Need help with "System Check" virus

newguy · March 8, 2012

Hi,

I'm trying to help a friend with a virus issue. He seems to have fake virus software called "System Check" installed. It has hidden all of his desktop icons, blocked access to the task manager and crippled his antivirus software. When he contacted me about the problem I advised him to disconnect his system from the internet and it has not been reconnected since.

He booted in safe mode and installed MBAM from a CD. Malwarebytes found and fixed three issues in safe mode but upon reboot the virus was still there. He rebooted back into safe mode and ran MBAM again but it found nothing this time. Also, he was able to run his Norton software from his ISP in safe mode but if didn't find anything either.

I was able to run dds on the system after a reboot. The logs are included below.

Any help with issue would be greatly appreciated.

Thanks

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by thomas at 20:13:48 on 2012-03-07

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.805 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\SFT\GuardedID\GIDD.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Free Ride Games\GPlayer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ProgramData\CxeQuvuAihVRRU.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\NETGEAR\WN111v2\WN111v2.exe

C:\ProgramData\ax1bQt93JxKdtA.exe

C:\Windows\system32\attrib.exe

C:\Program Files\Constant Guard Protection Suite\IDVault.exe

C:\Windows\system32\attrib.exe

C:\Windows\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=BNHP

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

uURLSearchHooks: Games.com Toolbar Search Class: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - c:\program files\games.com toolbar\gamescomtb.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll

mURLSearchHooks: Games.com Toolbar Search Class: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - c:\program files\games.com toolbar\gamescomtb.dll

mURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll

uWindows: Load=c:\users\thomas\locals~1\temp\mskmwna.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Games.com Toolbar Loader: {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - c:\program files\games.com toolbar\gamescomtb.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll

BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.81\oberontb.dll

BHO: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.81\oberontb.dll

TB: Games.com Toolbar: {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - c:\program files\games.com toolbar\gamescomtb.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll

TB: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [CxeQuvuAihVRRU.exe] c:\programdata\CxeQuvuAihVRRU.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [<NO NAME>]

mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini

dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup

StartupFolder: c:\users\thomas\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111v2.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll

IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.81\oberontb.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0122B2E1-257D-4823-802A-3013F4A6370F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{91B2B4F7-0518-4ACF-8183-A99769F3C3E1} : DhcpNameServer = 192.168.1.1

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]

R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-5-17 25232]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120303.003\IDSvix86.sys [2012-3-3 368248]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-10-1 20384]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-2-7 331384]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-2 21504]

R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-2-15 65096]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]

R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2011-11-5 46184]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-22 136176]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]

S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-22 136176]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-29 942080]

S3 Leapfrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-11-12 33792]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2009-1-13 453120]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-06 04:30:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-06 04:30:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-06 01:12:38 359424 ---ha-w- c:\programdata\ax1bQt93JxKdtA.exe

2012-03-06 01:08:25 452608 --sha-w- c:\programdata\CxeQuvuAihVRRU.exe

2012-02-22 20:14:43 -------- d--h--w- c:\users\thomas\appdata\local\Scansoft

2012-02-21 16:49:28 -------- d--h--w- c:\users\thomas\appdata\roaming\Nuance

2012-02-21 16:34:36 -------- d-----w- c:\program files\common files\ScanSoft Shared

2012-02-21 16:34:34 -------- d-----w- c:\program files\common files\Nuance

2012-02-21 16:33:35 -------- d--h--w- c:\programdata\Nuance

2012-02-21 16:33:35 -------- d-----w- c:\program files\Nuance

2012-02-16 12:06:31 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 12:06:29 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 12:05:41 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-02-07 22:38:20 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys

2012-02-07 22:38:20 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys

2012-02-07 22:38:19 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys

2012-02-07 22:38:19 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys

2012-02-07 22:38:19 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys

2012-02-07 22:38:18 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys

2012-02-07 22:38:18 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys

2012-02-07 22:37:43 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D

.

==================== Find3M ====================

.

2012-01-20 21:56:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 20:21:28.24 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/7/2007 10:16:11 PM

System Uptime: 3/7/2012 8:01:35 PM (0 hours ago)

.

Motherboard: ASUSTek Computer INC. | | NARRA2

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket AM2 | 1800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 289 GiB total, 181.095 GiB free.

D: is FIXED (NTFS) - 9 GiB total, 0.808 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

A Free Ride Games Bar Toolbar

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.3.1

AIO_Scan

BufferChm

CCleaner

Conduit Engine

Constant Guard Protection Suite

Copy

Coupon Printer for Windows

CustomerResearchQFolder

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DJ_AIO_ProductContext

DJ_AIO_Software

DJ_AIO_Software_min

Download Updater (AOL LLC)

Dragon NaturallySpeaking 10

Easy Chef 1,000,000 Recipes

Enhanced Multimedia Keyboard Solution

eSupportQFolder

F4100

F4100_Help

FLV Player

Free Ride Games Player

Games.com Toolbar

GamesBar 2.0.1.81

Garmin Communicator Plugin

Garmin Lifetime Updater

Garmin USB Drivers

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GuardedID

Hardware Diagnostic Tools

Hewlett-Packard ACLM.NET v1.1.0.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Experience Enhancements

HP Customer Feedback

HP Customer Participation Program 8.0

HP Deskjet All-In-One Software 8.0

HP Easy Setup - Frontend

HP Imaging Device Functions 8.0

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart Essential

HP Photosmart Essential 2.0

HP Photosmart Essential2.5

HP Picasso Media Center Add-In

HP Product Assistant

HP Solution Center 8.0

HP Total Care Advisor

HP Update

HPProductAssistant

HPSSupply

IrfanView (remove only)

Japanese Fonts Support For Adobe Reader 8

Java™ 6 Update 2

Java™ 6 Update 5

Java™ 6 Update 7

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

LightScribe 1.4.142.1

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Moraff's Maximum MahJongg 1.0

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.0

My HP Games

Norton Security Suite

NVIDIA Drivers

OpenOffice.org Installer 1.0

PSSWCORE

Python 2.4.3

RangeMax Wireless-N USB Adapter WN111v2

RealPlayer

Realtek High Definition Audio Driver

Rhapsody

Rhapsody Player Engine

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

RTC Client API v1.2

Sandlot Games Client Services

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Shop for HP Supplies

SmartDraw 2007

Snapfish Media Detector

Snood 4

Soft Data Fax Modem with SmartCP

SolutionCenter

Status

Super Text Twist Free Trial

Text Twist

TomTom HOME 2.5.2.60

Toolbox

TrayApp

Treasure Seekers The Enchanted Canvases

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

VC 9.0 Runtime

VC_MergeModuleToMSI

Viewpoint Media Player

Visual C++ Runtime for Dragon NaturallySpeaking

VLC media player 0.9.9

WebReg

Wheel of Fortune 2 (remove only)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

WN111v2

Word Whomp To Go

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/7/2012 8:04:32 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

3/7/2012 8:03:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/7/2012 8:03:35 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

3/7/2012 7:12:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl IDSVix86 jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 7:12:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/7/2012 7:12:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/7/2012 7:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/7/2012 7:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/7/2012 7:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/7/2012 7:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/7/2012 7:11:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/7/2012 7:09:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

3/6/2012 9:16:55 AM, Error: EventLog [6008] - The previous system shutdown at 9:14:23 AM on 3/6/2012 was unexpected.

3/6/2012 4:08:52 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

3/6/2012 4:08:52 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.

3/6/2012 4:08:52 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.

3/5/2012 9:31:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.195 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/5/2012 9:22:43 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

3/5/2012 9:15:46 PM, Error: EventLog [6008] - The previous system shutdown at 8:45:26 PM on 3/5/2012 was unexpected.

3/5/2012 7:52:13 AM, Error: EventLog [6008] - The previous system shutdown at 7:48:03 AM on 3/5/2012 was unexpected.

3/5/2012 7:17:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user thomas-PC\thomas SID (S-1-5-21-1438759059-2066498689-1681145571-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/5/2012 6:50:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.194 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/5/2012 5:11:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.201 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/5/2012 2:50:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.200 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/5/2012 11:54:45 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.196 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/5/2012 10:57:28 PM, Error: EventLog [6008] - The previous system shutdown at 10:55:36 PM on 3/5/2012 was unexpected.

3/5/2012 1:48:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.199 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/5/2012 1:28:23 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.198 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/5/2012 1:05:28 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.197 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 6:08:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.192 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 2:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user thomas-PC\thomas SID (S-1-5-21-1438759059-2066498689-1681145571-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/4/2012 12:46:01 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.190 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 12:24:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.189 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 12:03:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.188 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 12:01:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

3/4/2012 10:24:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.193 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 10:13:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.187 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/4/2012 1:09:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.191 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 9:52:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.184 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 9:52:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

3/3/2012 6:28:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.183 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 6:08:09 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.182 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 5:47:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.181 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 5:26:55 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.180 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 5:06:22 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.179 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 4:45:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.178 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 4:25:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.177 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 4:04:26 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.176 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 3:43:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.175 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 3:23:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.174 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 3:17:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.186 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 3:00:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.173 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 2:40:31 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.172 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 2:19:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.171 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 12:57:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.167 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 12:37:14 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.166 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 12:16:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.165 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 12:04:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.185 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 1:59:21 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.170 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 1:38:47 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.169 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/3/2012 1:18:16 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.168 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 7:42:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.162 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 6:37:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.161 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 6:13:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.159 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 5:46:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.158 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 5:16:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.157 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 4:48:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.156 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 4:21:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.155 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 4:19:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

3/2/2012 3:53:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.154 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 3:36:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.160 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 3:23:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.153 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 2:51:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.152 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 2:08:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.151 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 12:29:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 12:08:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.146 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 11:27:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.164 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 10:55:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.163 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 1:48:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.150 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 1:24:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.149 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/2/2012 1:04:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.148 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 6:41:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 6:28:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.135 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 6:22:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.140 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 6:02:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.139 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 5:12:56 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 11:48:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.145 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 11:27:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.144 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 11:07:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.143 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 10:46:00 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.137 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 10:44:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.142 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

3/1/2012 10:23:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.136 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 7:14:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.130 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 7:07:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.133 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 6:54:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.129 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 6:35:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.132 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 6:33:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.128 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 6:13:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.127 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 5:52:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.126 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 5:43:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.131 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 5:30:03 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.125 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 5:11:30 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.124 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 4:50:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.123 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 4:30:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.122 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 4:09:57 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.121 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 3:49:01 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 2:42:19 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.119 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 2:23:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.118 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 2:03:13 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.117 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 12:42:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.115 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 12:21:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 10:10:47 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.134 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/29/2012 1:28:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Maniac · March 8, 2012

Hello newguy! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Reconnect the computer to the Internet and use Normal mode for my instructions.

Step 1

I see your find have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player

Step 2

Follow the instructions here to run, update and scan with Malwarebytes' Anti-Malware:

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434002

In your next post, please include:

Malwarebytes' Anti-Malware log
a new fresh DDS log file

newguy · March 9, 2012

Hi Maniac. Thanks for the quick response.

OK, I removed "Viewpoint Media Player" via add/remove programs.

I was able to update and run MBAM via the Chameleon route.

After MBAM ran it required a restart to complete the removal process. However, the system hung while shutting down, (I gave it over 30 minutes displaying the shutdown screen before I manually shut it down.)

Upon restart I again ran MBAM Chameleon and this time it found no infections.

I attempted to run DDS again but while it was running I got a blue screen and the system restarted. (Not sure if this was related to the process, but I thought I should let you know what happened.) It flashed too fast for me to see the error before the restart.

After the restart I was able to successfully run DDS and the logs are posted below.

Also, I'm including the texts of both MBAM quick scans.

First MBAM Scan:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.08.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

thomas :: THOMAS-PC [administrator]

3/8/2012 8:10:29 PM

mbam-log-2012-03-08 (20-10-29).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 181176

Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CxeQuvuAihVRRU.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\CxeQuvuAihVRRU.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\ProgramData\CxeQuvuAihVRRU.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\ProgramData\ax1bQt93JxKdtA.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\thomas\AppData\Local\Temp\LdUGxInAr1arU8.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

Second MBAM Scan:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.08.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

thomas :: THOMAS-PC [administrator]

3/8/2012 9:02:26 PM

mbam-log-2012-03-08 (21-02-26).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 181326

Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by thomas at 21:38:43 on 2012-03-08

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1046 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Constant Guard Protection Suite\IDVault.exe

C:\Windows\System32\rundll32.exe