Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing Tidserv Activity 2 [Closed] [Solved]


  • This topic is locked This topic is locked

#16
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I am running ComboFix and it is saying I am "infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularily difficult infection. If for any reason that you're unable to connect to the internet after running ComboFix, reboot once and see it that fizes it. If it's not fixed, run ComboFix one more time." then it says "Rootkit is detected. be patient as this may take some moments." and then "ComboFix has detected the presence of rootkit activity and needs to reboot the machine" These are all notices I also received yesterday when I ran ComboFix.

I apologize if I am updating too much, I just want to let you know what is happening. Thanks again!!
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - it points me in the direction to go

Once combofix has rebooted the system see if you can connect

If not then do the following

Copy/paste the following into the run box and press enter after each line

netsh winsock reset catalog
netsh int ip reset resetlog.txt


Then retry
  • 0

#18
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Will do. After it rebooted, ComboFix is still running and is now currently at "Completed stage_50". Once it runs its course I will do as you proposed.
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK check first after the reboot to see if you can connect
  • 0

#20
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I'm sorry but I receive the same message. I have included the lates ComboFix log below.

ComboFix 12-01-02.01 - Show User 01/03/2012 15:47:19.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.657 [GMT -6:00]
Running from: c:\documents and settings\Show User\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-02 19:16 . 2012-01-02 19:16 -------- d-----w- C:\_OTL
2012-01-02 05:19 . 2012-01-02 05:19 -------- d-----w- c:\documents and settings\Show User\Application Data\Malwarebytes
2012-01-02 05:19 . 2012-01-02 05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 05:19 . 2012-01-02 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-02 04:57 . 2012-01-02 04:57 -------- d-----w- c:\documents and settings\Show User\Application Data\FixTDSS
2012-01-02 04:57 . 2012-01-02 05:02 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-01-02 04:54 . 2012-01-02 05:17 -------- d-----w- c:\program files\My Ware
2012-01-02 04:54 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 02:06 . 2012-01-02 02:06 -------- d-----w- c:\documents and settings\Show User\Application Data\FixZeroAccess
2012-01-01 22:35 . 2012-01-02 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-01 01:25 . 2012-01-01 01:25 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-01 01:25 . 2012-01-01 01:25 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-01 01:24 . 2012-01-01 01:24 -------- d-----w- c:\windows\system32\drivers\NIS
2012-01-01 01:24 . 2012-01-01 01:24 -------- d-----w- c:\program files\Norton Internet Security
2012-01-01 01:24 . 2012-01-01 01:24 -------- d-----w- c:\program files\Windows Sidebar
2012-01-01 01:22 . 2012-01-01 01:22 -------- d-----w- c:\program files\NortonInstaller
2012-01-01 01:07 . 2012-01-01 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-12-27 06:28 . 2011-12-27 06:28 -------- d-----w- c:\program files\MTA
2011-12-27 06:28 . 2011-12-27 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivitar
2011-12-25 18:45 . 2011-12-25 19:28 -------- d-----w- c:\documents and settings\Show User\Local Settings\Application Data\Vivitar Experience Image Manager
2011-12-25 18:45 . 2011-12-27 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivitar Experience Image Manager
2011-12-25 18:44 . 2005-12-15 23:34 135168 ----a-w- c:\windows\system32\jl_jdct.drv
2011-12-25 18:44 . 2011-12-27 06:28 -------- d-----w- c:\program files\V25
2011-12-25 18:44 . 2009-05-25 22:01 69098 ----a-w- c:\windows\system32\drivers\jl2005c.sys
2011-12-25 18:44 . 2005-08-10 16:44 15360 ----a-w- c:\windows\system32\jl2005c.ax
2011-12-25 18:44 . 2011-12-25 18:44 -------- d-----w- c:\program files\Haali
2011-12-18 01:36 . 2011-12-24 06:49 -------- d-----w- C:\My Documents
2011-12-11 00:06 . 2011-12-11 00:06 -------- d-----w- c:\documents and settings\Maria!!\Local Settings\Application Data\Yahoo
2011-12-11 00:05 . 2011-12-11 00:05 -------- d-----w- c:\documents and settings\Maria!!\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2005-01-07 18:03 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2005-01-07 18:03 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2010-01-06 01:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2005-01-07 18:03 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2005-01-07 18:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2005-01-07 18:02 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2005-01-07 18:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2005-01-07 18:03 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2005-01-07 18:03 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-01-07 20:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( [email protected]_22.40.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-03 21:46 . 2012-01-03 21:46 16384 c:\windows\Temp\Perflib_Perfdata_e0.dat
+ 2011-12-27 06:26 . 2012-01-03 20:15 15292 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-25 126976]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-08-11 258048]
"TosRotation"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2004-12-14 266240]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 135168]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-22 126976]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 73728]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-12-14 340032]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-01-18 126976]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2004-12-07 81920]
"TMESBS.EXE"="c:\program files\TOSHIBA\TME3\TMESBS32.EXE" [2003-08-01 86016]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2004-11-03 147456]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-07 98304]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-28 110592]
"TPSMain"="TPSMain.exe" [2004-12-28 270336]
"TFNF5"="TFNF5.exe" [2004-06-28 73728]
"TFncKy"="TFncKy.exe" [BU]
"000StTHK"="000StTHK.exe" [2001-06-24 24576]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2005-01-07 798720]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-1-7 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 13:41 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevice]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 11:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 13:42 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [1/8/2011 2:39 PM 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [1/8/2011 2:39 PM 5248]
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [1/1/2012 10:57 PM 26872]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SymDS.sys [12/31/2011 7:24 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SymEFA.sys [12/31/2011 7:24 PM 744568]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 1:31 AM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [1/7/2005 4:25 PM 6144]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [12/21/2011 10:50 PM 819320]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.sys [12/31/2011 7:24 PM 136312]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [1/26/2005 5:06 PM 5888]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [12/31/2011 7:24 PM 130008]
R2 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\tmesbs32.exe [1/26/2005 5:06 PM 86016]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [1/26/2005 5:06 PM 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/31/2011 7:49 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111228.001\IDSXpx86.sys [12/28/2011 6:35 PM 356280]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [1/7/2005 3:47 PM 8832]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [1/7/2005 6:30 AM 14208]
S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [1/7/2005 12:03 PM 14336]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [3/8/2010 7:12 PM 30576]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [1/21/2005 1:18 PM 409984]
S3 TMicAry;Toshiba Audio Effect with MicArray;c:\windows\system32\drivers\TMicAry.sys [1/21/2005 1:18 PM 138240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-10-31 23:43 124928 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.midwestdrafting.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-03 15:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2012-01-03 16:01:48
ComboFix-quarantined-files.txt 2012-01-03 22:01
ComboFix2.txt 2012-01-02 22:46
.
Pre-Run: 43,578,241,024 bytes free
Post-Run: 43,587,584,000 bytes free
.
- - End Of File - - 6212888CE96357A08801AF141548EB41
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run those two commands please and retry

If that fails then run Farbar... I will post the instructions again

run farbar service scanner

Posted Image
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#22
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
should i run farbar service scanner?
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye once you have tried the two commands
  • 0

#24
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
ran the 2 commands and no luck. Here is the log for farbar:

Farbar Service Scanner
Ran by Show User (administrator) on 03-01-2012 at 16:21:33
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2005-01-07 12:02] - [2011-08-17 07:49] - 0138496 ____A () 8E1525B090D8CB5427042AB21202196C

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(12) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(9) SYMTDI(8) Tcpip(3)
0x0C0000000400000001000000020000000300000008000000050000000600000007000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Bear with me on this one, as this appears to be a new twist to the malware. I am running a similar one to this

Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again

If it fails

Please copy all in the below quote box:


@echo off
echo Please post back the %SystemDrive%\MyNICDetails.txt on your next reply
echo.
echo CheckMyNIC by AdvancedSetup >%SystemDrive%\MyNICDetails.txt
echo ... >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex dhcp >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex TCPIP >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Afd >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBT >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex NetBIOS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Lmhosts >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Dnscache >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex PolicyAgent >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex Nla >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex lanmanserver >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex IPSEC >>%SystemDrive%\MyNICDetails.txt
cmd /c sc qc RPCSS >>%SystemDrive%\MyNICDetails.txt
cmd /c sc queryex RPCSS >>%SystemDrive%\MyNICDetails.txt
pause

Save in Notepad as "MyNICDetails.bat" with the quote marks.
Save as type All Files to Desktop.
Once saved transfer to the infected computer's Desktop.
Click the file and post back the text file it produces please.

The text file will be located here: C:\MyNICDetails.txt
  • 0

Advertisements


#26
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
DNS CLient was already set to Automatic but I reset it anyways... ditto for DHCP CLient.... as for Remote Procedure Call (RPC), it was set to automatic but was grayed out as well as the start and stop buttons. Remote Procedure Call (RPC) Locator was set to manual and stopped ( I did't modify that, just wanted to note it). Below it the log for MyNICDetails:


CheckMyNIC by AdvancedSetup
...
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1264
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\tcpip.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 3
DISPLAY_NAME : TCP/IP Protocol Driver
DEPENDENCIES : IPSec
SERVICE_START_NAME :

SERVICE_NAME: TCPIP
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\System32\drivers\afd.sys
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : AFD
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: Afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbt.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 5
DISPLAY_NAME : NetBios over Tcpip
DEPENDENCIES : Tcpip
SERVICE_START_NAME :

SERVICE_NAME: NetBT
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\netbios.sys
LOAD_ORDER_GROUP : NetBIOSGroup
TAG : 1
DISPLAY_NAME : NetBIOS Interface
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: NetBIOS
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Lmhosts
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1700
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: Dnscache
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 524
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 10050 (0x2742)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1264
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1264
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
START_TYPE : 1 SYSTEM_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\ipsec.sys
LOAD_ORDER_GROUP : PNP_TDI
TAG : 4
DISPLAY_NAME : IPSEC driver
DEPENDENCIES :
SERVICE_START_NAME :

SERVICE_NAME: IPSEC
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: RPCSS
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1212
FLAGS :
  • 0

#27
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Do I need to set my browser LAN settings to "Automatically Detect Settings"?
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please - I would also like to check out the TCPIP file


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    Tcpip.*
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, there will be just one log

  • 0

#29
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
will do.
  • 0

#30
jaydog11

jaydog11

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
here is the latest OTl log...

OTL logfile created on: 1/4/2012 12:34:45 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Show User\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.86 Mb Total Physical Memory | 449.70 Mb Available Physical Memory | 44.66% Memory free
1.62 Gb Paging File | 1.20 Gb Available in Paging File | 73.93% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 40.62 Gb Free Space | 72.70% Space Free | Partition Type: NTFS
Drive E: | 489.72 Mb Total Space | 231.28 Mb Free Space | 47.23% Space Free | Partition Type: FAT

Computer Name: TR15-BACKUP | User Name: Show User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 10:46:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/18 16:18:40 | 000,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe
PRC - [2005/01/06 19:37:56 | 000,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
PRC - [2004/12/27 21:32:02 | 000,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSODDCtl.exe
PRC - [2004/12/27 21:31:38 | 000,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2004/12/13 21:25:28 | 000,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
PRC - [2004/12/06 23:54:28 | 000,081,920 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
PRC - [2004/11/30 23:26:34 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2004/11/12 19:57:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2004/11/03 13:12:26 | 000,147,456 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2004/10/15 12:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 12:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 12:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/15 17:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/08/10 19:21:38 | 000,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2004/06/28 12:16:34 | 000,073,728 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2004/02/24 17:57:32 | 000,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMETEMnu.exe
PRC - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\tmesbs32.exe
PRC - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 13:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2003/01/21 20:00:06 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 16:54:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/12 16:53:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/12 16:49:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/12 16:48:46 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/12 16:46:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/12 16:34:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 16:33:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/01/04 20:25:16 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2010/01/04 20:17:50 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll
MOD - [2010/01/04 20:17:50 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2010/01/04 20:17:49 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2005/01/07 14:36:16 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2004/10/15 12:23:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
MOD - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NecUsb)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2006/09/02 18:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/01/18 16:18:40 | 000,126,976 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2004/12/25 03:51:02 | 000,172,032 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 16:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 15:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2012/01/01 23:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/12/31 19:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/30 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/30 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/30 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/30 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120102.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/28 18:35:30 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111228.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/17 07:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 18:39:49 | 000,369,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/03/01 21:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/25 16:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/01/08 02:11:42 | 000,029,184 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/01/07 17:42:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/28 01:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/30 18:04:16 | 000,409,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/11/13 14:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2004/10/29 20:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/15 12:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/09 12:49:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2004/08/23 13:20:06 | 000,158,720 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/07/22 16:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 22:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2004/02/04 12:27:28 | 000,138,240 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMicAry.sys -- (TMicAry)
DRV - [2004/01/30 12:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 10:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/09/13 00:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-348162203-2603255770-593814586-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.midwestdrafting.com/
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-348162203-2603255770-593814586-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/12/31 22:26:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_4_3 [2012/01/04 12:31:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/02 16:39:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-348162203-2603255770-593814586-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TosRotation] C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-348162203-2603255770-593814586-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-348162203-2603255770-593814586-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-348162203-2603255770-593814586-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-348162203-2603255770-593814586-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-348162203-2603255770-593814586-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262802408948 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NecUsb3Sevice: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Show User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Show User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/07 14:39:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 16:01:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/02 15:55:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/02 15:55:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/02 15:55:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/02 15:55:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/02 15:55:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/02 15:55:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 15:53:39 | 004,360,898 | R--- | C] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 15:53:24 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 13:16:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 10:46:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/02 10:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Desktop\antivirus stuff
[2012/01/01 23:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\Malwarebytes
[2012/01/01 23:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/01 23:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/01 23:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/01 22:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 22:57:22 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 22:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\My ware
[2012/01/01 22:54:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/01 22:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\My Ware
[2012/01/01 20:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2012/01/01 16:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/01 03:40:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/01 03:11:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Show User\Recent
[2011/12/31 21:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\My Documents\Symantec
[2011/12/31 19:25:10 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 19:25:10 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 19:24:55 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.sys
[2011/12/31 19:24:55 | 000,369,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdi.sys
[2011/12/31 19:24:55 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.sys
[2011/12/31 19:24:55 | 000,331,384 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symtdiv.sys
[2011/12/31 19:24:55 | 000,296,568 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnets.sys
[2011/12/31 19:24:54 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.sys
[2011/12/31 19:24:54 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Ironx86.sys
[2011/12/31 19:24:54 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.sys
[2011/12/31 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/12/31 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1206000.01D
[2011/12/31 19:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/12/31 19:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/31 19:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/31 19:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/31 19:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/12/31 19:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Start Menu\Programs\Norton
[2011/12/31 19:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/31 19:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/12/27 00:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\MTA
[2011/12/25 12:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Show User\Local Settings\Application Data\Vivitar Experience Image Manager
[2011/12/25 12:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2011/12/25 12:44:35 | 000,135,168 | ---- | C] (JEILIN Tech.) -- C:\WINDOWS\System32\jl_jdct.drv
[2011/12/25 12:44:34 | 000,015,360 | ---- | C] (JEILIN Technology Corp.) -- C:\WINDOWS\System32\jl2005c.ax
[2011/12/25 12:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\V25
[2011/12/25 12:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2011/12/24 01:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/24 01:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/17 19:36:43 | 000,000,000 | ---D | C] -- C:\My Documents
[2011/01/08 14:39:55 | 000,158,720 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2011/01/08 14:39:55 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2005/01/07 15:30:07 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2005/01/07 15:30:07 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe

========== Files - Modified Within 30 Days ==========

[2012/01/04 12:31:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 12:31:15 | 1055,838,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 16:41:32 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 16:18:38 | 000,333,917 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 17:06:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/02 16:39:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/02 16:02:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/02 16:01:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/02 15:47:17 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Show User\Desktop\aswMBR.exe
[2012/01/02 15:38:11 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Show User\Desktop\ComboFix.exe
[2012/01/02 10:46:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Show User\Desktop\OTL.exe
[2012/01/01 23:02:57 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2012/01/01 16:39:57 | 001,193,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/01 03:29:04 | 000,439,186 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-220221.backup
[2011/12/31 19:25:36 | 001,193,892 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 19:25:10 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/31 19:25:10 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/31 19:25:10 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 19:25:10 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/31 14:47:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/24 12:12:38 | 000,103,733 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/12/15 07:30:02 | 000,446,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/15 07:30:02 | 000,073,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/14 14:21:16 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/03 16:43:45 | 000,001,571 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MyNICDetails.bat
[2012/01/03 16:20:00 | 000,333,917 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\FSS.exe
[2012/01/02 17:06:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Show User\Desktop\MBR.dat
[2012/01/02 16:01:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/02 16:01:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/02 15:55:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 15:55:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 15:55:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 15:55:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 15:55:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/01 23:04:34 | 1055,838,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/01 16:39:22 | 001,193,394 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/31 19:25:18 | 001,193,892 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/12/31 19:25:10 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/31 19:25:10 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/31 19:24:55 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.cat
[2011/12/31 19:24:29 | 000,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.inf
[2011/12/31 19:24:29 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymDS.inf
[2011/12/31 19:24:29 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNetV.inf
[2011/12/31 19:24:29 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.inf
[2011/12/31 19:24:29 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.inf
[2011/12/31 19:24:29 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.inf
[2011/12/31 19:24:29 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Iron.inf
[2011/12/31 19:24:26 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\symnetv.cat
[2011/12/31 19:24:26 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\iron.cat
[2011/12/31 19:24:26 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymNet.cat
[2011/12/31 19:24:26 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\SymEFA.cat
[2011/12/31 19:24:26 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtspx.cat
[2011/12/31 19:24:26 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\srtsp.cat
[2011/12/31 19:24:25 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/12/24 12:32:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 12:12:38 | 000,103,733 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/12/24 12:12:38 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/04/19 10:52:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\wb09d2se.INI
[2010/02/11 07:59:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 16:06:29 | 000,000,215 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/01/04 20:59:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/01/04 19:25:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/22 16:32:41 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\fusioncache.dat
[2005/02/16 13:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 13:09:45 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/21 13:05:14 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/01/21 13:05:14 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/01/07 17:52:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/01/07 17:52:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/01/07 17:52:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/01/07 17:52:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/01/07 17:52:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/01/07 17:40:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/07 16:26:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/01/07 15:58:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/01/07 15:58:08 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/01/07 15:42:54 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/01/07 15:42:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/01/07 15:42:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/01/07 15:42:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/01/07 15:41:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/01/07 15:30:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2005/01/07 14:46:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/07 14:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/07 14:35:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/07 14:33:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/01/07 12:06:50 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/07 12:03:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/07 12:03:38 | 000,446,424 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/07 12:03:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/07 12:03:38 | 000,073,464 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/07 12:03:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/07 12:03:36 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/07 12:03:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/07 12:03:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/07 12:03:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/07 12:03:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/07 12:03:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/07 12:03:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/07 12:02:52 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2005/01/07 06:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/07 06:27:42 | 000,223,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/08 23:01:05 | 000,000,024 | -HS- | C] () -- C:\Documents and Settings\Show User\Local Settings\Application Data\TabletPlanner.tb4

========== LOP Check ==========

[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2010/01/04 19:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/10/02 19:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AliasWavefront
[2010/01/04 19:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/14 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Software MacKiev
[2005/01/07 17:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2011/12/27 00:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\toshiba
[2011/05/28 15:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Isabel\Application Data\WB09D2SE
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\InterVideo
[2011/09/01 17:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Software MacKiev
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\toshiba
[2011/05/09 13:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\WB09D2SE
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria!!\Application Data\toshiba
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\InterVideo
[2011/04/14 11:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Software MacKiev
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\toshiba
[2011/04/14 11:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WB09D2SE
[2012/01/01 22:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixTDSS
[2012/01/01 20:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\InterVideo
[2010/01/07 22:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Show User\Application Data\toshiba
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba User\Application Data\toshiba
[2005/01/07 17:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterTrust
[2005/01/10 15:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2005/01/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\toshiba

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: TCPIP.CHM >
[2004/08/04 06:00:00 | 000,050,586 | ---- | M] () MD5=24FC18A9ED0AA561C5F5DC295F9AA9F2 -- C:\WINDOWS\Help\tcpip.chm

< MD5 for: TCPIP.REG >
[2012/01/03 15:54:45 | 000,010,125 | ---- | M] () MD5=4BCB12F0701F3444F8043447D566E382 -- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

< MD5 for: TCPIP.SY_ >
[2004/08/04 06:00:00 | 000,175,712 | ---- | M] () MD5=71669FDFAB7BCB8C9182E07BF6464927 -- C:\WINDOWS\I386\TCPIP.SY_

< MD5 for: TCPIP.SYS >
[2005/05/25 13:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2005/05/25 13:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/04/14 02:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/14 02:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Documents and Settings\Show User\Application Data\FixTDSS\Archive\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\Documents and Settings\Show User\Application Data\FixZeroAccess\Archive\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/04 06:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 05:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 02:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D8E192A-F041-4DD0-8A5C-CC97778BB461}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F3F485D-E64D-46DC-AC44-63BFEB98F9BC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8CC3B895-CBCC-4007-8B3A-5DAA967BE707}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{948DDF37-EC52-4D3F-A3EB-25C081EE8FA7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{95F9A266-E7C2-4B51-BB4F-C774F18B4ABA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DD066170-CAB7-4FCE-B235-83458B8580ED}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ED78B5F7-C5AD-4C2A-99A1-D946C9E15D6C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F5375A63-3D52-4422-8F39-FDC2F274E2E5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 02:26:04 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 06 01 05 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 06:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD /s >
"DisplayName" = AFD
"Description" = AFD Networking Support Environment
"Group" = TDI
"ImagePath" = \SystemRoot\System32\drivers\afd.sys
"Start" = 1
"Type" = 1
"ErrorControl" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD\Enum]
"0" = Root\LEGACY_AFD\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 3
"ImagePath" = system32\DRIVERS\tcpip.sys -- [2008/06/20 05:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation)
"DisplayName" = TCP/IP Protocol Driver
"Group" = PNP_TDI
"DependOnService" = IPSec [binary data]
"DependOnGroup" = [binary data]
"Description" = TCP/IP Protocol Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Linkage]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"NV Hostname" = TR15-Backup
"DataBasePath" = %SystemRoot%\System32\drivers\etc -- [2012/01/02 16:39:37 | 000,000,000 | ---D | M]
"ForwardBroadcasts" = 0
"IPEnableRouter" = 0
"Domain" =
"Hostname" = TR15-Backup
"DeadGWDetectDefault" = 1
"NameServer" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface" = WANARP
"IpConfig" = [Binary data over 100 bytes]
"NumInterfaces" = 2
"IpInterfaces" = 63 5A 37 F5 52 3D 22 44 8F 39 FD C2 F2 74 E2 E5 37 DF 8D 94 52 EC 3F 4D A3 EB 25 C0 81 EE 8F A7 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{3D8E192A-F041-4DD0-8A5C-CC97778BB461}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{3F3F485D-E64D-46DC-AC44-63BFEB98F9BC}]
"LLInterface" = ARP1394
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{8CC3B895-CBCC-4007-8B3A-5DAA967BE707}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{95F9A266-E7C2-4B51-BB4F-C774F18B4ABA}]
"LLInterface" = ARP1394
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{DD066170-CAB7-4FCE-B235-83458B8580ED}]
"LLInterface" = ARP1394
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters\{ED78B5F7-C5AD-4C2A-99A1-D946C9E15D6C}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DNSRegisteredAdapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3D8E192A-F041-4DD0-8A5C-CC97778BB461}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000003 [binary data]
"DhcpClassIdBin" = [Binary data over 100 bytes]
"DhcpServer" = 255.255.255.255
"Lease" = 0
"LeaseObtainedTime" = 1325702777
"T1" = 1325702777
"T2" = 1325702777
"LeaseTerminatesTime" = 2147483647
"AddressType" = 1
"IsServerNapAware" = 0
"DisableDynamicUpdate" = 0
"IPAutoconfigurationAddress" = 169.254.149.51
"IPAutoconfigurationMask" = 255.255.0.0
"IPAutoconfigurationSeed" = -1827163509
"DhcpIPAddress" = 169.254.149.51
"DhcpSubnetMask" = 255.255.0.0
"DhcpRetryTime" = 321
"DhcpRetryStatus" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3F3F485D-E64D-46DC-AC44-63BFEB98F9BC}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8CC3B895-CBCC-4007-8B3A-5DAA967BE707}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000004 [binary data]
"DhcpClassIdBin" = [Binary data over 100 bytes]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{948DDF37-EC52-4D3F-A3EB-25C081EE8FA7}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{95F9A266-E7C2-4B51-BB4F-C774F18B4ABA}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DD066170-CAB7-4FCE-B235-83458B8580ED}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ED78B5F7-C5AD-4C2A-99A1-D946C9E15D6C}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000002 [binary data]
"DhcpClassIdBin" = [Binary data over 100 bytes]
"DhcpIPAddress" = 169.254.167.163
"DhcpSubnetMask" = 255.255.0.0
"DhcpServer" = 255.255.255.255
"Lease" = 0
"LeaseObtainedTime" = 1325629520
"T1" = 1325629520
"T2" = 1325629520
"LeaseTerminatesTime" = 2147483647
"AddressType" = 1
"IsServerNapAware" = 0
"DisableDynamicUpdate" = 0
"IPAutoconfigurationAddress" = 169.254.167.163
"IPAutoconfigurationMask" = 255.255.0.0
"IPAutoconfigurationSeed" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{F5375A63-3D52-4422-8F39-FDC2F274E2E5}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\PersistentRoutes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance" = 0
"HelperDllName" = %SystemRoot%\System32\wshtcpip.dll -- [2008/04/14 07:42:12 | 000,019,456 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 16
"MinSockAddrLength" = 16
"Mapping" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Performance]
"Close" = CloseTcpIpPerformanceData
"Collect" = CollectTcpIpPerformanceData
"Library" = Perfctrs.dll -- [2008/04/14 07:42:04 | 000,039,936 | ---- | M] (Microsoft Corporation)
"Open" = OpenTcpIpPerformanceData
"Object List" = 502 510 546 582 638 658
"WbemAdapFileSignature" = DB E2 B6 23 53 66 0E CC A0 D7 5E A3 07 A7 17 E9 [binary data]
"WbemAdapFileTime" = 20 F5 71 36 E3 F4 C4 01 [binary data]
"WbemAdapFileSize" = 39936
"WbemAdapStatus" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\ServiceProvider]
"Class" = 8
"DnsPriority" = 2000
"HostsPriority" = 500
"LocalPriority" = 499
"ProviderPath" = %SystemRoot%\System32\wsock32.dll -- [2008/04/14 07:42:12 | 000,022,528 | ---- | M] (Microsoft Corporation)
"NetbtPriority" = 2001
"Name" = TCP/IP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Enum]
"0" = Root\LEGACY_TCPIP\0000
"Count" = 1
"NextInstance" = 1

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP