Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Svchost services eating 50% CPU, blocking internet [Closed]

Started by akaaka , Apr 20 2009 10:48 AM

  • This topic is locked This topic is locked

#1
akaaka
Posted 20 April 2009 - 10:48 AM

akaaka

    New Member

  • Member
  • Pip
  • 5 posts
Dear Geeks 2 Go,

I've followed the steps required prior to posting, and I am at a loss to identify the source of the problem. None of the malware detection apps has picked up an obvious culprit. Attached below you'll find the logs for OldTimeIt, and for Rooter. I'd be glad to run a log for Gmer (another rootkit detector) and so on. First, the symptoms:

I'm running Windows Server 2008 x64 as a laptop OS on a ThinkPad. I'm still very much a learner when it comes to networking, and after setting up my first AdHoc connection to another laptop, I seem to have bent something out of shape, or contracted a nasty infection.

As soon as I flip on the physical WiFi / BT radio switch, a svchost process loads that eats 50% of the CPU, and blocks IE8 from connecting to the internet, even after I've connected to a WiFi router. I have to kill the svchost process in Task Manager for IE to connect (and it does so instantly). After killing it, the svchost resurfaces periodically -- especially when I relaunch IE.

I've checked the services running under this svchost in Task Manager, and they are:
1. Windows Remote Management (WinRM)
2. Terminal Services (TermService)
3. Network Locatoin Awareness (NlaSvc)
4. KtmRm for Distributed Transaction Coordinator )(KtmRm)
5. DNS Client (Dnscache)
6. Cryptographic Services (CryptSvc)

I hesitate to mention anything in particular that might be associated with this, as I have no idea what is going on, and would rather not prejudice your diagnoses. Still, here are some other details, which may or may not be red herrings -- mainly I'm curious whether something needs re-setting.

1. I recently tried to establish a WiFi AdHoc connection with a friend's laptop, which didn't work. (Just curious if there's a reset from that experience that I haven't done.)

2. I succeeded in establishing an AdHoc connection via an Ethernet cable. Sharing is now off, although could it be that the user's login is still active on this machine?

3. I wonder whether the ThinkPad WiFi networking utility (Access Connections) is in conflict with Windows Networking or the Intel networking drivers.

4. I have uninstalled some 3rd party programs I thought might be contributing to the problem, but the problem remains.

5. Because I'm concerned about what this svchost is doing, sometimes I just kill any svchost that I see reach 40+% of CPU, and that has on two occasions caused MS updating to give errors -- once Windows Defender failed to download an update, and most recently, three Windows Update security patches failed to install -- but they installed just fine the next time. So, again, this could just be some bizarre Windows misconfiguration.

Are there any networking settings that I need to check, and potentially fix?

Here are the logs:



ROOTER:


C:\ [Fixed] - NTFS - (Total:51712 Mo/Free:3095 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
O:\ [Fixed] - NTFS - (Total:128511 Mo/Free:1207 Mo)
P:\ [Fixed] - NTFS - (Total:256000 Mo/Free:59 Mo)
Q:\ [Fixed] - NTFS - (Total:10239 Mo/Free:2035 Mo)
R:\ [Fixed] - NTFS - (Total:10238 Mo/Free:1477 Mo)
S:\ [Fixed] - NTFS - (Total:10238 Mo/Free:958 Mo)
T:\ [Fixed] - NTFS - (Total:9990 Mo/Free:665 Mo)
V:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sun 04/19/2009|14:43

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
--Locked-- audiodg.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
---------- ?????????
---------- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
---------- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
---------- ?????????
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
---------- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
---------- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
---------- C:\Windows\SysWOW64\rundll32.exe
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
---------- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
---------- C:\Program Files\Lenovo\Zoom\TpScrex.exe
---------- ?????????
---------- ?????????
---------- C:\PROGRA~2\ThinkPad\Utilities\PWMUIAux.exe
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
---------- ?????????
---------- ?????????
---------- ?????????
---------- C:\Users\Administrator\Desktop\Rooter.exe
---------- C:\Windows\SysWOW64\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..




OTListIt2.txt log:


OTListIt logfile created on: 4/19/2009 2:57:05 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = O:\4F Networking - Security - Client\- Registry Logging Tools\OldTimeListIt2
Windows Vista Server Standard Edition (full installation) Service Pack 1 (Version = 6.0.6001) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 35.33% Memory free
4.00 Gb Paging File | 2.54 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): c:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.50 Gb Total Space | 26.94 Gb Free Space | 53.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 125.50 Gb Total Space | 1.61 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive P: | 250.00 Gb Total Space | 0.06 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive Q: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.88% Space Free | Partition Type: NTFS
Drive R: | 10.00 Gb Total Space | 5.44 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive S: | 10.00 Gb Total Space | 8.94 Gb Free Space | 89.37% Space Free | Partition Type: NTFS
Drive T: | 9.76 Gb Total Space | 8.65 Gb Free Space | 88.66% Space Free | Partition Type: NTFS

Computer Name: LEGOLANDSERVER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 60 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
PRC - O:\4F Networking - Security - Client\- Registry Logging Tools\OldTimeListIt2\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AcPrfMgrSvc [Auto | Running]) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (AcSvc [Auto | Running]) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AEADIFilters [Auto | Running]) -- C:\Windows\sysnative\AEADISRV.EXE ()
SRV - (AppHostSvc [Auto | Running]) -- C:\Windows\system32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (BthServ [Auto | Running]) -- C:\Windows\sysnative\bthserv.dll ()
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CscService [Auto | Running]) -- C:\Windows\sysnative\cscsvc.dll ()
SRV - (DefWatch [Auto | Running]) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (Dfs [Auto | Running]) -- C:\Windows\sysnative\dfssvc.exe ()
SRV - (DFSR [Auto | Running]) -- C:\Windows\sysnative\DFSRs.exe ()
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (FCRegSvc [On_Demand | Stopped]) -- C:\Windows\sysnative\FCRegSvc.dll ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\Windows\sysnative\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$MICROSOFT##SSEE [On_Demand | Stopped]) -- C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (NetMsmqActivator [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator [Auto | Running]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator [Auto | Running]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [On_Demand | Running]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NfsClnt [Auto | Running]) -- C:\Windows\sysnative\nfsclnt.exe ()
SRV - (NfsService [Auto | Running]) -- C:\Windows\sysnative\nfssvc.exe ()
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (Power Manager DBC Service [Auto | Running]) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (RSoPProv [On_Demand | Stopped]) -- C:\Windows\sysnative\RSoPProv.exe ()
SRV - (sacsvr [On_Demand | Stopped]) -- C:\Windows\sysnative\sacsvr.dll ()
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SrmReports [On_Demand | Stopped]) -- C:\Windows\sysnative\srmhost.exe ()
SRV - (SrmSvc [Auto | Running]) -- C:\Windows\sysnative\srmsvc.dll ()
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\Windows\sysnative\TPHDEXLG64.exe ()
SRV - (TPHKSVC [Auto | Running]) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\sysnative\umrdp.dll ()
SRV - (W3SVC [Auto | Running]) -- C:\Windows\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WAS [On_Demand | Running]) -- C:\Windows\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (wbengine [On_Demand | Stopped]) -- C:\Windows\sysnative\wbengine.exe ()
SRV - (WSRM [Auto | Running]) -- C:\Windows\sysnative\wsrm.exe ()

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\sysnative\drivers\ADIHdAud.sys ()
DRV - (b06bdrv [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\bxvbda.sys ()
DRV - (BthEnum [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\BthEnum.sys ()
DRV - (BTHPORT [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\BTHport.sys ()
DRV - (BTHUSB [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\BTHUSB.sys ()
DRV - (CmBatt [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\CmBatt.sys ()
DRV - (CSC [System | Running]) -- C:\Windows\sysnative\drivers\csc.sys ()
DRV - (Datascrn [Boot | Running]) -- C:\Windows\sysnative\drivers\datascrn.sys ()
DRV - (DfsDriver [System | Running]) -- C:\Windows\sysnative\drivers\dfs.sys ()
DRV - (e1express [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\e1e6032e.sys ()
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\HdAudio.sys ()
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VSTAZL6.SYS ()
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VSTDPV6.SYS ()
DRV - (iaStor [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\iaStor.sys ()
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\ibmpmdrv.sys ()
DRV - (ioatdma [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\qd260x64.sys ()
DRV - (lenovo.smi [System | Running]) -- C:\Windows\sysnative\DRIVERS\smiifx64.sys ()
DRV - (mcdbus [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (motmodem [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\motmodem.sys ()
DRV - (msnfsflt [On_Demand | Running]) -- C:\Windows\sysnative\drivers\msnfsflt.sys ()
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090415.003\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090415.003\EX64.SYS (Symantec Corporation)
DRV - (NETw5v64 [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\NETw5v64.sys ()
DRV - (NfsRdr [On_Demand | Running]) -- C:\Windows\sysnative\drivers\nfsrdr.sys ()
DRV - (NfsServer [On_Demand | Running]) -- C:\Windows\sysnative\drivers\nfssvr.sys ()
DRV - (Portmap [On_Demand | Running]) -- C:\Windows\sysnative\drivers\portmap.sys ()
DRV - (Quota [Boot | Running]) -- C:\Windows\sysnative\drivers\quota.sys ()
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\rimmpx64.sys ()
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\rimspx64.sys ()
DRV - (rismxdp [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\rixdpx64.sys ()
DRV - (RpcXdr [On_Demand | Running]) -- C:\Windows\sysnative\drivers\rpcxdr.sys ()
DRV - (s3cap [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\s3cap.sys ()
DRV - (sacdrv [Boot | Stopped]) -- C:\Windows\sysnative\DRIVERS\sacdrv.sys ()
DRV - (sdbus [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\sdbus.sys ()
DRV - (Shockprf [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\Apsx64.sys ()
DRV - (sptd [Boot | Running]) -- C:\Windows\sysnative\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\Windows\System32\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (storflt [Boot | Running]) -- C:\Windows\sysnative\drivers\storflt.sys ()
DRV - (storvsc [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\storvsc.sys ()
DRV - (storvsp [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\storvsp.sys ()
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS ()
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\SynTP.sys ()
DRV - (TPDIGIMN [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\ApsHM64.sys ()
DRV - (TPM [On_Demand | Running]) -- C:\Windows\sysnative\drivers\tpm.sys ()
DRV - (TPPWRIF [System | Running]) -- C:\Windows\SysWOW64\drivers\Tppwr64v.sys ()
DRV - (UMPass [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\umpass.sys ()
DRV - (Vid [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\vid.sys ()
DRV - (vmbus [Disabled | Stopped]) -- C:\Windows\sysnative\drivers\vmbus.sys ()
DRV - (VMSMP [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\vmswitch.sys ()
DRV - (VMSP [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\vmswitch.sys ()
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\VSTCNXT6.SYS ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.3x3links.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/22 17:45:06 | 00,000,000 | ---D | M]


O1 HOSTS File: (2191565 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 a9rhiwa.cn #[Google.Warning]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 68631 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWlIcon.exe (Lenovo)
O4 - HKLM..\Run: [BLOG] rundll32 C:\PROGRA~2\ThinkPad\Utilities\BTVLogEx.DLL,StartBattLog ()
O4 - HKLM..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper (Lenovo)
O4 - HKLM..\Run: [vptray] C:\PROGRA~2\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [TPKMAPMN] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 60 Days ==========

[2009/04/19 14:52:38 | 00,002,732 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/04/19 14:52:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009/04/19 14:37:56 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/19 14:37:29 | 00,267,612 | ---- | C] () -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/04/19 14:15:06 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/19 14:15:06 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/19 14:15:06 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/19 14:15:06 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/19 14:15:06 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/19 14:15:04 | 00,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/19 14:15:04 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/19 14:15:04 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/19 14:15:04 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/19 14:14:51 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/19 10:41:18 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/19 10:41:18 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/10 09:53:52 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canon
[2009/04/10 09:52:37 | 00,016,074 | ---- | C] () -- C:\Users\Administrator\Desktop\RIP, MBA The economic crisis has exposed the myth of busine.htm
[2009/04/06 19:56:43 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2009/04/06 19:56:43 | 00,318,976 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2009/04/06 19:56:42 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2009/04/06 19:56:42 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2009/04/06 19:56:42 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/04/06 19:56:30 | 00,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2009/04/06 19:56:30 | 00,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2009/04/06 19:56:30 | 00,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2009/04/06 19:56:30 | 00,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2009/04/06 19:56:29 | 00,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2009/04/06 19:56:29 | 00,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2009/04/06 19:56:29 | 00,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2009/04/06 19:56:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPER
[2009/04/06 19:46:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Broad Intelligence
[2009/04/06 19:34:18 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Broad Intelligence
[2009/04/06 01:02:30 | 02,887,135 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/04/04 09:43:33 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/04/04 08:35:49 | 21,121,26976 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/03 23:52:47 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/04/03 23:52:46 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/03 23:52:44 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/03 23:52:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/03 23:52:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/04/03 23:47:36 | 00,000,954 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/03 23:47:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/04/03 23:08:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2009/04/02 15:30:58 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2009/04/01 11:59:21 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/03/30 17:31:17 | 00,003,184 | ---- | C] () -- C:\Users\Administrator\Desktop\Questions to ask at the Informational Interview.htm - Shortcut.lnk
[2009/03/30 17:31:17 | 00,003,139 | ---- | C] () -- C:\Users\Administrator\Desktop\Informational Interviewing Do's and Don'ts.htm - Shortcut.lnk
[2009/03/24 09:21:43 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\kantaris
[2009/03/24 09:21:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Kantaris
[2009/03/22 17:43:18 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/22 17:43:14 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/22 17:43:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/22 17:43:13 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/22 17:43:13 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/22 17:43:13 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/22 17:43:04 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/22 17:43:01 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/22 17:40:22 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/22 17:40:15 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/22 17:40:04 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/22 17:39:57 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/22 17:39:54 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/21 08:39:22 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/03/21 08:39:22 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/03/21 08:39:22 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/03/21 08:39:22 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/03/21 08:39:22 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/03/21 08:39:22 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/21 08:39:22 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/03/21 08:39:21 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/03/21 08:39:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/03/21 08:39:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/03/21 08:39:21 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/03/21 08:39:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/03/21 08:39:20 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/21 08:39:20 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/21 08:39:20 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/03/21 08:39:20 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/03/21 08:39:20 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/03/21 08:39:20 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/03/21 08:39:20 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/03/21 08:39:20 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/03/21 08:39:19 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/21 08:39:19 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/03/21 08:39:19 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/03/21 08:39:19 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/03/21 08:39:19 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/03/21 08:39:19 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/03/21 08:39:19 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/03/21 08:39:18 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/21 08:39:18 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/03/21 08:39:18 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/03/21 08:39:18 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/03/21 08:39:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/03/21 08:39:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/03/21 08:39:18 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/03/21 08:39:17 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/03/21 08:39:17 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/03/21 08:39:17 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/03/21 08:39:17 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/03/21 08:39:17 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/03/21 08:39:16 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/03/21 08:39:16 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/21 08:39:16 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/03/21 08:39:16 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/03/21 08:39:16 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/03/21 08:39:16 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/03/21 08:39:16 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/03/21 08:39:16 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/03/21 08:39:16 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/03/21 08:39:16 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/03/21 08:39:16 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/03/21 08:39:15 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/21 08:39:15 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/03/21 08:39:15 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/21 08:39:14 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/19 11:28:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2009/03/19 11:21:58 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009/03/18 23:54:08 | 00,306,296 | ---- | C] () -- C:\Users\Administrator\Documents\Cover Sheets.xps
[2009/03/18 18:19:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2009/03/18 18:04:01 | 00,000,034 | ---- | C] () -- C:\Windows\wwwbatch.ini
[2009/03/18 17:22:29 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2009/03/18 17:17:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2009/03/18 17:17:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2009/03/17 15:28:43 | 00,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/03/17 15:28:43 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\OneNote Notebooks
[2009/03/16 22:44:08 | 10,623,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/16 22:44:06 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/16 22:44:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/16 22:44:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/16 22:44:05 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/15 09:22:42 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GrabPro
[2009/03/15 09:22:42 | 00,000,000 | ---D | C] -- C:\downloads
[2009/03/15 09:22:40 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Orbit
[2009/03/13 00:20:57 | 00,058,825 | ---- | C] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/03/11 07:57:51 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/09 23:47:13 | 00,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/02/23 22:58:06 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/02/20 21:21:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMPshop
[2009/02/20 20:54:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Brice Lambson
[2009/02/20 20:26:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2009/02/20 13:12:40 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/02/19 10:43:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/02/19 10:43:08 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/02/19 10:43:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2009/02/19 10:42:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2009/02/19 10:42:40 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/02/19 10:42:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2009/02/19 10:38:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2009/02/18 15:09:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2009/02/17 00:28:18 | 00,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI
[2009/02/13 23:53:29 | 00,013,104 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR64V.SYS
[2008/01/19 09:52:45 | 00,001,311 | ---- | C] () -- C:\Windows\System32\DfsMgmt.dll.config
[2008/01/19 05:33:41 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2008/01/19 05:33:41 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 60 Days ==========

[2009/04/19 14:52:49 | 00,002,732 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/04/19 14:46:48 | 00,028,599 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/04/19 14:37:30 | 00,267,612 | ---- | M] () -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/04/19 14:21:58 | 00,028,599 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/04/19 14:17:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/19 14:17:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/19 14:17:04 | 21,121,26976 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/19 14:15:43 | 00,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/04/19 13:38:00 | 02,887,135 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/04/10 09:52:37 | 00,016,074 | ---- | M] () -- C:\Users\Administrator\Desktop\RIP, MBA The economic crisis has exposed the myth of busine.htm
[2009/04/08 00:17:28 | 00,058,825 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/04/04 01:02:50 | 00,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/04/03 23:47:36 | 00,000,954 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/30 17:31:17 | 00,003,184 | ---- | M] () -- C:\Users\Administrator\Desktop\Questions to ask at the Informational Interview.htm - Shortcut.lnk
[2009/03/30 17:31:17 | 00,003,139 | ---- | M] () -- C:\Users\Administrator\Desktop\Informational Interviewing Do's and Don'ts.htm - Shortcut.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/18 23:54:10 | 00,306,296 | ---- | M] () -- C:\Users\Administrator\Documents\Cover Sheets.xps
[2009/03/18 18:42:57 | 00,091,384 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/18 18:22:27 | 00,000,034 | ---- | M] () -- C:\Windows\wwwbatch.ini
[2009/03/17 15:28:43 | 00,001,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/03/16 23:38:46 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/03/16 23:38:44 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/03/08 17:09:24 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/03/08 07:41:15 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/08 07:39:47 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/08 07:35:08 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/03/08 07:34:57 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/08 07:34:55 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/08 07:34:50 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/03/08 07:34:47 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/03/08 07:34:47 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/03/08 07:34:28 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/03/08 07:34:26 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/03/08 07:34:17 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/03/08 07:34:16 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/03/08 07:33:38 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/03/08 07:33:24 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/08 07:33:17 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/03/08 07:33:16 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/03/08 07:33:15 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/03/08 07:33:15 | 00,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/03/08 07:33:15 | 00,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/03/08 07:33:15 | 00,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/03/08 07:33:14 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/03/08 07:33:06 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/03/08 07:33:04 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/03/08 07:33:01 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/03/08 07:32:54 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/03/08 07:32:53 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/03/08 07:32:50 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/03/08 07:32:49 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/03/08 07:32:48 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/03/08 07:32:46 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/03/08 07:32:44 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/03/08 07:32:38 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/03/08 07:32:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/03/08 07:32:24 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/08 07:32:20 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/08 07:32:02 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/08 07:31:55 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/03/08 07:31:52 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/03/08 07:31:51 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/03/08 07:31:51 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/03/08 07:31:42 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/03/08 07:31:37 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/03/08 07:31:35 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/03/08 07:31:24 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/03/08 07:31:17 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/03/08 07:31:01 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/08 07:31:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/03/08 07:30:54 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/03/08 07:22:45 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/03/08 07:22:37 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/03/08 07:11:10 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/03/06 09:38:20 | 00,918,926 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/03 00:39:36 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/03/03 00:37:11 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/03/03 00:37:11 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/03/03 00:37:11 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/03/02 22:38:13 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
< End of report >




OTListIt Extras log:

OTListIt Extras logfile created on: 4/19/2009 2:57:05 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = O:\4F Networking - Security - Client\- Registry Logging Tools\OldTimeListIt2
Windows Vista Server Standard Edition (full installation) Service Pack 1 (Version = 6.0.6001) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 35.33% Memory free
4.00 Gb Paging File | 2.54 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): c:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.50 Gb Total Space | 26.94 Gb Free Space | 53.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 125.50 Gb Total Space | 1.61 Gb Free Space | 1.28% Space Free | Partition Type: NTFS
Drive P: | 250.00 Gb Total Space | 0.06 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive Q: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.88% Space Free | Partition Type: NTFS
Drive R: | 10.00 Gb Total Space | 5.44 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive S: | 10.00 Gb Total Space | 8.94 Gb Free Space | 89.37% Space Free | Partition Type: NTFS
Drive T: | 9.76 Gb Total Space | 8.65 Gb Free Space | 88.66% Space Free | Partition Type: NTFS

Computer Name: LEGOLANDSERVER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 60 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.txt [@ = txtfile] -- O:\8 Apps - Portable\PSPad (Portable)\PSPad.exe (Prog-Soft s.r.o.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 1
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.1.57
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F872E7C-C111-4FF4-AEC5-23935493B398}" = WOT for Internet Explorer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92AD5AAD-9D4A-4077-BA5A-5A5B26F37746}" = FileVerifier++
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.95b3
"GIMPshop" = GIMPshop 2.2.8
"Kantaris_is1" = Kantaris Media Player 0.4.3
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.2
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"ULTIMATER" = Microsoft Office Ultimate 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2009 7:03:17 PM | Computer Name = LEGOLANDSERVER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, time stamp 0x49094c66,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception
code 0xc000012f, fault offset 0x0006ecfb, process id 0x17c8, application start time
0x01c9b70bdefba1f0.

Error - 4/6/2009 7:47:02 PM | Computer Name = LEGOLANDSERVER | Source = Application Error | ID = 1000
Description = Faulting application mediacoder.exe, version 0.6.1.0, time stamp 0x499b0237,
faulting module mccore.dll, version 0.0.0.0, time stamp 0x499afe9f, exception code
0xc0000005, fault offset 0x00004ce0, process id 0x1324, application start time 0x01c9b7103496bec0.

Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1021
Description =

Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =

Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1021
Description =

Error - 4/7/2009 2:46:02 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =

Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1021
Description =

Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =

Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1005
Description =

Error - 4/7/2009 2:46:03 AM | Computer Name = LEGOLANDSERVER | Source = Perflib | ID = 1017
Description =

[ DFS Replication Events ]
Error - 4/14/2009 2:13:27 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/15/2009 7:56:04 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/15/2009 4:42:29 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/16/2009 12:42:39 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/16/2009 10:19:23 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/16/2009 7:24:49 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/19/2009 10:38:30 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/19/2009 11:38:35 AM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/19/2009 1:29:08 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

Error - 4/19/2009 1:43:03 PM | Computer Name = LEGOLANDSERVER | Source = DFSR | ID = 1202
Description = The DFS Replication service failed to contact domain controller ?0????????????????????4??4?????????????
to access configuration information. Replication is stopped. The service will try
again during the next configuration polling cycle, which will occur in ???5???????????????????????????4??????.?
minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory
Domain
Services, or DNS issues. Additional Information: Error: ????????????????????4??4?????????????
(???????????????????????????4??????.?)

[ System Events ]
Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =

Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =

Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =

Error - 4/19/2009 2:26:54 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7031
Description =

Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =

Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =

Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =

Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =

Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =

Error - 4/19/2009 2:33:59 PM | Computer Name = LEGOLANDSERVER | Source = Service Control Manager | ID = 7034
Description =


< End of report >
  • 0

Advertisements

#2
SpySentinel
Posted 25 April 2009 - 05:06 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi akaaka,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Step #1

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post


Step #2

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.


Step #3

Download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
  • Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

  • 0

#3
SpySentinel
Posted 02 May 2009 - 05:29 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP