Jump to content

Recommended Posts

I'm new to this forum and this is my first post. so please forgive me if i'm posting my q at a wrong place.

i found that in my home computer taskmanager a service called exproler.exe (more than one instance) was flashing. yesterday i scanned my computer with Malwarebytes. this problem got solved not my taskmanager appears clean.

i had kaspersky installed but its license got expires so i scanned with malwarebytes after exiting kaspersky.

but since then i'm not able to connect to internet. i'm running windows xp sp3. i read few threads in tried to fix it but no success.

also, i'm getting error 2 while starting my windows firewall service.

checked devicemanager and found exclamation marks against some devices, but not against network adopter, and tried to fix them. but they are not getting fixed.

i'm currently accessing internet from office so i'll get the logs of the scan and post them here in my lunch break.

please inform me what programs should i run, so that i can download them now, coz i don't have internet access at my home...

Link to post
Share on other sites

guys i tried to fix the problem with devicemanager and had some success..

i scanned the services using Farbar Service Scanner and the log has been posted bellow.. now the only problem i'm facing is internet connectivity.. and windows firewall.. please help..

Farbar Service Scanner Version: 30-01-2013

Ran by Chinna (administrator) on 05-02-2013 at 13:37:02

Running from "D:\"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of Tcpip. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of Tcpip. The value does not exist.

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

There is no connection to network.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

Srservice Service is not running. Checking service configuration:

The start type of Srservice service is OK.

The ImagePath of Srservice service is OK.

The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:

The start type of sr service is set to Disabled. The default start type is Boot.

The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:

========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR"=DWORD:1

Security Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2009-12-25 10:59] - [2009-06-04 18:05] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe

[2009-06-04 18:02] - [2009-06-04 18:02] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7)

0x0A00000008000000080000000500000001000000020000000300000004000000060000000700000009000000

**** End of log ****

Link to post
Share on other sites

You have missing file tcpip.sys, do the following:

download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    tcpip.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

here is the log

SystemLook 30.07.11 by jpshortstuff

Log created at 18:17 on 05/02/2013 by Chinna

Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"

C:\WINDOWS\system32\dllcache\tcpip.sys -----c- 361600 bytes [03:39 27/04/2011] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E

-= EOF =-

what next??

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    C:\WINDOWS\system32\Drivers\tcpip.sys | C:\WINDOWS\system32\dllcache\tcpip.sys /replace
    :Commands
    [EmptyTemp]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Kevin

Link to post
Share on other sites

i did as you said here is the log

All processes killed

========== FILES ==========

File C:\WINDOWS\system32\Drivers\tcpip.sys successfully replaced with C:\WINDOWS\system32\dllcache\tcpip.sys

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrato

->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator

->Temp folder emptied: 36219412 bytes

->Temporary Internet Files folder emptied: 13577451 bytes

->Java cache emptied: 12997144 bytes

->FireFox cache emptied: 260315375 bytes

->Google Chrome cache emptied: 33032153 bytes

->Apple Safari cache emptied: 35476480 bytes

->Flash cache emptied: 542 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 98438 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 728423241 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,068.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 02052013_191902

Link to post
Share on other sites

Farbar Service Scanner Version: 30-01-2013

Ran by Chinna (administrator) on 05-02-2013 at 19:33:23

Running from "D:\"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of Tcpip. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of Tcpip. The value does not exist.

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

There is no connection to network.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2009-12-25 10:59] - [2009-06-04 18:05] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe

[2009-06-04 18:02] - [2009-06-04 18:02] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7)

0x0A00000008000000080000000500000001000000020000000300000004000000060000000700000009000000

**** End of log ****

Link to post
Share on other sites

finally i made bits running with the help of goole and now my windows firewall service is also starte....

now i'm left with only one issue STILL NOT ACQUIRING IP ADDRESS..

here is the log of fss..

Farbar Service Scanner Version: 30-01-2013

Ran by Chinna (administrator) on 05-02-2013 at 21:46:20

Running from "D:\"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

There is no connection to network.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error. Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2009-12-25 10:59] - [2009-06-04 18:05] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe

[2009-06-04 18:02] - [2009-06-04 18:02] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x0A00000005000000080000000800000001000000020000000300000004000000060000000700000009000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Press Windows+R key and type cmd and click ok

Run the following commands at the prompt, hit the enter key after each one

netsh winsock reset catalog

netsh int ipv4 reset reset.log

netsh int ipv6 reset reset.log

ipconfig /flushdns

ipconfig /release

ipconfig /renew

ipconfig /registerdns

Then reboot.

Link to post
Share on other sites

OK, leave alone and do the following, you`ll need to d/l and unzip to desktop...

Please download Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

Tweak1_zps10f67b3e.jpg

From the main GUI do the following:

Select Tab 4 and Create System Restore Point

Tweak4_zps98ef6707.jpg

Select Repairs tab => Click the Start

Tweak5_zps71b85f1c.jpg

The repairs window will open, Check the boxes as indicated, also the "Restart" options, the select Start...

Tweak6_zpsd6411a53.jpg

DON'T use the computer while each scan is in progress.

Post the log that will be saved in this folder C:\Tweaking.com_windows_Repair_Logs named _Windows_Repair_Log

Link to post
Share on other sites

OK, see if you can run Combofix:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

conbofix completed successfully.. comp rebooted and still not ip yet.. here is the log

ComboFix 13-02-03.03 - Chinna 02/05/2013 22:54:59.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.129 [GMT 5.5:30]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix_2.exe

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\SQLite3.dll

c:\documents and settings\Administrator\WINDOWS

c:\windows\Install

c:\windows\sys

c:\windows\sys\a.txt

c:\windows\sys\exproler.exe

c:\windows\sys\msvcp100d.dll

c:\windows\sys\msvcr100.dll

c:\windows\sys\msvcr100d.dll

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))

.

.

2013-02-05 17:03 . 2013-02-05 17:04 -------- dc----w- C:\Tweaking.com_Windows_Repair_Logs

2013-02-05 17:02 . 2013-02-05 17:02 -------- dc----w- c:\program files\Tweaking.com

2013-02-05 13:32 . 2013-02-05 13:32 -------- dc----w- c:\documents and settings\All Users\Application Data\RightClick

2013-02-05 13:31 . 2013-02-05 13:32 -------- dc----w- c:\documents and settings\All Users\Application Data\InstallMate

2013-02-05 13:19 . 2008-06-20 11:59 361600 -c--a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-05 08:29 . 2013-02-05 08:29 -------- dc----w- C:\plop

2013-02-05 08:13 . 2006-02-07 03:05 135168 -c--a-w- c:\windows\system32\igfxres.dll

2013-02-04 20:45 . 2013-02-04 20:46 -------- dc----w- C:\$WIN_NT$.~BT

2013-02-04 20:42 . 2008-04-14 11:00 18944 -c--a-w- c:\windows\system32\lprmon.dll

2013-02-04 20:42 . 2008-04-14 11:00 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll

2013-02-04 20:42 . 2008-04-14 11:00 22528 -c--a-w- c:\windows\system32\lpdsvc.dll

2013-02-04 20:42 . 2008-04-14 11:00 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll

2013-02-04 17:56 . 2008-04-28 08:37 330752 -c--a-w- c:\windows\system32\ipnathlp.dl_

2013-02-04 16:56 . 2013-02-04 16:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2013-02-04 16:23 . 2012-11-22 00:43 112480 -c--a-w- c:\windows\system32\drivers\idmtdi.sys

2013-02-04 15:35 . 2013-02-04 15:35 -------- dc----w- C:\TDSSKiller_Quarantine

2013-02-04 13:43 . 2013-02-04 13:43 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-02-04 13:43 . 2013-02-04 13:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-02-04 13:43 . 2013-02-04 13:43 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2013-02-04 13:43 . 2012-12-14 11:19 21104 -c--a-w- c:\windows\system32\drivers\mbam.sys

2013-01-22 15:30 . 2012-03-27 04:30 277752 -c----w- c:\windows\system32\fppr432.dll

2013-01-22 15:30 . 2012-03-27 04:29 224504 -c----w- c:\windows\system32\fppmon4.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-04 12:45 . 2011-12-26 09:32 151552 -c--a-w- c:\windows\KMSEmulator.exe

2013-01-13 06:29 . 2012-04-20 12:36 697864 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-13 06:29 . 2011-05-15 15:29 74248 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:31 . 2009-06-04 12:33 290560 -c--a-w- c:\windows\system32\atmfd.dll

2012-11-27 15:58 . 2012-11-27 15:58 477168 -c--a-w- c:\windows\system32\npdeployJava1.dll

2012-11-27 15:58 . 2010-05-05 16:20 473072 -c--a-w- c:\windows\system32\deployJava1.dll

2012-11-27 15:58 . 2010-01-03 08:25 73728 -c--a-w- c:\windows\system32\javacpl.cpl

2012-11-13 11:20 . 2009-06-04 12:36 1875456 -c--a-w- c:\windows\system32\win32k.sys

2007-04-02 21:26 . 2011-02-10 18:33 2399529 -c--a-w- c:\program files\AeciAdlmDll51.dll

2006-03-30 23:56 . 2011-02-11 16:45 2377022 -c--a-w- c:\program files\AeciAdlmDll50.dll

2013-01-18 23:29 . 2013-01-18 23:29 262552 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-06-04 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 -c--a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-16 1837672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-17 16859648]

"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-09 519584]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk - c:\windows\system32\RunDll32.exe [2008-4-14 33280]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Banshee Screamer Alarm.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk

backup=c:\windows\pss\Banshee Screamer Alarm.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^CupidChat.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\CupidChat.lnk

backup=c:\windows\pss\CupidChat.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Google Talk, Labs Edition.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Google Talk, Labs Edition.lnk

backup=c:\windows\pss\Google Talk, Labs Edition.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-01-21 11:52 91520 -c--a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

2012-03-26 15:35 137536 -c--atw- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-05-09 05:43 136176 -c--atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 19:37 421736 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]

2010-05-07 13:05 165208 -c--a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 13:06 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2012-11-28 15:49 4686848 -c--a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]

2011-01-17 19:41 8192 -c--a-w- c:\program files\Xvid\CheckUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]

2011-08-05 06:59 159456 -c--a-w- c:\program files\Zune\ZuneLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"idsvc"=3 (0x3)

"SentinelProtectionServer"=2 (0x2)

"SentinelKeysServer"=2 (0x2)

"SeaPort"=2 (0x2)

"fsssvc"=3 (0x3)

"Adobe LM Service"=3 (0x3)

"YahooAUService"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"ZuneWlanCfgSvc"=3 (0x3)

"ZuneNetworkSvc"=3 (0x3)

"ZuneBusEnum"=2 (0x2)

"WMZuneComm"=3 (0x3)

"TeamViewer6"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"MozillaMaintenance"=3 (0x3)

"Autodesk Licensing Service"=2 (0x2)

"MBAMService"=2 (0x2)

"MBAMScheduler"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7/29/2011 7:22 AM 218688]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2/4/2013 9:53 PM 112480]

S2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [4/14/2008 4:30 PM 14336]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/4/2013 7:13 PM 21104]

S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\ztemtusbser.sys --> c:\windows\system32\DRIVERS\ztemtusbser.sys [?]

S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/4/2013 7:13 PM 398184]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/4/2013 7:13 PM 682344]

S4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11/2/2011 5:02 PM 2358656]

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 06:29]

.

2013-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:27]

.

2013-02-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-776561741-725345543-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-26 15:35]

.

2013-02-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-776561741-725345543-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-03-26 15:35]

.

2013-02-05 c:\windows\Tasks\Go for FilesUpdate.job

- c:\program files\GoforFiles\GFFUpdater.exe [2013-01-01 04:19]

.

2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-776561741-725345543-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 05:43]

.

2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-776561741-725345543-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-09 05:43]

.

2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{F8317723-D28C-4746-86A4-A66718EC6AF7}.job

- c:\windows\system32\msfeedssync.exe [2009-06-04 12:41]

.

.

------- Supplementary Scan -------

.

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hjw6ol3u.default-1355502462546\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-12-14 18:39; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-12-16 10:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hjw6ol3u.default-1355502462546\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-16 10:21; autopager@mozilla.org; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hjw6ol3u.default-1355502462546\extensions\autopager@mozilla.org.xpi

FF - ExtSQL: 2013-01-06 09:16; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hjw6ol3u.default-1355502462546\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF - ExtSQL: 2013-01-06 09:26; ERAIL.IN.FFPLUGIN@jetpack; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hjw6ol3u.default-1355502462546\extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-openvpn-gui - c:\program files\UltraVPN\bin\openvpn-gui.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-05 23:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2c1efbc1-44cc-40ea-b7bf-4444dac98fbe}]

@Denied: (Full) (Everyone)

"Model"=dword:00000087

"Therad"=dword:00000020

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a5,71,e0,08,f7,1e,b2,ab,2b,d0,e2,cb,08,41,52,98,db,ce,bb,50,4b,

e3,9f,ab,1c,5d,43,ff,64,06,78,94,6c,a3,3b,be,65,21,3e,57,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,d1,62,04,63,b5,20,49,aa,a5,cc,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,d1,62,04,63,b5,20,49,aa,a5,cc,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3000)

c:\windows\system32\WININET.dll

c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\program files\Internet Download Manager\IDMShellExt.dll

c:\program files\Internet Download Manager\IDMNetMon.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\program files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe

.

**************************************************************************

.

Completion time: 2013-02-05 23:10:05 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-05 17:40

ComboFix2.txt 2013-02-04 19:33

.

Pre-Run: 15,398,252,544 bytes free

Post-Run: 15,410,163,712 bytes free

.

- - End Of File - - 58C777CEA141B20EC6467E980D127430

Link to post
Share on other sites

You are running a hack tool for MS software, run the following :-

run the MGA Diagnostic Tool and post back the report it creates:

  • Download MGADiag from here:http://go.microsoft.com/fwlink/?linkid=52012 to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Link to post
Share on other sites

Kevin.. the problem is almost sorted out.. what i did was after starting bits fotunately my windos firewall service also got started normally... so i booted the comp in saftemode and uninstalled the network adopters and rebooted normally ... then windows recongised network adopter as new hardware and now i'm acquiring ip address also from my router.. and i also ran the reset commands for winsock and ip which you provided in your previous post..

but only half of the prblem got sortd out.. though i'm acquiring ip address i'm not getting internet in any of my browsers.. i checked my router and its working fine and i'm able to access internet via my ipod touch.. here is the log you requested

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Validation Code: N/A

Windows Product Key: *****-*****-M6PX2-V96BF-8CKBJ

Windows Product Key Hash: n3MqC4LOVOQQgQUf4VrjJV6OaXI=

Windows Product ID: 76487-640-5536995-23960

Windows Product ID Type: 1

Windows License Type: Volume

Windows OS version: 5.1.2600.2.00010100.3.0.pro

ID: {B73393ED-F6F5-46A5-8E6A-38422987283B}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: Registered, 1.9.40.0

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-b063_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A

Version: N/A

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: 2.0.48.0

OGAExec.exe Signed By: Microsoft

OGAAddin.dll Signed By: Microsoft

OGA Data-->

Office Status: 109 N/A

OGA Version: Registered, 2.0.48.0

Signed By: Microsoft

Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{B73393ED-F6F5-46A5-8E6A-38422987283B}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8CKBJ</PKey><PID>76487-640-5536995-23960</PID><PIDType>1</PIDType><SID>S-1-5-21-507921405-776561741-725345543</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>D915GAV_</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>EV91510A.86A.0482.2006.0222.2350</Version><SMBIOSVersion major="2" minor="3"/><Date>20060222000000.000000+000</Date></BIOS><HWID>05C434470184405D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->

N/A

Windows Activation Technologies-->

N/A

HWID Data-->

N/A

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 1B900:GENUINE C&C INC

Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->

N/A

Link to post
Share on other sites

Can you run this tool:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Link to post
Share on other sites

MiniToolBox by Farbar Version:10-01-2013

Ran by Chinna (administrator) on 06-02-2013 at 18:21:20

Running from "D:\"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection 3 (Connected)

# ----------------------------------

# Interface IP Configuration

# ----------------------------------

pushd interface ip

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp

set dns name="Local Area Connection 3" source=dhcp register=PRIMARY

set wins name="Local Area Connection 3" source=dhcp

popd

# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . :

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-CB-15-38

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, February 06, 2013 6:15:04 PM

Lease Expires . . . . . . . . . . : Thursday, February 07, 2013 6:15:04 PM

Server: UnKnown

Address: 192.168.1.1

Name: google.com

Addresses: 74.125.236.34, 74.125.236.35, 74.125.236.36, 74.125.236.37

74.125.236.38, 74.125.236.39, 74.125.236.40, 74.125.236.41, 74.125.236.46

74.125.236.32, 74.125.236.33

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown

Address: 192.168.1.1

Name: yahoo.com

Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 13 20 cb 15 38 ...... Intel® PRO/100 VE Network Connection

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20

192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20

192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20

224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20

255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1

Default Gateway: 192.168.1.1

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)

Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (02/06/2013 09:34:15 AM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

Error: (02/06/2013 09:33:28 AM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

Error: (02/06/2013 01:48:43 AM) (Source: Application Error) (User: )

Description: Faulting application dfrgntfs.exe, version 5.1.2600.5686, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00064d70.

Processing media-specific event for [dfrgntfs.exe!ws!]

Error: (02/06/2013 00:34:31 AM) (Source: PerfNet) (User: )

Description: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Error: (02/05/2013 11:16:34 PM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

Error: (02/05/2013 11:16:32 PM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

Error: (02/05/2013 11:16:30 PM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

Error: (02/05/2013 11:16:27 PM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

Error: (02/05/2013 11:16:25 PM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

Error: (02/05/2013 11:16:22 PM) (Source: Application Error) (User: )

Description: Faulting application psexec.exe, version 1.98.0.0, faulting module psexec.exe, version 1.98.0.0, fault address 0x00002b46.

Processing media-specific event for [psexec.exe!ws!]

System errors:

=============

Error: (02/06/2013 06:13:50 PM) (Source: Service Control Manager) (User: )

Description: The @%SystemRoot%\system32\FirewallAPI.dll,-23090 service depends on the following nonexistent service: bfe

Error: (02/06/2013 06:13:29 PM) (Source: Dhcp) (User: )

Description: The IP address lease 192.168.1.2 for the Network Card with network address 001320CB1538 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/06/2013 02:23:43 PM) (Source: Windows Update Agent) (User: )

Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).

Error: (02/06/2013 01:54:25 PM) (Source: Service Control Manager) (User: )

Description: The @%SystemRoot%\system32\FirewallAPI.dll,-23090 service depends on the following nonexistent service: bfe

Error: (02/06/2013 01:53:26 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/06/2013 01:52:55 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

Fips

intelppm

Error: (02/06/2013 01:52:55 PM) (Source: Service Control Manager) (User: )

Description: The @%SystemRoot%\system32\FirewallAPI.dll,-23090 service depends on the following nonexistent service: bfe

Error: (02/06/2013 01:51:34 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/06/2013 01:46:48 PM) (Source: Service Control Manager) (User: )

Description: The @%SystemRoot%\system32\FirewallAPI.dll,-23090 service depends on the following nonexistent service: bfe

Error: (02/06/2013 01:43:19 PM) (Source: Service Control Manager) (User: )

Description: The @%SystemRoot%\system32\FirewallAPI.dll,-23090 service depends on the following nonexistent service: bfe

Microsoft Office Sessions:

=========================

Error: (10/28/2011 08:44:50 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: 0Microsoft Office Word12.0.6545.500012.0.6425.1000110

Error: (10/28/2011 08:44:31 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: 0Microsoft Office Word12.0.6545.500012.0.6425.1000210

Error: (07/22/2011 03:28:12 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: 0Microsoft Office Word12.0.6545.500012.0.6425.1000190

Error: (02/26/2011 02:33:10 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: 0Microsoft Office Word12.0.6545.500012.0.6425.1000320

Error: (01/09/2010 03:52:23 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: 0Microsoft Office Word12.0.6504.500012.0.6425.1000280240

=========================== Installed Programs ============================

µTorrent (Version: 1.8.2)

µTorrent (Version: 3.2.3.28705)

Adobe Common File Installer (Version: 1.00.0000)

Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)

Adobe Flash Player 11 Plugin (Version: 11.5.502.146)

Adobe Help Center 1.0 (Version: 001.000.000)

Adobe Stock Photos 1.0 (Version: 001.000.000)

Age Of Empire-II The Conquerors

Age of Empires II - The Conquerors - 1.0e Patch FINAL (Version: 1.0e)

Album Downloader 4 Facebook (Version: 1.3)

AlgoLab R2V Conversion Toolkit 2.97.62

Apple Application Support (Version: 2.0.1)

Apple Mobile Device Support (Version: 3.4.1.2)

Apple Software Update (Version: 2.1.3.127)

AutoCAD 2007 - English (Version: 17.0.54.110)

Autodesk DWF Viewer (Version: 6.5)

Autodesk SketchBookPro 2011 (Version: 5.00.0000)

Bonjour (Version: 3.0.0.10)

Cambridge TOEFL® Prep

CameraHelperMsi (Version: 13.10.1217.0)

CupidChat (beta) 0.4.1 (Version: 0.4.1)

DAEMON Tools Lite (Version: 4.40.2.0131)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox (Version: 1.4.3)

eBook Reader

erLT (Version: 1.20.138.34)

Facebook Video Calling 1.2.0.159 (Version: 1.2.159)

FlashBoot 2.1e

Foxit PhantomPDF (Version: 5.4.0.902)

Foxit Reader 5.0 (Version: 5.0.2.718)

GoforFiles (Version: 1.4.2)

Google Book Downloader (Version: 0.6.9)

Google Chrome (Version: 23.0.1271.97)

Google Talk (remove only)

Google Talk Plugin (Version: 2.6.1.5251)

Google Talk, Labs Edition (Version: 1.0.267.233)

HP Deskjet 3520 series Basic Device Software (Version: 28.0.1315.0)

HP Deskjet 3520 series Help (Version: 27.0.0)

HP Deskjet 3520 series Setup Guide (Version: 27.0.0)

HP ePrint (Version: 6.0.12230.783)

HP Photo Creations (Version: 1.0.0.7702)

HP Postscript Converter (Version: 3.1.3591)

HP Unified IO (Version: 2.0.0.404)

HP Update (Version: 5.003.003.001)

Image Resizer Powertoy for Windows XP (Version: 1.00.0001)

Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4497)

Intel® PRO Network Connections 11.2.0.69 (Version: )

Internet-based TOEFL

Internet Download Manager

iTunes (Version: 10.4.1.10)

Java Auto Updater (Version: 2.0.7.2)

Java 6 Update 37 (Version: 6.0.370)

Java 6 Update 5 (Version: 1.6.0.50)

Logitech Webcam Software (Version: 2.0)

LWS Facebook (Version: 13.10.1216.0)

LWS Gallery (Version: 13.10.1216.0)

LWS Help_main (Version: 13.10.1224.0)

LWS Launcher (Version: 13.10.1224.0)

LWS Motion Detection (Version: 13.10.1218.0)

LWS Pictures And Video (Version: 13.10.1218.0)

LWS Twitter (Version: 13.00.1216.0)

LWS Video Mask Maker (Version: 13.10.1216.0)

LWS Webcam Software (Version: 13.00.1774.0)

LWS WLM Plugin (Version: 1.10.1222.0)

LWS YouTube Plugin (Version: 13.10.1216.0)

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

Merriam-Webster

Merriam-Webster 3.0

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 1.1 Service Pack 1 (Version: 1.1.4322)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Silverlight (Version: 2.0.40115.0)

Microsoft Silverlight (Version: 4.1.10329.0)

Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4734.1000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Minilyrics(remove only)

Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)

Mozilla Maintenance Service (Version: 18.0.1)

Mp3tag v2.48 (Version: v2.48)

MPlayer for Windows (Full Package)

MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)

MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

MSXML 6.0 Parser (Version: 6.00.3883.8)

Notepad++ (Version: 5.6.8)

Octoshape Streaming Services

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

Opera 12.12 (Version: 12.12.1707)

P2PFilter 3.0.5 (Version: 3.0.5)

pdfFactory Pro (Version: 4.62)

PE Builder 3.1.10a

Picasa 3 (Version: 3.8)

Pidgin (Version: 2.9.0)

Platinum Hide IP (Version: 3.1.2.6)

QUICKfind server v1.1

QuickTime (Version: 7.70.80.34)

Readon TV Movie Radio Player 7.3.0.0 (Version: 7.3.0)

REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0000)

Realtek High Definition Audio Driver (Version: 5.10.0.5548)

SkyMonk Client (Version: 1.71)

Skype™ 5.1 (Version: 5.1.104)

Super MP3 Download (Version: 4.5.7.8)

Super Word Power (Version: 1.0.0.28)

TeamViewer 6 (Version: 6.0.11117)

Total Video Converter 3.21 090220

Tweaking.com - Windows Repair (All in One) (Version: 1.9.7)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Office 2010 (KB2553092)

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB980182) (Version: 1)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

VBA (2627.01) (Version: 6.03.00.9402)

Veoh Web Player (Version: 1.1.2.0000)

Virtual Desktop Manager Powertoy for Windows XP (Version: 1.00.0001)

VLC media player 2.0.5 (Version: 2.0.5)

Voobly Game Data (Version: Voobly Game Datas)

Web Album Copier (Version: 0.3.36)

WebFldrs XP (Version: 9.50.7523)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)

Windows Media Format 11 runtime

Windows Mobile Device Updater Component (Version: 04.08.2345.00)

Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70)

Windows Rights Management Client with Service Pack 2 (Version: 5.2.70)

WinRAR 4.00 (32-bit) (Version: 4.00.0)

WinSetupFromUSB

WordWeb (Version: 6)

Xmarks for IE (Version: 127.0.151)

XMLinst (Version: 1.0.0.0)

Xvid Video Codec (Version: 1.3.1)

Yahoo! Messenger

Yahoo! Software Update

Zune (Version: 04.08.2345.00)

Zune Language Pack (CHS) (Version: 04.08.2345.00)

Zune Language Pack (CHT) (Version: 04.08.2345.00)

Zune Language Pack (CSY) (Version: 04.08.2345.00)

Zune Language Pack (DAN) (Version: 04.08.2345.00)

Zune Language Pack (DEU) (Version: 04.08.2345.00)

Zune Language Pack (ELL) (Version: 04.08.2345.00)

Zune Language Pack (ESP) (Version: 04.08.2345.00)

Zune Language Pack (FIN) (Version: 04.08.2345.00)

Zune Language Pack (FRA) (Version: 04.08.2345.00)

Zune Language Pack (HUN) (Version: 04.08.2345.00)

Zune Language Pack (IND) (Version: 04.08.2345.00)

Zune Language Pack (ITA) (Version: 04.08.2345.00)

Zune Language Pack (JPN) (Version: 04.08.2345.00)

Zune Language Pack (KOR) (Version: 04.08.2345.00)

Zune Language Pack (MSL) (Version: 04.08.2345.00)

Zune Language Pack (NLD) (Version: 04.08.2345.00)

Zune Language Pack (NOR) (Version: 04.08.2345.00)

Zune Language Pack (PLK) (Version: 04.08.2345.00)

Zune Language Pack (PTB) (Version: 04.08.2345.00)

Zune Language Pack (PTG) (Version: 04.08.2345.00)

Zune Language Pack (RUS) (Version: 04.08.2345.00)

Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 68%

Total physical RAM: 502.73 MB

Available physical RAM: 160.75 MB

Total Pagefile: 2518.19 MB

Available Pagefile: 2244.43 MB

Total Virtual: 2047.88 MB

Available Virtual: 1971.29 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:39.06 GB) (Free:14.22 GB) NTFS

2 Drive d: (RAVI) (Removable) (Total:3.73 GB) (Free:1.49 GB) FAT32

3 Drive e: (Storage 1) (Fixed) (Total:58.59 GB) (Free:4.29 GB) NTFS

4 Drive f: (Storage 2) (Fixed) (Total:51.39 GB) (Free:5.01 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME

ASPNET Chinna Guest

HelpAssistant RemoteAdmin SUPPORT_388945a0

**** End of log ****

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.