I've followed the steps required prior to posting, and I am at a loss to identify the source of the problem. None of the malware detection apps has picked up an obvious culprit. Attached below you'll find the logs for OldTimeIt, and for Rooter. I'd be glad to run a log for Gmer (another rootkit detector) and so on. First, the symptoms:
I'm running Windows Server 2008 x64 as a laptop OS on a ThinkPad. I'm still very much a learner when it comes to networking, and after setting up my first AdHoc connection to another laptop, I seem to have bent something out of shape, or contracted a nasty infection.
As soon as I flip on the physical WiFi / BT radio switch, a svchost process loads that eats 50% of the CPU, and blocks IE8 from connecting to the internet, even after I've connected to a WiFi router. I have to kill the svchost process in Task Manager for IE to connect (and it does so instantly). After killing it, the svchost resurfaces periodically -- especially when I relaunch IE.
I've checked the services running under this svchost in Task Manager, and they are:
1. Windows Remote Management (WinRM)
2. Terminal Services (TermService)
3. Network Locatoin Awareness (NlaSvc)
4. KtmRm for Distributed Transaction Coordinator )(KtmRm)
5. DNS Client (Dnscache)
6. Cryptographic Services (CryptSvc)
I hesitate to mention anything in particular that might be associated with this, as I have no idea what is going on, and would rather not prejudice your diagnoses. Still, here are some other details, which may or may not be red herrings -- mainly I'm curious whether something needs re-setting.
1. I recently tried to establish a WiFi AdHoc connection with a friend's laptop, which didn't work. (Just curious if there's a reset from that experience that I haven't done.)
2. I succeeded in establishing an AdHoc connection via an Ethernet cable. Sharing is now off, although could it be that the user's login is still active on this machine?
3. I wonder whether the ThinkPad WiFi networking utility (Access Connections) is in conflict with Windows Networking or the Intel networking drivers.
4. I have uninstalled some 3rd party programs I thought might be contributing to the problem, but the problem remains.
5. Because I'm concerned about what this svchost is doing, sometimes I just kill any svchost that I see reach 40+% of CPU, and that has on two occasions caused MS updating to give errors -- once Windows Defender failed to download an update, and most recently, three Windows Update security patches failed to install -- but they installed just fine the next time. So, again, this could just be some bizarre Windows misconfiguration.
Are there any networking settings that I need to check, and potentially fix?
Here are the logs:
ROOTER:
C:\ [Fixed] - NTFS - (Total:51712 Mo/Free:3095 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
O:\ [Fixed] - NTFS - (Total:128511 Mo/Free:1207 Mo)
P:\ [Fixed] - NTFS - (Total:256000 Mo/Free:59 Mo)
Q:\ [Fixed] - NTFS - (Total:10239 Mo/Free:2035 Mo)
R:\ [Fixed] - NTFS - (Total:10238 Mo/Free:1477 Mo)
S:\ [Fixed] - NTFS - (Total:10238 Mo/Free:958 Mo)
T:\ [Fixed] - NTFS - (Total:9990 Mo/Free:665 Mo)
V:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Sun 04/19/2009|14:43
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
--Locked-- audiodg.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
---------- ?????????
---------- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
---------- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
---------- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
---------- C:\Windows\SysWOW64\rundll32.exe
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
---------- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
---------- C:\Program Files\Lenovo\Zoom\TpScrex.exe
---------- ?????????
---------- ?????????
---------- C:\PROGRA~2\ThinkPad\Utilities\PWMUIAux.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Users\Administrator\Desktop\Rooter.exe
---------- C:\Windows\SysWOW64\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
OTListIt2.txt log:
OTListIt logfile created on: 4/19/2009 2:57:05 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = O:\4F Networking - Security - Client\- Registry Logging Tools\OldTimeListIt2
Windows Vista Server Standard Edition (full installation) Service Pack 1 (Version = 6.0.6001) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 35.33% Memory free
4.00 Gb Paging File | 2.54 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): c:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.50 Gb Total Space | 26.94 Gb Free Space | 53.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 125.50 Gb Total Space | 1.61 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive P: | 250.00 Gb Total Space | 0.06 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive Q: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.88% Space Free | Partition Type: NTFS
Drive R: | 10.00 Gb Total Space | 5.44 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive S: | 10.00 Gb Total Space | 8.94 Gb Free Space | 89.37% Space Free | Partition Type: NTFS
Drive T: | 9.76 Gb Total Space | 8.65 Gb Free Space | 88.66% Space Free | Partition Type: NTFS
Computer Name: LEGOLANDSERVER
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 60 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
PRC - O:\4F Networking - Security - Client\- Registry Logging Tools\OldTimeListIt2\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AcPrfMgrSvc [Auto | Running]) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (AcSvc [Auto | Running]) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AEADIFilters [Auto | Running]) -- C:\Windows\sysnative\AEADISRV.EXE ()
SRV - (AppHostSvc [Auto | Running]) -- C:\Windows\system32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (BthServ [Auto | Running]) -- C:\Windows\sysnative\bthserv.dll ()
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CscService [Auto | Running]) -- C:\Windows\sysnative\cscsvc.dll ()
SRV - (DefWatch [Auto | Running]) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (Dfs [Auto | Running]) -- C:\Windows\sysnative\dfssvc.exe ()
SRV - (DFSR [Auto | Running]) -- C:\Windows\sysnative\DFSRs.exe ()
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (FCRegSvc [On_Demand | Stopped]) -- C:\Windows\sysnative\FCRegSvc.dll ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\Windows\sysnative\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$MICROSOFT##SSEE [On_Demand | Stopped]) -- C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (NetMsmqActivator [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator [Auto | Running]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator [Auto | Running]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [On_Demand | Running]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NfsClnt [Auto | Running]) -- C:\Windows\sysnative\nfsclnt.exe ()
SRV - (NfsService [Auto | Running]) -- C:\Windows\sysnative\nfssvc.exe ()
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (Power Manager DBC Service [Auto | Running]) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (RSoPProv [On_Demand | Stopped]) -- C:\Windows\sysnative\RSoPProv.exe ()
SRV - (sacsvr [On_Demand | Stopped]) -- C:\Windows\sysnative\sacsvr.dll ()
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SrmReports [On_Demand | Stopped]) -- C:\Windows\sysnative\srmhost.exe ()
SRV - (SrmSvc [Auto | Running]) -- C:\Windows\sysnative\srmsvc.dll ()
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\Windows\sysnative\TPHDEXLG64.exe ()
SRV - (TPHKSVC [Auto | Running]) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\sysnative\umrdp.dll ()
SRV - (W3SVC [Auto | Running]) -- C:\Windows\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WAS [On_Demand | Running]) -- C:\Windows\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (wbengine [On_Demand | Stopped]) -- C:\Windows\sysnative\wbengine.exe ()
SRV - (WSRM [Auto | Running]) -- C:\Windows\sysnative\wsrm.exe ()
========== Driver Services (SafeList) ==========
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\sysnative\drivers\ADIHdAud.sys ()
DRV - (b06bdrv [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\bxvbda.sys ()
DRV - (BthEnum [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\BthEnum.sys ()
DRV - (BTHPORT [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\BTHport.sys ()
DRV - (BTHUSB [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\BTHUSB.sys ()
DRV - (CmBatt [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\CmBatt.sys ()
DRV - (CSC [System | Running]) -- C:\Windows\sysnative\drivers\csc.sys ()
DRV - (Datascrn [Boot | Running]) -- C:\Windows\sysnative\drivers\datascrn.sys ()
DRV - (DfsDriver [System | Running]) -- C:\Windows\sysnative\drivers\dfs.sys ()
DRV - (e1express [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\e1e6032e.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\HdAudio.sys ()
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VSTAZL6.SYS ()
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VSTDPV6.SYS ()
DRV - (iaStor [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\iaStor.sys ()
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\ibmpmdrv.sys ()
DRV - (ioatdma [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\qd260x64.sys ()
DRV - (lenovo.smi [System | Running]) -- C:\Windows\sysnative\DRIVERS\smiifx64.sys ()
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (motmodem [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\motmodem.sys ()
DRV - (msnfsflt [On_Demand | Running]) -- C:\Windows\sysnative\drivers\msnfsflt.sys ()
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090415.003\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090415.003\EX64.SYS (Symantec Corporation)
DRV - (NETw5v64 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\NETw5v64.sys ()
DRV - (NfsRdr [On_Demand | Running]) -- C:\Windows\sysnative\drivers\nfsrdr.sys ()
DRV - (NfsServer [On_Demand | Running]) -- C:\Windows\sysnative\drivers\nfssvr.sys ()
DRV - (Portmap [On_Demand | Running]) -- C:\Windows\sysnative\drivers\portmap.sys ()
DRV - (Quota [Boot | Running]) -- C:\Windows\sysnative\drivers\quota.sys ()
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\rimmpx64.sys ()
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\rimspx64.sys ()
DRV - (rismxdp [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\rixdpx64.sys ()
DRV - (RpcXdr [On_Demand | Running]) -- C:\Windows\sysnative\drivers\rpcxdr.sys ()
DRV - (s3cap [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\s3cap.sys ()
DRV - (sacdrv [Boot | Stopped]) -- C:\Windows\sysnative\DRIVERS\sacdrv.sys ()
DRV - (sdbus [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\sdbus.sys ()
DRV - (Shockprf [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\Apsx64.sys ()
DRV - (sptd [Boot | Running]) -- C:\Windows\sysnative\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\Windows\System32\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (storflt [Boot | Running]) -- C:\Windows\sysnative\drivers\storflt.sys ()
DRV - (storvsc [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\storvsc.sys ()
DRV - (storvsp [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\storvsp.sys ()
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS ()
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\SynTP.sys ()
DRV - (TPDIGIMN [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\ApsHM64.sys ()
DRV - (TPM [On_Demand | Running]) -- C:\Windows\sysnative\drivers\tpm.sys ()
DRV - (TPPWRIF [System | Running]) -- C:\Windows\SysWOW64\drivers\Tppwr64v.sys ()
DRV - (UMPass [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\umpass.sys ()
DRV - (Vid [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\vid.sys ()
DRV - (vmbus [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\vmbus.sys ()
DRV - (VMSMP [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\vmswitch.sys ()
DRV - (VMSP [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\vmswitch.sys ()
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VSTCNXT6.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.3x3links.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/22 17:45:06 | 00,000,000 | ---D | M]
O1 HOSTS File: (2191565 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 68631 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWlIcon.exe (Lenovo)
O4 - HKLM..\Run: [BLOG] rundll32 C:\PROGRA~2\ThinkPad\Utilities\BTVLogEx.DLL,StartBattLog ()
O4 - HKLM..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper (Lenovo)
O4 - HKLM..\Run: [vptray] C:\PROGRA~2\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [TPKMAPMN] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 60 Days ==========
[2009/04/19 14:52:38 | 00,002,732 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/04/19 14:52:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009/04/19 14:37:56 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/19 14:37:29 | 00,267,612 | ---- | C] () -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/04/19 14:15:06 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/19 14:15:06 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/19 14:15:06 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/19 14:15:06 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/19 14:15:06 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/19 14:15:04 | 00,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/19 14:15:04 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/19 14:15:04 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/19 14:15:04 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/19 14:14:51 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/19 10:41:18 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/19 10:41:18 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/10 09:53:52 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canon
[2009/04/10 09:52:37 | 00,016,074 | ---- | C] () -- C:\Users\Administrator\Desktop\RIP, MBA The economic crisis has exposed the myth of busine.htm
[2009/04/06 19:56:43 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2009/04/06 19:56:43 | 00,318,976 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2009/04/06 19:56:42 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2009/04/06 19:56:42 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2009/04/06 19:56:42 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/04/06 19:56:30 | 00,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2009/04/06 19:56:30 | 00,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2009/04/06 19:56:30 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2009/04/06 19:56:30 | 00,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2009/04/06 19:56:29 | 00,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2009/04/06 19:56:29 | 00,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2009/04/06 19:56:29 | 00,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2009/04/06 19:56:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPER
[2009/04/06 19:46:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Broad Intelligence
[2009/04/06 19:34:18 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Broad Intelligence
[2009/04/06 01:02:30 | 02,887,135 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/04/04 09:43:33 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/04/04 08:35:49 | 21,121,26976 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/03 23:52:47 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/04/03 23:52:46 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/03 23:52:44 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/03 23:52:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/03 23:52:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/04/03 23:47:36 | 00,000,954 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/03 23:47:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/04/03 23:08:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2009/04/02 15:30:58 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2009/04/01 11:59:21 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/03/30 17:31:17 | 00,003,184 | ---- | C] () -- C:\Users\Administrator\Desktop\Questions to ask at the Informational Interview.htm - Shortcut.lnk
[2009/03/30 17:31:17 | 00,003,139 | ---- | C] () -- C:\Users\Administrator\Desktop\Informational Interviewing Do's and Don'ts.htm - Shortcut.lnk
[2009/03/24 09:21:43 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\kantaris
[2009/03/24 09:21:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Kantaris
[2009/03/22 17:43:18 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/22 17:43:14 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/22 17:43:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/22 17:43:13 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/22 17:43:13 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/22 17:43:13 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/22 17:43:04 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/22 17:43:01 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/22 17:40:22 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/22 17:40:15 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/22 17:40:04 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/22 17:39:57 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/22 17:39:54 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/21 08:39:22 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/03/21 08:39:22 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/03/21 08:39:22 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/03/21 08:39:22 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/03/21 08:39:22 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/03/21 08:39:22 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/21 08:39:22 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/03/21 08:39:21 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/03/21 08:39:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/03/21 08:39:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/03/21 08:39:21 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/03/21 08:39:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/03/21 08:39:20 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/21 08:39:20 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/21 08:39:20 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/03/21 08:39:20 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/03/21 08:39:20 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/03/21 08:39:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/03/21 08:39:20 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/03/21 08:39:20 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/03/21 08:39:19 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/21 08:39:19 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/03/21 08:39:19 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/03/21 08:39:19 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/03/21 08:39:19 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/03/21 08:39:19 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/03/21 08:39:19 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/03/21 08:39:18 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/21 08:39:18 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/03/21 08:39:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/03/21 08:39:18 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/03/21 08:39:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/03/21 08:39:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/03/21 08:39:18 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/03/21 08:39:17 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/03/21 08:39:17 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/03/21 08:39:17 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/03/21 08:39:17 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/03/21 08:39:17 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/03/21 08:39:16 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/03/21 08:39:16 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/21 08:39:16 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/03/21 08:39:16 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/03/21 08:39:16 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/03/21 08:39:16 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/03/21 08:39:16 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/03/21 08:39:16 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/03/21 08:39:16 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/03/21 08:39:16 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/03/21 08:39:16 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/03/21 08:39:15 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/21 08:39:15 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/03/21 08:39:15 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/21 08:39:14 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/19 11:28:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2009/03/19 11:21:58 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009/03/18 23:54:08 | 00,306,296 | ---- | C] () -- C:\Users\Administrator\Documents\Cover Sheets.xps
[2009/03/18 18:19:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2009/03/18 18:04:01 | 00,000,034 | ---- | C] () -- C:\Windows\wwwbatch.ini
[2009/03/18 17:22:29 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2009/03/18 17:17:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2009/03/18 17:17:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2009/03/17 15:28:43 | 00,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/03/17 15:28:43 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OneNote Notebooks
[2009/03/16 22:44:08 | 10,623,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/16 22:44:06 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/16 22:44:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/16 22:44:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/16 22:44:05 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/15 09:22:42 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GrabPro
[2009/03/15 09:22:42 | 00,000,000 | ---D | C] -- C:\downloads
[2009/03/15 09:22:40 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Orbit
[2009/03/13 00:20:57 | 00,058,825 | ---- | C] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/03/11 07:57:51 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/09 23:47:13 | 00,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/02/23 22:58:06 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/02/20 21:21:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMPshop
[2009/02/20 20:54:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Brice Lambson
[2009/02/20 20:26:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2009/02/20 13:12:40 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/02/19 10:43:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/02/19 10:43:08 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/02/19 10:43:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2009/02/19 10:42:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2009/02/19 10:42:40 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/02/19 10:42:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/02/19 10:38:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/02/18 15:09:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2009/02/17 00:28:18 | 00,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI
[2009/02/13 23:53:29 | 00,013,104 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR64V.SYS
[2008/01/19 09:52:45 | 00,001,311 | ---- | C] () -- C:\Windows\System32\DfsMgmt.dll.config
[2008/01/19 05:33:41 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2008/01/19 05:33:41 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
========== Files - Modified Within 60 Days ==========
[2009/04/19 14:52:49 | 00,002,732 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/04/19 14:46:48 | 00,028,599 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/04/19 14:37:30 | 00,267,612 | ---- | M] () -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/04/19 14:21:58 | 00,028,599 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/04/19 14:17:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/19 14:17:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/19 14:17:04 | 21,121,26976 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/19 14:15:43 | 00,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/04/19 13:38:00 | 02,887,135 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/04/10 09:52:37 | 00,016,074 | ---- | M] () -- C:\Users\Administrator\Desktop\RIP, MBA The economic crisis has exposed the myth of busine.htm
[2009/04/08 00:17:28 | 00,058,825 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/04/04 01:02:50 | 00,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/04/03 23:47:36 | 00,000,954 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/30 17:31:17 | 00,003,184 | ---- | M] () -- C:\Users\Administrator\Desktop\Questions to ask at the Informational Interview.htm - Shortcut.lnk
[2009/03/30 17:31:17 | 00,003,139 | ---- | M] () -- C:\Users\Administrator\Desktop\Informational Interviewing Do's and Don'ts.htm - Shortcut.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/18 23:54:10 | 00,306,296 | ---- | M] () -- C:\Users\Administrator\Documents\Cover Sheets.xps
[2009/03/18 18:42:57 | 00,091,384 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/18 18:22:27 | 00,000,034 | ---- | M] () -- C:\Windows\wwwbatch.ini
[2009/03/17 15:28:43 | 00,001,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/03/16 23:38:46 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/03/16 23:38:44 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/03/08 17:09:24 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/03/08 07:41:15 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/08 07:39:47 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/08 07:35:08 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/03/08 07:34:57 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/08 07:34:55 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/08 07:34:50 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/03/08 07:34:47 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/03/08 07:34:47 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/03/08 07:34:28 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/03/08 07:34:26 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/03/08 07:34:17 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/03/08 07:34:16 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/03/08 07:33:38 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/03/08 07:33:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/08 07:33:17 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/03/08 07:33:16 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/03/08 07:33:15 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/03/08 07:33:15 | 00,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/03/08 07:33:15 | 00,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/03/08 07:33:15 | 00,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/03/08 07:33:14 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/03/08 07:33:06 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/03/08 07:33:04 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/03/08 07:33:01 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/03/08 07:32:54 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/03/08 07:32:53 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/03/08 07:32:50 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/03/08 07:32:49 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/03/08 07:32:48 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/03/08 07:32:46 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/03/08 07:32:44 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/03/08 07:32:38 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/03/08 07:32:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/03/08 07:32:24 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/08 07:32:20 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/08 07:32:02 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/08 07:31:55 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/03/08 07:31:52 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/03/08 07:31:51 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/03/08 07:31:51 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/03/08 07:31:42 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/03/08 07:31:37 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/03/08 07:31:35 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/03/08 07:31:24 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/03/08 07:31:17 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/03/08 07:31:01 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/08 07:31:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/03/08 07:30:54 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/03/08 07:22:45 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/03/08 07:22:37 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/03/08 07:11:10 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/03/06 09:38:20 | 00,918,926 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/03 00:39:36 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/03/03 00:37:11 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/03/03 00:37:11 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/03/03 00:37:11 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/03/02 22:38:13 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
< End of report >
OTListIt Extras log:
OTListIt Extras logfile created on: 4/19/2009 2:57:05 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = O:\4F Networking - Security - Client\- Registry Logging Tools\OldTimeListIt2
Windows Vista Server Standard Edition (full installation) Service Pack 1 (Version = 6.0.6001) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 35.33% Memory free
4.00 Gb Paging File | 2.54 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): c:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.50 Gb Total Space | 26.94 Gb Free Space | 53.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 125.50 Gb Total Space | 1.61 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive P: | 250.00 Gb Total Space | 0.06 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive Q: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.88% Space Free | Partition Type: NTFS
Drive R: | 10.00 Gb Total Space | 5.44 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive S: | 10.00 Gb Total Space | 8.94 Gb Free Space | 89.37% Space Free | Partition Type: NTFS
Drive T: | 9.76 Gb Total Space | 8.65 Gb Free Space | 88.66% Space Free | Partition Type: NTFS
Computer Name: LEGOLANDSERVER
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 60 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.txt [@ = txtfile] -- O:\8 Apps - Portable\PSPad (Portable)\PSPad.exe (Prog-Soft s.r.o.)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 1
"EnableFirewall" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.1.57
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F872E7C-C111-4FF4-AEC5-23935493B398}" = WOT for Internet Explorer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92AD5AAD-9D4A-4077-BA5A-5A5B26F37746}" = FileVerifier++
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.95b3
"GIMPshop" = GIMPshop 2.2.8
"Kantaris_is1" = Kantaris Media Player 0.4.3
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.2
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"ULTIMATER" = Microsoft Office Ultimate 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/6/2009 7:03:17 PM | Computer Name = LEGOLANDSERVER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, time stamp 0x49094c66,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception
code 0xc000012f, fault offset 0x0006ecfb, process id 0x17c8, application start time
0x01c9b70bdefba1f0.
Error - 4/6/2009 7:47:02 PM | Computer Name = LEGOLANDSERVER | Source = Application Error | ID = 1000
Description = Faulting application mediacoder.exe, version 0.6.1.0, time stamp 0x499b0237,
faulting module mccore.dll, version 0.0.0.0, time stamp 0x499afe9f, exception code
0xc0000005, fault offset 0x00004ce0, process id 0x1324, application start time 0x01c9b7103496bec0.
Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1021
Description =
Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =
Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1021
Description =
Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =
Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1021
Description =
Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =
Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1005
Description =
Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =
[ DFS Replication Events ]
Error - 4/14/2009 2:13:27 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/15/2009 7:56:04 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/15/2009 4:42:29 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/16/2009 12:42:39 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/16/2009 10:19:23 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/16/2009 7:24:49 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/19/2009 10:38:30 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/19/2009 11:38:35 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/19/2009 1:29:08 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
Error - 4/19/2009 1:43:03 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)
[ System Events ]
Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =
Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =
Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =
Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =
Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =
Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =
Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =
Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =
Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =
Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =
< End of report >