This topic is lockedhttp://www.mediafire...rrcyzbzor4w5sb5
Several Infections
Started by
klown69
, Jul 15 2011 02:38 PM
#31
Posted 19 July 2011 - 04:00 PM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
http://www.mediafire...rrcyzbzor4w5sb5
#32
Posted 20 July 2011 - 12:51 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Of the three dumps two were within system files but one was a video driver. But the error was the same.
Have you updated your video driver at all ?
Have you updated your video driver at all ?
#33
Posted 20 July 2011 - 03:08 PM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
Ron tried that the other day and once it installed the system went into a constant reboot forcing him to boot into Safe Mode and uninstall the video driver to get the system to finally boot into normal mode. Right now I am running on a unspecified vga adapter.
#34
Posted 20 July 2011 - 03:09 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Are you using a video card or is the graphic built into the motherboard
#35
Posted 20 July 2011 - 03:55 PM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
Built onboard and I went to the manufacturers websit and got the newest driver they had for the mobo.
#36
Posted 21 July 2011 - 10:53 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Has that made any difference ?
What is th emake and model of the MOBO ?
What is th emake and model of the MOBO ?
#37
Posted 22 July 2011 - 11:13 AM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
Biostar P4M900-M7 FE
I have been to their site and gotten the newest video driver but that just sends the system into a restart loop.
I have been to their site and gotten the newest video driver but that just sends the system into a restart loop.
#38
Posted 22 July 2011 - 12:38 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you go to Driver Max and download the run the small programme
Allow it to analyse your system
It will then take you to a web page and show the drivers that it has updates for
Could you post the link and we will see which one to get
Allow it to analyse your system
It will then take you to a web page and show the drivers that it has updates for
Could you post the link and we will see which one to get
#39
Posted 22 July 2011 - 07:52 PM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
#40
Posted 23 July 2011 - 05:59 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK could you download and install this update VIA CPU to AGP Controller
There is a rollback facility so if it does not work as advertised then it can be rolled back to the previous version
You can take two driver downloads per day with the free version
Let me know if that resolves the BSOD
There is a rollback facility so if it does not work as advertised then it can be rolled back to the previous version
You can take two driver downloads per day with the free version
Let me know if that resolves the BSOD
#41
Posted 24 July 2011 - 08:55 AM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
Just to let you know it is still crashing and rebooting at various intervals. Not much has changed since the driver was updated.
#42
Posted 24 July 2011 - 09:46 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK I feel the problem is not malware related which is good, but as to what is causing the crashes I am not to sure. There have been reports from some people that Avast may cause this, although there has been no specific cause, and the number of cases is very small.
So lets now try that. Could you uninstall Avast and for the interim install Avira
Download aswClear to your desktop
Download Avira to your desktop
Uninstall Avast via control panel add/remove
Reboot
Run the aswClear tool
Reboot
Install Avira
Let me know if the BSOD persist
So lets now try that. Could you uninstall Avast and for the interim install Avira
Download aswClear to your desktop
Download Avira to your desktop
Uninstall Avast via control panel add/remove
Reboot
Run the aswClear tool
Reboot
Install Avira
Let me know if the BSOD persist
#43
Posted 24 July 2011 - 01:01 PM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
Post 19 Avast was uninstalled and MSE installed.
Just rebooted again on it's own so I am including the newest minidump located HERE
According to the last dump file sr.sys caused the error. What if I disabled System restore and then renebled it or deleted all restore points.
Just rebooted again on it's own so I am including the newest minidump located HERE
According to the last dump file sr.sys caused the error. What if I disabled System restore and then renebled it or deleted all restore points.
Edited by klown69, 24 July 2011 - 01:31 PM.
#44
Posted 24 July 2011 - 02:14 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
The code is reporting driver errors
At this stage I would recommend that you update all the drivers using drivermax, unfortunately you can only update two per day
I will also run a check on your temps and voltages
Please download SINO by Artellos.
At this stage I would recommend that you update all the drivers using drivermax, unfortunately you can only update two per day
I will also run a check on your temps and voltages
Please download SINO by Artellos.
- Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
- Then please check the following checkboxes:
System Info
Services
Boot Check
Tasklist
Startup Items
Event Log
Ipconfig
Ping
Netstat
Hosts file
Shares
Routing Table - Once checked, hit the Run Scan! button and wait for the program to finish the scan.
- A notepad window will pop up. Please copy all of the content into your next reply.
#45
Posted 24 July 2011 - 03:11 PM
klown69
- Topic Starter
-
- Member
-
- 37 posts
Member
Left the house for 45 minutes and when I got back system and rebootd to log in screen. Here is the log you requested.
System Investigator by Olrik
Log Created On: 1608_24-07-2011
SINO Version: 3.1.0.0
Total RAM: 3326 MB | Free RAM: 2743 MB | Pagefile Size: 5210 MB
C: | 181746 MB out of 238472 MB Free | Local Fixed Disk
D: | 53402 MB out of 78159 MB Free | Local Fixed Disk
E: | None | CD-ROM Disc
<<<< System Information >>>>
Computer Name: KELLY-CBA445F79
Username: Klown
Language Setting: ENU
Windows Directory: C:\WINDOWS1
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
<<<< Tasklist >>>>
[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOWS1\System32\smss.exe] - Process ID: 608
[csrss.exe] - Process ID: 656
[C:\WINDOWS1\system32\winlogon.exe] - Process ID: 680
[C:\WINDOWS1\system32\services.exe] - Process ID: 724
[C:\WINDOWS1\system32\lsass.exe] - Process ID: 744
[C:\WINDOWS1\system32\svchost.exe] - Process ID: 916
[svchost.exe] - Process ID: 984
[c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe] - Process ID: 1080
[C:\WINDOWS1\System32\svchost.exe] - Process ID: 1116
[svchost.exe] - Process ID: 1224
[svchost.exe] - Process ID: 1316
[C:\WINDOWS1\system32\spoolsv.exe] - Process ID: 1516
[svchost.exe] - Process ID: 1628
[C:\WINDOWS1\system32\SearchIndexer.exe] - Process ID: 1824
[alg.exe] - Process ID: 1144
[C:\WINDOWS1\Explorer.EXE] - Process ID: 2536
[C:\Program Files\Microsoft Security Client\msseces.exe] - Process ID: 2804
[C:\WINDOWS1\system32\VTTimer.exe] - Process ID: 2908
[C:\WINDOWS1\system32\ctfmon.exe] - Process ID: 2996
[C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] - Process ID: 3012
[C:\Program Files\Innovative Solutions\DriverMax\devices.exe] - Process ID: 3136
[C:\Program Files\Windows Desktop Search\WindowsSearch.exe] - Process ID: 3240
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3272
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3736
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3788
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3844
[searchfilterhost.exe] - Process ID: 2520
[C:\WINDOWS1\system32\SearchProtocolHost.exe] - Process ID: 2672
[C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 2936
[wmiprvse.exe] - Process ID: 3092
<<<< Startup Items >>>>
[Windows Search.lnk] - <Common Startup> - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[Adobe ARM] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[MSC] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
[VTTimer] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - VTTimer.exe
[S3Trayp] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - S3trayp.exe
[ctfmon.exe] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS1\system32\ctfmon.exe
[swg] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[DriverMax] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
[DriverMax_RESTART] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
<<<< MS Services >>>>
Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\alg.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
CryptSvc (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Logical Disk Manager (dmserver) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k NetworkService
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\services.exe
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Automatic Updates (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\dmadmin.exe /com
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k eapsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Human Interface Device Access (HidServ) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k HTTPFilter
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "c:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\imapi.exe
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\msdtc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\locator.exe
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\SCardSvr.exe
Windows Image Acquisition (WIA) (stisvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k imgsvc
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\dllhost.exe /Processid:{D3A1C429-8F3B-45CB-A5EA-6E1D0440E5D1}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\smlogsvc.exe
Telnet (TlntSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\tlntsvr.exe
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\vssvc.exe
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Windows Management Instrumentation Driver Extensions (Wmi) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\wbem\wmiapsrv.exe
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k WudfServiceGroup
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
<<<< Non-MS Services >>>>
Microsoft Antimalware Service (MsMpSvc) - Running [Auto | Stoppable | Not_Pausable] - "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
Windows Search (WSearch) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\SearchIndexer.exe /Embedding
Google Update Service (gupdate) (gupdate) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
Google Update Service (gupdatem) (gupdatem) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
Google Software Updater (gusvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k WINRM
<<<< Boot.ini >>>>
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
<<<< Last 5 Application Errors or Warnings >>>>
Computer Name: KELLY-CBA445F79 | ID: 1004 | Source: Application Error | Type: Error | Date: 24-7-11 16:4:46 | Log: Application
Message: Faulting application MsMpEng.exe, version 3.0.8402.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000128f7.
Computer Name: KELLY-CBA445F79 | ID: 3036 | Source: Windows Search Service | Type: Warning | Date: 24-7-11 16:0:38 | Log: Application
Message: The content source <c:\documents and settings\> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (0x80040d0d)
Computer Name: KELLY-CBA445F79 | ID: 5000 | Source: MPSampleSubmission | Type: Error | Date: 24-7-11 16:0:25 | Log: Application
Message: EventType mptelemetry, P1 0x80070002, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Computer Name: KELLY-CBA445F79 | ID: 3036 | Source: Windows Search Service | Type: Warning | Date: 24-7-11 15:31:1 | Log: Application
Message: The content source <c:\documents and settings\> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (0x80040d0d)
Computer Name: KELLY-CBA445F79 | ID: 1000 | Source: Application Error | Type: Error | Date: 24-7-11 14:47:20 | Log: Application
Message: Faulting application MsMpEng.exe, version 3.0.8402.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000128f7.
<<<< Last 5 System Errors or Warnings >>>>
Computer Name: KELLY-CBA445F79 | ID: 1003 | Source: System Error | Type: Error | Date: 24-7-11 16:5:12 | Log: System
Message: Error code 100000d1, parameter1 43f0ebe4, parameter2 00000005, parameter3 00000008, parameter4 43f0ebe4.
Computer Name: KELLY-CBA445F79 | ID: 7031 | Source: Service Control Manager | Type: Error | Date: 24-7-11 14:47:20 | Log: System
Message: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Computer Name: KELLY-CBA445F79 | ID: 5008 | Source: Microsoft Antimalware | Type: Error | Date: 24-7-11 14:47:17 | Log: System
Message: %%860 engine has been terminated due to an unexpected error.
Failure Type: %%830
Exception code: 0xc0000005
Resource: file:C:\Program Files\Lavalys\EVEREST Home Edition\Language\lang_lt.txt
Computer Name: KELLY-CBA445F79 | ID: 1003 | Source: System Error | Type: Error | Date: 24-7-11 13:55:33 | Log: System
Message: Error code 1000008e, parameter1 c0000005, parameter2 805b953d, parameter3 b81a6b78, parameter4 00000000.
Computer Name: KELLY-CBA445F79 | ID: 2004 | Source: Microsoft Antimalware | Type: Error | Date: 24-7-11 13:4:11 | Log: System
Message: %%860 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: %%825
Error Code: 0x8050a005
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Signature version: 1.109.181.0;1.109.181.0
Engine version: 1.1.7104.0
<<<< Special Events >>>>
There were no special events found
<<<< Ipconfig >>>>
Windows IP Configuration
Host Name . . . . . . . . . . . . : kelly-cba445f79
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-E0-4D-AC-DE-AA
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.1.10.194
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.10.1
DHCP Server . . . . . . . . . . . : 10.1.10.1
DNS Servers . . . . . . . . . . . : 10.1.10.1
Lease Obtained. . . . . . . . . . : Sunday, July 24, 2011 4:00:24 PM
Lease Expires . . . . . . . . . . : Sunday, July 31, 2011 4:00:24 PM
<<<< Pinging >>>>
OpenDNS Domain Test
Pinging to www.opendns.com [208.69.38.150]:
Response - 62ms
Response - 62ms
Response - 62ms
Response - 62msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 62ms - Maximum = 62ms
OpenDNS IP Test
Pinging to 208.69.38.150 [208.69.38.150]:
Response - 46ms
Response - 62ms
Response - 62ms
Response - 62msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 46ms - Maximum = 62ms
Kaspersky Domain Test
Pinging to www.kaspersky.com [195.27.252.18]:
Response - 141ms
Response - 125ms
Response - 125ms
Response - 125msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 125ms - Maximum = 141ms
Kaspersky IP Test
Pinging to 195.27.181.10 [195.27.181.10]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms
YouTube Domain Test
Pinging to www.youtube.com [74.125.67.190]:
Response - 31ms
Response - 30ms
Response - 32ms
Response - 30msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 30ms - Maximum = 32ms
YouTube IP Test
Pinging to 66.102.9.136 [66.102.9.136]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms
localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:
Response - 0ms
Response - 0ms
Response - 0ms
Response - 0msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms
<<<< Netstat >>>>
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 984
c:\windows1\system32\WS2_32.dll
C:\WINDOWS1\system32\RPCRT4.dll
c:\windows1\system32\rpcss.dll
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\ADVAPI32.dll
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]
TCP 10.1.10.194:139 0.0.0.0:0 LISTENING 4
[System]
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 1144
[alg.exe]
TCP 10.1.10.194:1084 66.220.145.45:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1096 74.125.47.141:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1101 74.125.67.167:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1102 74.125.67.118:443 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1103 209.85.157.154:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1104 209.85.157.154:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1105 74.125.47.100:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1106 74.125.67.167:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1110 184.84.220.27:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1111 96.17.75.42:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1112 96.17.147.48:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1113 74.125.47.100:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1119 66.220.158.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1120 96.17.75.91:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1121 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1122 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1123 96.17.75.91:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1124 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1125 184.86.50.110:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1126 184.86.51.206:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1127 184.86.51.206:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1128 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1129 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1130 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1108 184.73.185.71:80 CLOSE_WAIT 3736
[iexplore.exe]
TCP 10.1.10.194:1114 69.163.167.204:80 CLOSE_WAIT 3736
[iexplore.exe]
TCP 10.1.10.194:1115 69.163.234.194:80 CLOSE_WAIT 3736
[iexplore.exe]
TCP 10.1.10.194:1053 66.220.158.32:443 TIME_WAIT 0
TCP 10.1.10.194:1085 66.220.158.32:443 TIME_WAIT 0
TCP 10.1.10.194:1118 69.163.234.194:80 TIME_WAIT 0
UDP 0.0.0.0:500 *:* 744
[lsass.exe]
UDP 0.0.0.0:445 *:* 4
[System]
UDP 0.0.0.0:4500 *:* 744
[lsass.exe]
UDP 10.1.10.194:123 *:* 1116
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]
UDP 10.1.10.194:138 *:* 4
[System]
UDP 10.1.10.194:137 *:* 4
[System]
UDP 10.1.10.194:1900 *:* 1316
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\ssdpsrv.dll
C:\WINDOWS1\system32\ADVAPI32.dll
C:\WINDOWS1\system32\kernel32.dll
[svchost.exe]
UDP 127.0.0.1:1042 *:* 3788
[iexplore.exe]
UDP 127.0.0.1:123 *:* 1116
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\w32time.dll
ntdll.dll
C:\WINDOWS1\system32\kernel32.dll
[svchost.exe]
UDP 127.0.0.1:1041 *:* 3736
[iexplore.exe]
UDP 127.0.0.1:1040 *:* 3844
[iexplore.exe]
UDP 127.0.0.1:1900 *:* 1316
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\ssdpsrv.dll
C:\WINDOWS1\system32\ADVAPI32.dll
C:\WINDOWS1\system32\kernel32.dll
[svchost.exe]
<<<< Routing Table >>>>
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 e0 4d ac de aa ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.194 20
10.1.10.0 255.255.255.0 10.1.10.194 10.1.10.194 20
10.1.10.194 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.10.194 10.1.10.194 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.10.194 10.1.10.194 20
255.255.255.255 255.255.255.255 10.1.10.194 10.1.10.194 1
Default Gateway: 10.1.10.1
===========================================================================
Persistent Routes:
None
Route Table
<<<< Hosts File >>>>
The HOSTS file is 27 Bytes in size.
There were 0 lines which refer to an external IP address.
<<<< Active Shares >>>>
Share: IPC$ - Path:
Share: D$ - Path: D:\
Share: ADMIN$ - Path: C:\WINDOWS1
Share: C$ - Path: C:\
------ End of File ------
System Investigator by Olrik
Log Created On: 1608_24-07-2011
SINO Version: 3.1.0.0
Total RAM: 3326 MB | Free RAM: 2743 MB | Pagefile Size: 5210 MB
C: | 181746 MB out of 238472 MB Free | Local Fixed Disk
D: | 53402 MB out of 78159 MB Free | Local Fixed Disk
E: | None | CD-ROM Disc
<<<< System Information >>>>
Computer Name: KELLY-CBA445F79
Username: Klown
Language Setting: ENU
Windows Directory: C:\WINDOWS1
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
<<<< Tasklist >>>>
[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOWS1\System32\smss.exe] - Process ID: 608
[csrss.exe] - Process ID: 656
[C:\WINDOWS1\system32\winlogon.exe] - Process ID: 680
[C:\WINDOWS1\system32\services.exe] - Process ID: 724
[C:\WINDOWS1\system32\lsass.exe] - Process ID: 744
[C:\WINDOWS1\system32\svchost.exe] - Process ID: 916
[svchost.exe] - Process ID: 984
[c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe] - Process ID: 1080
[C:\WINDOWS1\System32\svchost.exe] - Process ID: 1116
[svchost.exe] - Process ID: 1224
[svchost.exe] - Process ID: 1316
[C:\WINDOWS1\system32\spoolsv.exe] - Process ID: 1516
[svchost.exe] - Process ID: 1628
[C:\WINDOWS1\system32\SearchIndexer.exe] - Process ID: 1824
[alg.exe] - Process ID: 1144
[C:\WINDOWS1\Explorer.EXE] - Process ID: 2536
[C:\Program Files\Microsoft Security Client\msseces.exe] - Process ID: 2804
[C:\WINDOWS1\system32\VTTimer.exe] - Process ID: 2908
[C:\WINDOWS1\system32\ctfmon.exe] - Process ID: 2996
[C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] - Process ID: 3012
[C:\Program Files\Innovative Solutions\DriverMax\devices.exe] - Process ID: 3136
[C:\Program Files\Windows Desktop Search\WindowsSearch.exe] - Process ID: 3240
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3272
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3736
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3788
[C:\Program Files\Internet Explorer\iexplore.exe] - Process ID: 3844
[searchfilterhost.exe] - Process ID: 2520
[C:\WINDOWS1\system32\SearchProtocolHost.exe] - Process ID: 2672
[C:\DOCUME~1\KLOWN~1.KEL\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 2936
[wmiprvse.exe] - Process ID: 3092
<<<< Startup Items >>>>
[Windows Search.lnk] - <Common Startup> - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[Adobe ARM] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[MSC] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
[VTTimer] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - VTTimer.exe
[S3Trayp] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - S3trayp.exe
[ctfmon.exe] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - C:\WINDOWS1\system32\ctfmon.exe
[swg] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[DriverMax] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
[DriverMax_RESTART] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
<<<< MS Services >>>>
Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\alg.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
CryptSvc (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Logical Disk Manager (dmserver) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k NetworkService
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\services.exe
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Automatic Updates (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Computer Browser (Browser) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\dmadmin.exe /com
Wired AutoConfig (Dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k dot3svc
Extensible Authentication Protocol Service (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k eapsvcs
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
Human Interface Device Access (HidServ) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Health Key and Certificate Management Service (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k HTTPFilter
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "c:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\imapi.exe
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\msdtc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\WINDOWS1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\locator.exe
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\SCardSvr.exe
Windows Image Acquisition (WIA) (stisvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k imgsvc
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\dllhost.exe /Processid:{D3A1C429-8F3B-45CB-A5EA-6E1D0440E5D1}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\smlogsvc.exe
Telnet (TlntSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\tlntsvr.exe
Universal Plug and Play Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k LocalService
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\vssvc.exe
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
Windows Management Instrumentation Driver Extensions (Wmi) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\wbem\wmiapsrv.exe
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k WudfServiceGroup
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\System32\svchost.exe -k netsvcs
<<<< Non-MS Services >>>>
Microsoft Antimalware Service (MsMpSvc) - Running [Auto | Stoppable | Not_Pausable] - "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
Windows Search (WSearch) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS1\system32\SearchIndexer.exe /Embedding
Google Update Service (gupdate) (gupdate) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
Google Update Service (gupdatem) (gupdatem) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
Google Software Updater (gusvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS1\system32\svchost.exe -k WINRM
<<<< Boot.ini >>>>
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
<<<< Last 5 Application Errors or Warnings >>>>
Computer Name: KELLY-CBA445F79 | ID: 1004 | Source: Application Error | Type: Error | Date: 24-7-11 16:4:46 | Log: Application
Message: Faulting application MsMpEng.exe, version 3.0.8402.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000128f7.
Computer Name: KELLY-CBA445F79 | ID: 3036 | Source: Windows Search Service | Type: Warning | Date: 24-7-11 16:0:38 | Log: Application
Message: The content source <c:\documents and settings\> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (0x80040d0d)
Computer Name: KELLY-CBA445F79 | ID: 5000 | Source: MPSampleSubmission | Type: Error | Date: 24-7-11 16:0:25 | Log: Application
Message: EventType mptelemetry, P1 0x80070002, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Computer Name: KELLY-CBA445F79 | ID: 3036 | Source: Windows Search Service | Type: Warning | Date: 24-7-11 15:31:1 | Log: Application
Message: The content source <c:\documents and settings\> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (0x80040d0d)
Computer Name: KELLY-CBA445F79 | ID: 1000 | Source: Application Error | Type: Error | Date: 24-7-11 14:47:20 | Log: Application
Message: Faulting application MsMpEng.exe, version 3.0.8402.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000128f7.
<<<< Last 5 System Errors or Warnings >>>>
Computer Name: KELLY-CBA445F79 | ID: 1003 | Source: System Error | Type: Error | Date: 24-7-11 16:5:12 | Log: System
Message: Error code 100000d1, parameter1 43f0ebe4, parameter2 00000005, parameter3 00000008, parameter4 43f0ebe4.
Computer Name: KELLY-CBA445F79 | ID: 7031 | Source: Service Control Manager | Type: Error | Date: 24-7-11 14:47:20 | Log: System
Message: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Computer Name: KELLY-CBA445F79 | ID: 5008 | Source: Microsoft Antimalware | Type: Error | Date: 24-7-11 14:47:17 | Log: System
Message: %%860 engine has been terminated due to an unexpected error.
Failure Type: %%830
Exception code: 0xc0000005
Resource: file:C:\Program Files\Lavalys\EVEREST Home Edition\Language\lang_lt.txt
Computer Name: KELLY-CBA445F79 | ID: 1003 | Source: System Error | Type: Error | Date: 24-7-11 13:55:33 | Log: System
Message: Error code 1000008e, parameter1 c0000005, parameter2 805b953d, parameter3 b81a6b78, parameter4 00000000.
Computer Name: KELLY-CBA445F79 | ID: 2004 | Source: Microsoft Antimalware | Type: Error | Date: 24-7-11 13:4:11 | Log: System
Message: %%860 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: %%825
Error Code: 0x8050a005
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Signature version: 1.109.181.0;1.109.181.0
Engine version: 1.1.7104.0
<<<< Special Events >>>>
There were no special events found
<<<< Ipconfig >>>>
Windows IP Configuration
Host Name . . . . . . . . . . . . : kelly-cba445f79
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-E0-4D-AC-DE-AA
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.1.10.194
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.10.1
DHCP Server . . . . . . . . . . . : 10.1.10.1
DNS Servers . . . . . . . . . . . : 10.1.10.1
Lease Obtained. . . . . . . . . . : Sunday, July 24, 2011 4:00:24 PM
Lease Expires . . . . . . . . . . : Sunday, July 31, 2011 4:00:24 PM
<<<< Pinging >>>>
OpenDNS Domain Test
Pinging to www.opendns.com [208.69.38.150]:
Response - 62ms
Response - 62ms
Response - 62ms
Response - 62msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 62ms - Maximum = 62ms
OpenDNS IP Test
Pinging to 208.69.38.150 [208.69.38.150]:
Response - 46ms
Response - 62ms
Response - 62ms
Response - 62msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 46ms - Maximum = 62ms
Kaspersky Domain Test
Pinging to www.kaspersky.com [195.27.252.18]:
Response - 141ms
Response - 125ms
Response - 125ms
Response - 125msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 125ms - Maximum = 141ms
Kaspersky IP Test
Pinging to 195.27.181.10 [195.27.181.10]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms
YouTube Domain Test
Pinging to www.youtube.com [74.125.67.190]:
Response - 31ms
Response - 30ms
Response - 32ms
Response - 30msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 30ms - Maximum = 32ms
YouTube IP Test
Pinging to 66.102.9.136 [66.102.9.136]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms
localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:
Response - 0ms
Response - 0ms
Response - 0ms
Response - 0msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms
<<<< Netstat >>>>
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 984
c:\windows1\system32\WS2_32.dll
C:\WINDOWS1\system32\RPCRT4.dll
c:\windows1\system32\rpcss.dll
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\ADVAPI32.dll
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]
TCP 10.1.10.194:139 0.0.0.0:0 LISTENING 4
[System]
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 1144
[alg.exe]
TCP 10.1.10.194:1084 66.220.145.45:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1096 74.125.47.141:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1101 74.125.67.167:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1102 74.125.67.118:443 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1103 209.85.157.154:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1104 209.85.157.154:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1105 74.125.47.100:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1106 74.125.67.167:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1110 184.84.220.27:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1111 96.17.75.42:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1112 96.17.147.48:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1113 74.125.47.100:80 ESTABLISHED 3736
[iexplore.exe]
TCP 10.1.10.194:1119 66.220.158.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1120 96.17.75.91:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1121 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1122 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1123 96.17.75.91:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1124 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1125 184.86.50.110:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1126 184.86.51.206:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1127 184.86.51.206:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1128 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1129 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1130 184.51.207.32:443 ESTABLISHED 3788
[iexplore.exe]
TCP 10.1.10.194:1108 184.73.185.71:80 CLOSE_WAIT 3736
[iexplore.exe]
TCP 10.1.10.194:1114 69.163.167.204:80 CLOSE_WAIT 3736
[iexplore.exe]
TCP 10.1.10.194:1115 69.163.234.194:80 CLOSE_WAIT 3736
[iexplore.exe]
TCP 10.1.10.194:1053 66.220.158.32:443 TIME_WAIT 0
TCP 10.1.10.194:1085 66.220.158.32:443 TIME_WAIT 0
TCP 10.1.10.194:1118 69.163.234.194:80 TIME_WAIT 0
UDP 0.0.0.0:500 *:* 744
[lsass.exe]
UDP 0.0.0.0:445 *:* 4
[System]
UDP 0.0.0.0:4500 *:* 744
[lsass.exe]
UDP 10.1.10.194:123 *:* 1116
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\w32time.dll
ntdll.dll
-- unknown component(s) --
[svchost.exe]
UDP 10.1.10.194:138 *:* 4
[System]
UDP 10.1.10.194:137 *:* 4
[System]
UDP 10.1.10.194:1900 *:* 1316
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\ssdpsrv.dll
C:\WINDOWS1\system32\ADVAPI32.dll
C:\WINDOWS1\system32\kernel32.dll
[svchost.exe]
UDP 127.0.0.1:1042 *:* 3788
[iexplore.exe]
UDP 127.0.0.1:123 *:* 1116
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\w32time.dll
ntdll.dll
C:\WINDOWS1\system32\kernel32.dll
[svchost.exe]
UDP 127.0.0.1:1041 *:* 3736
[iexplore.exe]
UDP 127.0.0.1:1040 *:* 3844
[iexplore.exe]
UDP 127.0.0.1:1900 *:* 1316
c:\windows1\system32\WS2_32.dll
c:\windows1\system32\ssdpsrv.dll
C:\WINDOWS1\system32\ADVAPI32.dll
C:\WINDOWS1\system32\kernel32.dll
[svchost.exe]
<<<< Routing Table >>>>
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 e0 4d ac de aa ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.194 20
10.1.10.0 255.255.255.0 10.1.10.194 10.1.10.194 20
10.1.10.194 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.10.194 10.1.10.194 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.10.194 10.1.10.194 20
255.255.255.255 255.255.255.255 10.1.10.194 10.1.10.194 1
Default Gateway: 10.1.10.1
===========================================================================
Persistent Routes:
None
Route Table
<<<< Hosts File >>>>
The HOSTS file is 27 Bytes in size.
There were 0 lines which refer to an external IP address.
<<<< Active Shares >>>>
Share: IPC$ - Path:
Share: D$ - Path: D:\
Share: ADMIN$ - Path: C:\WINDOWS1
Share: C$ - Path: C:\
------ End of File ------
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
