Control Manager) (User: )
Description: 30000mfecore

Error: (03/03/2013 10:31:05 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 0025560F77D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/02/2013 10:18:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/02/2013 10:17:43 PM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Service%%2

Error: (03/02/2013 10:17:43 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/02/2013 10:17:43 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058


Microsoft Office Sessions:
=========================
Error: (03/03/2013 11:01:20 AM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e607a207-d79e-4428-b011-12f2e4ca1a0e}

Error: (03/03/2013 10:59:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2013 10:57:32 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/03/2013 10:31:01 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 10:31:01.856]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:31:01 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 10:31:01.762]: [00002736]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 10:31:00 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 10:31:00.202]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:31:00 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 10:31:00.108]: [00002736]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 10:30:22 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 10:30:22.060]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:30:21 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 10:30:21.093]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 10:29:52 AM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 10:29:52.014]: [00002736]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error


CodeIntegrity Errors:
===================================
  Date: 2013-03-02 12:44:50.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:50.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:49.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:49.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:49.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:47.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.


 



#6 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 01:04 PM


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 3.1.1)
7-Zip 9.22beta

Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced Audio FX Engine (Version: 1.12.05)
Brother MFL-Pro Suite MFC-495CW (Version: 1.0.0.0)
BufferChm (Version: 120.0.194.000)
C4600 (Version: 120.0.235.000)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell Driver Download Manager (Version: 3.0.0.0)
Dell Webcam Central (Version: 1.20.10)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DHTML Editing Component (Version: 6.02.0001)
ESET Online Scanner v3
ffdshow v1.3.4500 [2013-01-06] (Version: 1.3.4500.0)
Garmin Lifetime Updater (Version: 2.1.10)
GIMP 2.8.2 (Version: 2.8.2)
GPBaseService2 (Version: 120.0.194.000)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5 (Version: 12.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 12.0 (Version: 12.0)
HP Update (Version: 5.003.001.001)
HPPhotoGadget (Version: 120.0.150.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 120.0.194.000)
HPSSupply (Version: 120.0.194.000)
IDT Audio (Version: 1.0.6272.0)
Integrated Webcam Driver (1.02.01.0320)   (Version: 1.02.01.0320)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 10.5.0.1029)
Live! Cam Avatar Creator (Version: 4.6.2303.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 120.0.226.000)
Marvell Miniport Driver (Version: 10.63.3.3)
McAfee Online Backup
McAfee Online Backup (Version: 1.16.4.0)
McAfee Total Protection (Version: 12.1.253)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 19.0 (x86 en-GB) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
PaperPort Image Printer (Version: 1.00.0000)
PS_AIO_05_C4600_Software_Min (Version: 120.0.235.000)
Scan (Version: 12.0.0.0)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Shared C Run-time for x86 (Version: 10.0.0)
Shop for HP Supplies (Version: 12)
SmartWebPrinting (Version: 120.0.194.000)
SolutionCenter (Version: 120.0.194.000)
SpywareBlaster 4.6 (Version: 4.6.0)
Status (Version: 120.0.194.000)
SUPERAntiSpyware (Version: 5.0.1144)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
Turbo Lister 2 (Version: 2.00.0000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
WebReg (Version: 120.0.194.000)
WOT for Internet Explorer (Version: 11.11.7.0)
wxkpg 0.6


========================= Devices: ================================

Name: isatap.{BDD55997-0299-4A2A-B97B-926B40038C5D}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: isatap.{C365AE03-D8BB-44A5-B3A5-7DF092EE3F25}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp

Name: ACPI x86-based PC
Description: ACPI x86-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Mobile Intel® 45 Express Chipset Series Processor to DRAM Controller - 2A40
Description: Mobile Intel® 45 Express Chipset Series Processor to DRAM Controller - 2A40
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Mobile Intel® 4 Series Express Chipset Family
Description: Mobile Intel® 4 Series Express Chipset Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor

Name: Mobile Intel® 4 Series Express Chipset Family
Description: Mobile Intel® 4 Series Express Chipset Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx

Name: Intel® ICH9 Family USB Universal Host Controller - 2937
Description: Intel® ICH9 Family USB Universal Host Controller - 2937
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH9 Family USB Universal Host Controller - 2938
Description: Intel® ICH9 Family USB Universal Host Controller - 2938
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH9 Family USB Universal Host Controller - 2939
Description: Intel® ICH9 Family USB Universal Host Controller - 2939
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Generic- Multi-Card USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: Integrated Webcam
Description: Integrated Webcam
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Creative Technology Ltd.
Service: OA009Vid

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: IDT High Definition Audio CODEC
Description: IDT High Definition Audio CODEC
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: IDT
Service: STHDA

Name: Intel® ICH9 Family PCI Express Root Port 1 - 2940
Description: Intel® ICH9 Family PCI Express Root Port 1 - 2940
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Intel® ICH9 Family PCI Express Root Port 2 - 2942
Description: Intel® ICH9 Family PCI Express Root Port 2 - 2942
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Dell Wireless 1397 WLAN Mini-Card
Description: Dell Wireless 1397 WLAN Mini-Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX

Name: Intel® ICH9 Family PCI Express Root Port 3 - 2944
Description: Intel® ICH9 Family PCI Express Root Port 3 - 2944
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonwlh

Name: Intel® ICH9 Family PCI Express Root Port 5 - 2948
Description: Intel® ICH9 Family PCI Express Root Port 5 - 2948
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Intel® ICH9 Family USB Universal Host Controller - 2934
Description: Intel® ICH9 Family USB Universal Host Controller - 2934
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: KME Inc.
Service: HidUsb

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: Intel® ICH9 Family USB Universal Host Controller - 2935
Description: Intel® ICH9 Family USB Universal Host Controller - 2935
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH9 Family USB Universal Host Controller - 2936
Description: Intel® ICH9 Family USB Universal Host Controller - 2936
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801 PCI Bridge - 2448
Description: Intel® 82801 PCI Bridge - 2448
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Intel® ICH9M LPC Interface Controller - 2919
Description: Intel® ICH9M LPC Interface Controller - 2919
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® ICH9M-E/M SATA AHCI Controller
Description: Intel® ICH9M-E/M SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: iaStor

Name: TOSHIBA MK2565GSX
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Optiarc DVD+-RW AD-7560S
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Intel® ICH9 Family SMBus Controller - 2930
Description: Intel® ICH9 Family SMBus Controller - 2930
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Sleep Button
Description: ACPI Sleep Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi

Name: Pentium® Dual-Core CPU       T4200  @ 2.00GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Pentium® Dual-Core CPU       T4200  @ 2.00GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Compbatt

Name: Brother MFC-495CW LAN
Description: Brother MFC-495CW LAN
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Brother
Service: StillCam

Name: Brother MFC-495CW LAN
Description: Brother MFC-495CW LAN
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Brother
Service: StillCam

Name: Microsoft iSCSI Initiator
Description: Microsoft iSCSI Initiator
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: iScsiPrt

Name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: IDE Channel
Description: IDE Channel
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: atapi

Name: BCM42RLY
Description: BCM42RLY
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BCM42RLY

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: BVRPMPR5 NDIS Protocol Driver
Description: BVRPMPR5 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BVRPMPR5

Name: McAfee Inc. cfwids
Description: McAfee Inc. cfwids
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cfwids

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS

Name: Crcdisk Filter Driver
Description: Crcdisk Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: crcdisk

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl

Name: McAfee Inc. HipShieldK
Description: McAfee Inc. HipShieldK
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HipShieldK

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IPNAT

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio

Name: McPvDrv Driver
Description: McPvDrv Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: McPvDrv

Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk

Name: McAfee Inc. mfeavfk
Description: McAfee Inc. mfeavfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeavfk

Name: McAfee Inc.
Description: McAfee Inc.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeavfk02

Name: McAfee Inc. mfebopk
Description: McAfee Inc. mfebopk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfebopk

Name: McAfee Inc. mfefirek
Description: McAfee Inc. mfefirek
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfefirek

Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfehidk

Name: McAfee Inc. mfencbdc
Description: McAfee Inc. mfencbdc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfencbdc

Name: McAfee Inc. mfencrk
Description: McAfee Inc. mfencrk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfencrk

Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfewfpk

Name: MFE_RR
Description: MFE_RR
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MFE_RR

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MountMgr

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv

Name: msahci
Description: msahci
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msahci

Name: ISA/EISA Class Driver
Description: ISA/EISA Class Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: netbt

Name: NSI proxy service
Description: NSI proxy service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PSched

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv

Name: Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
Description: Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Smb

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Multi-Card      
Description: Multi-Card      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: IPBusEnum Root Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Brother MFC-495CW [00265e76731b]
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: WSD Print Device
Description: WSD Print Device
Class Guid: {c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}
Manufacturer: Microsoft
Service: WSDPrintDevice

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3033.63 MB
Available physical RAM: 1759.68 MB
Total Pagefile: 6271.49 MB
Available Pagefile: 4857.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.7 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:164.89 GB) NTFS

========================= Users: ========================================

User accounts for \\USE-PC

Administrator            Guest                    USE                      


**** End of log ****
 



#7 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 02:04 PM

Farbar Service Scanner Version: 03-03-2013
Ran by USE (administrator) on 03-03-2013 at 12:11:33
Running from "C:\Users\USE\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-12 17:59] - [2013-01-04 05:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

 

 

 

 

 

# AdwCleaner v2.113 - Logfile created 03/03/2013 at 12:17:25
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : USE - USE-PC
# Boot Mode : Normal
# Running from : C:\Users\USE\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-GB)

*************************

AdwCleaner[R1].txt - [1282 octets] - [03/03/2013 12:14:01]
AdwCleaner[R2].txt - [1401 octets] - [03/03/2013 12:16:12]
AdwCleaner[S1].txt - [323 octets] - [03/03/2013 12:15:02]
AdwCleaner[S2].txt - [1346 octets] - [03/03/2013 12:17:25]

########## EOF - C:\AdwCleaner[S2].txt - [1406 octets] ##########
 



#8 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 02:07 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by USE on Sun 03/03/2013 at 12:27:41.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\USE\AppData\Roaming\mozilla\firefox\profiles\yzncpxei.default\minidumps [29 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/03/2013 at 12:33:37.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/03/2013 12:53:57 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\System32\WLTRYSVC.EXE (PID: 1792) [WD-HEUR]
 * C:\Windows\System32\bcmwltry.exe (PID: 1804) [WD-HEUR]
 * C:\Windows\System32\WLTRAY.EXE (PID: 1040) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com

  20 out of 15295 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/03/2013 12:54:27 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
 

 

 

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
X "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Broadcom Wireless Manager UI"    "Dell Wireless WLAN Card Wireless Network Tray Applet"    "Dell Inc."    "c:\windows\system32\wltray.exe"
X "Dell Webcam Central"    "WebcamDell2.exe"    "Creative Technology Ltd"    "c:\program files\dell webcam\dell webcam central\webcamdell2.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "mcpltui_exe"    "McAfee Security Center"    "McAfee, Inc."    "c:\program files\mcafee.com\agent\mcagent.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "SysTrayApp"    "IDT PC Audio"    "IDT, Inc."    "c:\program files\idt\wdm\sttray.exe"
+ "Windows Defender"    "Windows Defender User Interface"    "Microsoft Corporation"    "c:\program files\windows defender\msascui.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "Secunia PSI Tray.lnk"    "Secunia PSI Tray"    "Secunia"    "c:\program files\secunia\psi\psi_tray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows Mail 7"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "application/x-mfe-ipt"    "McAfee MSC IE plugin DLL"    "McAfee, Inc."    "c:\program files\mcafee\msc\mcsniepl.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "dssrequest"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "ms-itss"    "Microsoft® InfoTech Storage System Library"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "sacore"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "wot"    ""    ""    "c:\program files\wot\wot.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""
+ "SABShellExecuteHook Class"    "ShellExecuteHook"    "SuperAdBlocker.com"    "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"
+ "McCtxMenuFrmWrk"    "McAfee ContextMenu Framework"    "McAfee, Inc."    "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "MOBK"    "McAfee Online Backup Shell Extensions"    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"
+ "MOBK"    "McAfee Online Backup Shell Extensions"    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkshell.dll"
+ "SASContextMenu Class"    "SUPERAntiSpyware Context Menu Extension"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
+ "MOBK"    "McAfee Online Backup Shell Extensions"    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk"    "McAfee ContextMenu Framework"    "McAfee, Inc."    "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "MOBK"    "McAfee Online Backup Shell Extensions"    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "MOBK"    "McAfee Online Backup Shell Extensions"    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkshell.dll"
+ "MOBK2"    "McAfee Online Backup Shell Extensions"    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkshell.dll"
+ "MOBK3"    "McAfee Online Backup Shell Extensions"    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "HP Smart BHO Class"    "HP Smart Web Printing add-on for Internet Explorer"    "Hewlett-Packard Co."    "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "McAfee SiteAdvisor BHO"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks"    ""    ""    ""
+ "McAfee SiteAdvisor Toolbar"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "McAfee SiteAdvisor"    "SiteAdvisor"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"Task Scheduler"    ""    ""    ""
+ "\Adobe Flash Player Updater"    "Adobe® Flash® Player Update Service 11.6 r602"    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan"    "Windows Defender Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Signature Update"    "Windows Defender Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - USE"    "Windows Calendar"    "Microsoft Corporation"    "c:\program files\windows calendar\wincal.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo"    ""    ""    "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo"    ""    ""    "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\Spybot - Search & Destroy -  Scheduled Task"    ""    ""    "File not found: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
+ "\Spybot - Search & Destroy Updater -  Scheduled Task"    ""    ""    "File not found: C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "!SASCORE"    "SUPERAntiSpyware Core Service"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\sascore.exe"
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters"    "Andrea filters APO access service (32-bit)"    "Andrea Electronics Corporation"    "c:\windows\system32\driverstore\filerepository\stwrt.inf_0145da1d\aestsrv.exe"
+ "HomeNetSvc"    "Allows McAfee applications to communicate securely on the local network."    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "hpqcxs08"    "HP CUE Context Manager Objects"    "Hewlett-Packard Co."    "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc"    "This service detects and monitors CUE devices on the system."    "Hewlett-Packard Co."    "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "McAfee SiteAdvisor Service"    "McAfee SiteAdvisor Service"    "McAfee, Inc."    "c:\program files\mcafee\siteadvisor\mcsacore.exe"
+ "McMPFSvc"    "Helps protect your computer from intrusion and let's you manage your computer's trusted programs."    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "McNaiAnn"    "McAfee VirusScan Announcer"    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "McODS"    "McAfee Scanner"    "McAfee, Inc."    "c:\program files\mcafee\virusscan\mcods.exe"
+ "mcpltsvc"    "McAfee Platform Services"    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "McProxy"    "McAfee Proxy Service"    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "mfecore"    "McAfee OnAccess Scanner"    "McAfee, Inc."    "c:\program files\common files\mcafee\amcore\mcshield.exe"
+ "mfefire"    "Provides firewall services to McAfee products"    "McAfee, Inc."    "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp"    "Provides validation trust protection services"    "McAfee, Inc."    "c:\windows\system32\mfevtps.exe"
+ "MOBKbackup"    "Backs up configured files to the McAfee Online Backup servers. Please do not stop or restart this service - it could corrupt your McAfee Online Backup installation."    "McAfee, Inc."    "c:\program files\mcafee online backup\mobkbackup.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MSK80Service"    "This service filters e-mail messages on your computer"    "McAfee, Inc."    "c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe"
+ "Net Driver HPZ12"    "Dot4Net Module"    "Hewlett-Packard"    "c:\windows\system32\hpzinw12.dll"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12"    "PmlDrv Module"    "Hewlett-Packard"    "c:\windows\system32\hpzipm12.dll"
+ "SBSDWSCService"    ""    ""    "File not found: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe"
+ "Secunia PSI Agent"    "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files\secunia\psi\psia.exe"
+ "Secunia Update Agent"    "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI"    "Secunia"    "c:\program files\secunia\psi\sua.exe"
+ "STacSV"    "Manages audio jack configurations."    "IDT, Inc."    "c:\windows\system32\driverstore\filerepository\stwrt.inf_0145da1d\stacsv.exe"
+ "WinDefend"    "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions."    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"
+ "wltrysvc"    "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant."    ""    "c:\windows\system32\wltrysvc.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
+ "yksvc"    "Service for Marvell® Yukon® Network Adapters"    "Marvell"    "c:\windows\system32\ykx32coinst.dll"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "BCM42RLY"    "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX"    "Broadcom 802.11 Network Adapter wireless driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "BVRPMPR5"    "BVRP NDIS 5.0 MPR Protocol Driver"    "Avanquest Software"    "c:\windows\system32\drivers\bvrpmpr5.sys"
+ "cfwids"    "McAfee Personal Firewall IDS Plugin"    "McAfee, Inc."    "c:\windows\system32\drivers\cfwids.sys"
+ "CtClsFlt"    "Video Class Upper Filter Driver"    "Creative Technology Ltd."    "c:\windows\system32\drivers\ctclsflt.sys"
+ "E1G60"    "Intel® PRO/1000 Adapter NDIS 6 deserialized driver"    "Intel Corporation"    "c:\windows\system32\drivers\e1g60i32.sys"
+ "HipShieldK"    "McAfee HIP IPS Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\hipshieldk.sys"
+ "iaStor"    "Intel Rapid Storage Technology driver - x86"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd32.sys"
+ "IpInIp"    "IP in IP Tunnel Driver"    ""    "File not found: system32\DRIVERS\ipinip.sys"
+ "KMWDFILTER"    "KMWDFilter Driver from UASSOFT.COM"    "Windows ® Codename Longhorn DDK provider"    "c:\windows\system32\drivers\kmwdfilter.sys"
+ "McPvDrv"    "McAfee File Lock Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mcpvdrv.sys"
+ "MFE_RR"    ""    ""    "File not found: C:\Users\USE\AppData\Local\Temp\mfe_rr.sys"
+ "mfeapfk"    "Access Protection Filter Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk"    "Anti-Virus File System Filter Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk02"    ""    ""    "File not found: C:\Windows\System32\Drivers\mfeavfk02.sys"
+ "mfebopk"    "Buffer Overflow Protection Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfebopk.sys"
+ "mfefirek"    "McAfee Core Firewall Engine Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk"    "McAfee Link Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfehidk.sys"
+ "mfencbdc"    "McAfee Content driver Copyright © 2010 McAfee, Inc. All Rights Reserved."    "McAfee, Inc."    "c:\windows\system32\drivers\mfencbdc.sys"
+ "mfencrk"    "McAfee Content driver Copyright © 2010 McAfee, Inc. All Rights Reserved."    "McAfee, Inc."    "c:\windows\system32\drivers\mfencrk.sys"
+ "mfewfpk"    "Anti-Virus Mini-Firewall Driver"    "McAfee, Inc."    "c:\windows\system32\drivers\mfewfpk.sys"
+ "MOBKFilter"    "McAfee Online Backup Change Monitor"    "Mozy, Inc."    "c:\windows\system32\drivers\mobk.sys"
+ "NwlnkFlt"    "IPX Traffic Filter Driver"    ""    "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd"    "IPX Traffic Forwarder Driver"    ""    "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "OA009Ufd"    "Provides a software interface to control effects of Integrated Webcam."    "Creative Technology Ltd."    "c:\windows\system32\drivers\oa009ufd.sys"
+ "OA009Vid"    "Provides a software interface to control Integrated Webcam."    "Creative Technology Ltd."    "c:\windows\system32\drivers\oa009vid.sys"
+ "PSI"    "PSI mini-filter driver"    "Secunia"    "c:\windows\system32\drivers\psi_mf.sys"
+ "SASDIFSV"    "SASDIFSV.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL"    "SASKUTIL.SYS"    "SUPERAdBlocker.com and SUPERAntiSpyware.com"    "c:\program files\superantispyware\saskutil.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA"    "IDT PC Audio"    "IDT, Inc."    "c:\windows\system32\drivers\stwrt.sys"
+ "yukonwlh"    "Miniport Driver for Marvell Yukon Ethernet Controller."    "Marvell"    "c:\windows\system32\drivers\yk60x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS"    "ffdshow VFW"    ""    "c:\windows\system32\ff_vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "9x8Resize"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Creative MJPEG Decoder 2"    "Decoder"    "Creative Technology Ltd."    "c:\program files\creative\shared files\ctmjpgdec2.ax"
+ "ffdshow Audio Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\ffdshow\ffdshow.ax"
+ "Frame Eater"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "!SASWinLogon"    "SUPERAntiSpyware WinLogon Processor"    "SUPERAntiSpyware.com"    "c:\program files\superantispyware\saswinlo.dll"
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "HP Master Monitor"    "Win32 Master Monitor"    "Hewlett-Packard"    "c:\windows\system32\hpbmmon.dll"
+ "hpf3l083.dll"    "LanguageMonitor"    "Hewlett-Packard Company"    "c:\windows\system32\hpf3l083.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order"    ""    ""    ""
+ "BCMLogon"    "Dell Wireless WLAN Card Logon Provider"    "Dell Inc."    "c:\windows\system32\bcmlogon.dll"
"C:\Users\USE\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"    ""    ""    ""
+ "Clock"    "Watch the clock in your own time zone or any city in the world."    "Microsoft Corporation"    "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "HP Photo Print"    "Drag and drop photos to print."    "Hewlett-Packard Corp"    "C:\Users\USE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\Gadget.xml"
+ "Slide Show"    "Show a continuous slide show of your pictures."    "Microsoft Corporation"    "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"
 

 

 

 

OK, got them all done!  Thank you!!

 

 



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 03 March 2013 - 02:08 PM

i'm not finding anything malicious in your logs.Current issues?



#10 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 02:20 PM

Just that when I open Control Panel, I get the "Windows Explorer had stopped working and is restarting" message.  I haven't heard any clicking sounds today.  So are you saying I did not have "Win32:Malware-gen" that the aswMBR program found or are you saying that these programs cleaned it up?



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 03 March 2013 - 02:40 PM

Launch minitoolbox again and checkmark

  • List last 10 Event Viewer log

Click on GO and post the log.

 

ASWMBR is detecting a false positive.



#12 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 03:02 PM

MiniToolBox by Farbar  Version:01-03-2013
Ran by USE (administrator) on 03-03-2013 at 14:00:02
Running from "C:\Users\USE\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/03/2013 01:15:59 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003e2db,
process id 0x1408, application start time 0xexplorer.exe0.

Error: (03/03/2013 01:13:44 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003e2db,
process id 0x13d8, application start time 0xexplorer.exe0.

Error: (03/03/2013 01:13:16 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003e2db,
process id 0x1304, application start time 0xexplorer.exe0.

Error: (03/03/2013 01:12:28 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003e2db,
process id 0xa28, application start time 0xexplorer.exe0.

Error: (03/03/2013 01:12:03 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000005, fault offset 0x0003e2db,
process id 0x6c8, application start time 0xexplorer.exe0.

Error: (03/03/2013 00:46:35 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 12:46:35.057]: [00002852]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 00:46:34 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 12:46:34.964]: [00002852]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 00:46:33 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 12:46:33.981]: [00002852]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 00:46:33 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 12:46:33.887]: [00002852]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 00:45:55 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/03 12:45:55.948]: [00002852]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error


System errors:
=============
Error: (03/03/2013 00:54:01 PM) (Source: Service Control Manager) (User: )
Description: Dell Wireless WLAN Tray Service1

Error: (03/03/2013 00:46:51 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 0025560F77D7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (03/03/2013 01:15:59 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.6002.1800549e01da5ntdll.dll6.0.6002.185414ec3e3d5c00000050003e2db140801ce18433d99ba05

Error: (03/03/2013 01:13:44 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.6002.1800549e01da5ntdll.dll6.0.6002.185414ec3e3d5c00000050003e2db13d801ce18432cc7a2a5

Error: (03/03/2013 01:13:16 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.6002.1800549e01da5ntdll.dll6.0.6002.185414ec3e3d5c00000050003e2db130401ce1843103be565

Error: (03/03/2013 01:12:28 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.6002.1800549e01da5ntdll.dll6.0.6002.185414ec3e3d5c00000050003e2dba2801ce18430113e425

Error: (03/03/2013 01:12:03 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.6002.1800549e01da5ntdll.dll6.0.6002.185414ec3e3d5c00000050003e2db6c801ce183ceecfbd85

Error: (03/03/2013 00:46:35 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 12:46:35.057]: [00002852]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 00:46:34 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 12:46:34.964]: [00002852]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 00:46:33 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 12:46:33.981]: [00002852]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error

Error: (03/03/2013 00:46:33 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 12:46:33.887]: [00002852]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.2]

Error: (03/03/2013 00:45:55 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2013/03/03 12:45:55.948]: [00002852]: GetDeviceIpAddress: GetAddressByName [BRW00265E76731B] Error


CodeIntegrity Errors:
===================================
  Date: 2013-03-02 12:44:50.312
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:50.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:49.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:49.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:49.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:48.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-02 12:44:47.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.


**** End of log ****
 



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 03 March 2013 - 03:50 PM

Thats a generic explorer.exe error pointing to a system file.

 

Do you receive the error in safemode? Can you create a new user account and see if that helps?



#14 Julie 1960

Julie 1960
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 March 2013 - 04:29 PM

Thats a generic explorer.exe error pointing to a system file.

 

Do you receive the error in safemode? Can you create a new user account and see if that helps?

Checking it in safe mode was one of the things I did earlier this week on my own.  I did not get the error in safe mode then.  I can reboot and try again now if you like. 

 

Can you tell me how to create a new user account?

 

In the error report you just had me post, what do the "Brother BrLog" errors mean?

 

FYI, when I ran RKill, I was NOT able to run it as administrator as you requested Vista users to do; that was not an option when I right clicked on it. So I just ran it as normal.

 

And finally, so are you saying that you think the 50 items that Trend Micro Rootkit Buster found yesterday were also "false positives"?  I really don't know a lot about how all these AntiVirus, AntiSpyware and AntiMalware programs work... I just know to use something and trust that it's doing its job :-)  With all the stuff you had me run, did we clean up anything?  I know some of the logs deleted things.  I'm just wondering since I know very little about this stuff.

 

Thank you so much for your help you've been giving me!!

 

Update: Since I started typing this a while ago, I have been opening and closing the Control Panel.  It is loading slowly, but it has not crashed on me.



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 03 March 2013 - 04:32 PM

Can you tell me how to create a new user account?

 

Control panel-User accounts-Create a new account with admin privileges.

 

Please provide me the details of the files Trend detects as malicious






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users