Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified Network Window 7


  • This topic is locked This topic is locked
12 replies to this topic

#1 dirk_dagger

dirk_dagger

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 28 June 2011 - 01:41 PM

I am trying to help a friend with his PC:

emachines
AMD Sempron 3100+ 1.8gh
1 GB ram
32 bit
wired
router 8014SMC
Charter Business Internet aprox 20gb
cannot post any logs - no connection, posting from a different pc
was upgraded to windows 7 about 6 mos ago and was working until a week ago

It will not connect to internet and shows unidentified network.

1st problem was only only 21mb of free space on HD. He purchased an external HD to move files off the machine. This may or may not be when the problem started. The internet just stopped working and no other changes have been made recently. His kids are the users so who knows.

I freed up about 1 gb and uninstalled AVG, it was giving some errors. I disabled windows firewall.

After reading numerous fixes I reset and re-installed the network card, disabled, enabled it, checked protocols etc. When set to grab ip automatically it gets a 169xxx... I tried to plug in the info (ip, gateway, etc.) from another PC on my network to force it, nothing! My connection works fine on two PC's so I know everything is ok up to the machine. released the ip but it will not renew and times out. One thing I noticed is the location was public, I changed it to workgroup but it keeps changing back to public, not on reboot but while it's running. I get the feeling something is blocking it but I can't see it. The troubleshooter comes down to "Local Area Connection does not have a valid ip configuration. At one point the troubleshooter said windows firewall was blocking it but it was already disabled. I checked again and it turned itself back on, maybe after a reboot, not sure. I have seen pages and pages about this but none have resolved this one. How can I get to the bottom of this?

Not much hair left to loose!

Any ideas would be greatly appriciated

Edited by dirk_dagger, 28 June 2011 - 02:14 PM.


BC AdBot (Login to Remove)

 


#2 wiczjr

wiczjr

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 30 June 2011 - 02:30 PM

Here are a couple of preliminary steps to take before advancing further into your problem. I'm not saying that this is the fix but it'll eliminate a couple of things:

You need to free up about 15% of that HDD, minimum.

on the start button type: cmd. right click it on the search results and select 'run as administrator'

type: netsh winsock reset

reboot.
Both faith and fear may sail into your harbour, but only allow faith to drop anchor.

#3 dirk_dagger

dirk_dagger
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 30 June 2011 - 02:49 PM

Thank you for the help.

ok, i have about 6gb of free space, reset winsock successfully.

No result.

update:

I spoke to him again and he said the connectivity started 2 weeks before the hard drive was used. He also said that he was getting warning about the windows paging file at start up prior to the problem.

Edited by dirk_dagger, 30 June 2011 - 03:56 PM.


#4 wiczjr

wiczjr

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 30 June 2011 - 04:46 PM

Yeah you would probably get paging file errors if the HDD is filling up.

K now that that is done. Press the start button and type: ncpa.cpl and press enter.

Right click your local area connection and click on properties

Uncheck IPV6.

Select IPV4 and select properties.

Under the general tab make sure that you're obtaining an IP address and DNS servers automatically.

Under the alternate configuration tab make sure that you're obtaining a private automatic IP address.

Keep clicking OK until the settings are applied.

After that we'll try something else if that doesn't work.

Edited by wiczjr, 30 June 2011 - 04:47 PM.

Both faith and fear may sail into your harbour, but only allow faith to drop anchor.

#5 dirk_dagger

dirk_dagger
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 30 June 2011 - 05:34 PM

Done with no effect.

Also it is still changing the location back to public on it's own.

Edited by dirk_dagger, 30 June 2011 - 05:34 PM.


#6 wiczjr

wiczjr

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 01 July 2011 - 08:47 AM

ooooooooook; You said you removed avg, but try this tool in addition just in case: AVG removal tool http://www.avg.com/us-en/utilities I've had AVG mess up more computers than anything else. They used to be good until v9 release *shrug*

If you're getting a link-local IP like that, you might want to check your router settings to make sure it's giving out enough IP addresses. Maybe reset the router and start from scratch.

There also may be a good chance you're infected with malware; there's a malware removal guide on this site.

Other than that, I'd have to see the PC in my shop to try a few things. There's only so much you can do on an online forum, ya know?
Both faith and fear may sail into your harbour, but only allow faith to drop anchor.

#7 dirk_dagger

dirk_dagger
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 01 July 2011 - 11:22 AM

If you re-read the post you would understand that cannot use the AVG removal tool because I cannot get online. The router is not an issue. I have had a many as 5-6 computers, including a wireless router plugged in to it when guests are in my shop. Everything connects instantly.

#8 wiczjr

wiczjr

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 01 July 2011 - 02:07 PM

Then download the tool from another computer.

Open an elevated command prompt and type this:

netsh winsock reset catalog , press enter

netsh int ip reset reset.log , press enter

I'm just trying to help ya, chief. No need for "if you re-read" comments. You're obviously online now and posting in this forum aren't ya?

If this fix doesn't work, try to see if you can get an updated driver for the NIC. Also, run chkdsk /r and sfc /scannow in an elevated command prompt.

Mod Edit: Removed suggestions to run malware tools, this is NOT a malware forum and members are not authorized to make suggestions to other members...regarding resolution of malware. We have forums for malware issues and this is not one of them ~ Hamluis.

Edited by hamluis, 01 July 2011 - 04:24 PM.
PM sent.

Both faith and fear may sail into your harbour, but only allow faith to drop anchor.

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:19 AM

Posted 01 July 2011 - 03:04 PM

Do you have access to a Flash Drive? You will have to perform steps manually so download the following tools on to a flash drive and then transfer them to the non-connected computer. you will then install these applications and run them. Save the logs to a flash drive and transfer them to a computer that can connect to the net and post them.

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


This will give us some information as to determine if malware is the issue or if the network card is faulty.

#10 dirk_dagger

dirk_dagger
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 01 July 2011 - 07:44 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/1/2011 3:37:07 PM
mbam-log-2011-07-01 (15-37-06).txt

Scan type: Full scan (C:\|I:\|)
Objects scanned: 221963
Time elapsed: 2 hour(s), 19 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\hblite (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\hblite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\hblite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\hblite\bin\11.0.372.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin\2.7.37 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\shoppingreport2\Bin\2.7.37\shoppingreport.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
i:\program files\shoppingreport2\Bin\2.7.37\shoppingreport.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.


------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2011 at 04:44 PM

Application Version : 4.55.1000

Core Rules Database Version : 7365
Trace Rules Database Version: 5176

Scan type : Complete Scan
Total Scan Time : 00:38:12

Memory items scanned : 361
Memory threats detected : 0
Registry items scanned : 9457
Registry threats detected : 0
File items scanned : 21057
File threats detected : 0


----------


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-01 17:32:04
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD400BB-75FJA1 rev.14.03G14
Running: 0yg5k15k.exe; Driver: C:\Users\emachine\AppData\Local\Temp\fxdyqkog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8284B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8286FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:3676] 98B18F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1

---- EOF - GMER 1.0.15 ----


----------


Summary
Operating System
MS Windows 7 32-bit
CPU
AMD Sempron 3100+ 66 C
Palermo 90nm Technology
RAM
1.00 GB Single-Channel DDR @ 200MHz (3-4-4-8)
Motherboard
First International Computer, Inc. K8MC51G (Socket 940) 40 C
Graphics
K717 (1280x1024@60Hz)
32MB GeForce 6100 (FIC)
Hard Drives
39.1GB Western Digital WDC WD400BB-75FJA1 ATA Device (PATA) 54 C
Optical Drives
LITE-ON DVDRW SHW-1635S ATA Device
Audio
Realtek AC'97 Audio
Operating System
MS Windows 7 32-bit
Installation Date: 17 January 2011, 19:25
Serial Number: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Disabled
Windows Update
AutoUpdate Disabled
Windows Defender
Windows Defender Enabled
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Power Profile
Active power scheme Home/Office Desk
Hibernation Enabled
Scheduler
Disabled SidebarExecute
Hotfixes
1/18/2011 NVIDIA - system - nForce Memory Controller
1/18/2011 Security Update for Windows 7 (KB979687)
1/18/2011 Windows Malicious Software Removal Tool - January 2011 (KB890830)
1/18/2011 Security Update for Windows 7 (KB978886)
1/18/2011 Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB983590)
1/18/2011 Security Update for Windows 7 (KB975467)
1/18/2011 Security Update for Windows 7 (KB978601)
1/18/2011 Security Update for Windows 7 (KB2347290)
1/18/2011 Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526)
1/18/2011 Security Update for Windows 7 (KB982665)
1/18/2011 Update for Windows 7 (KB977074)
1/18/2011 Security Update for Windows 7 (KB982132)
1/18/2011 Cumulative Security Update for ActiveX Killbits for Windows 7 (KB980195)
1/18/2011 nVidia - Display - NVIDIA GeForce 6100
1/18/2011 Security Update for Windows 7 (KB2423089)
1/18/2011 Update for Windows 7 (KB2443685)
1/18/2011 Security Update for Windows 7 (KB2207566)
1/18/2011 Security Update for Windows 7 (KB2305420)
1/18/2011 Security Update for Windows 7 (KB974571)
1/18/2011 Update for Windows 7 (KB980408)
1/18/2011 Security Update for Windows 7 (KB982799)
1/18/2011 Security Update for Windows 7 (KB978542)
1/18/2011 Security Update for Windows 7 (KB2079403)
1/18/2011 NVIDIA - system - nForce Memory Controller
1/18/2011 Security Update for Windows 7 (KB2419640)
1/18/2011 Update for Windows 7 (KB974431)
1/18/2011 Security Update for Windows 7 (KB979482)
1/18/2011 Security Update for Windows 7 (KB2296011)
1/18/2011 Security Update for Windows 7 (KB2387149)
1/18/2011 Security Update for Windows 7 (KB982214)
1/18/2011 NVIDIA - system - nForce Memory Controller
1/18/2011 Security Update for Windows 7 (KB2378111)
1/18/2011 Update for Windows 7 (KB976662)
1/18/2011 Security Update for Windows 7 (KB972270)
1/18/2011 Security Update for Windows 7 (KB977165)
1/18/2011 Security Update for Windows 7 (KB975560)
1/18/2011 NVIDIA - system - nForce Memory Controller
1/18/2011 Security Update for Windows 7 (KB2296199)
1/18/2011 Security Update for Windows 7 (KB2385678)
1/18/2011 NVIDIA - system - nForce Memory Controller
1/18/2011 Security Update for Windows 7 (KB981852)
1/18/2011 Security Update for Windows 7 (KB2286198)
1/18/2011 NVIDIA - system - nForce Memory Controller
1/18/2011 Security Update for Microsoft .NET Framework 3.5.1 and Windows 7 x86 (KB2416471)
1/18/2011 Update for Windows 7 (KB2345886)
1/18/2011 Security Update for Windows 7 (KB2281679)
1/18/2011 Security Update for Windows 7 (KB2442962)
1/18/2011 Security Update for Windows 7 (KB981332)
1/18/2011 Security Update for Windows 7 (KB979309)
1/18/2011 NVIDIA - system - nForce Memory Controller
1/18/2011 Security Update for Windows 7 (KB979688)
1/18/2011 Security Update for Windows 7 (KB980232)
1/18/2011 Security Update for Windows 7 (KB2436673)
1/18/2011 Microsoft .NET Framework 3.5 SP1 Security Update for Windows 7 x86 (KB979916)
1/18/2011 NVIDIA - system - nForce HyperTransport Bridge
1/18/2011 Realtek Semiconductor Corp. - Other hardware - Realtek AC'97 Audio
Services
Running Ammyy Admin
Running Application Experience
Running Application Information
Running Application Management
Running Background Intelligent Transfer Service
Running Base Filtering Engine
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Distributed Link Tracking Client
Running DNS Client
Running EPSON V3 Service4(04)
Running EPSON V5 Service4(04)
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Group Policy Client
Running IKE and AuthIP IPsec Keying Modules
Running IP Helper
Running iPod Service
Running IPsec Policy Agent
Running Multimedia Class Scheduler
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running NVIDIA Display Driver Service
Running Offline Files
Running Peer Name Resolution Protocol
Running Peer Networking Identity Manager
Running Plug and Play
Running Portable Device Enumerator Service
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Themes
Running UPnP Device Host
Running User Profile Service
Running uvnc_service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Backup
Running Windows Connect Now - Config Registrar
Running Windows Defender
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Firewall
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Search
Running Windows Update
Running WLAN AutoConfig
Running Workstation
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped BranchCache
Stopped Certificate Propagation
Stopped COM+ System Application
Stopped Credential Manager
Stopped Diagnostic System Host
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped Encrypting File System (EFS)
Stopped Fax
Stopped Function Discovery Resource Publication
Stopped Health Key and Certificate Management
Stopped HomeGroup Listener
Stopped HomeGroup Provider
Stopped Human Interface Device Access
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Office Diagnostics Service
Stopped Microsoft Office Groove Audit Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Office Source Engine
Stopped Parental Controls
Stopped Peer Networking Grouping
Stopped Performance Logs & Alerts
Stopped PnP-X IP Bus Enumerator
Stopped PNRP Machine Name Publication Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Access Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Desktop Services UserMode Port Redirector
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Secondary Logon
Stopped Secure Socket Tunneling Protocol Service
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped Storage Service
Stopped Tablet PC Input Service
Stopped Telephony
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Font Cache Service
Stopped Windows Installer
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Time
Stopped WinHTTP Web Proxy Auto-Discovery Service
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
Device Tree
ACPI x86-based PC
Microsoft ACPI-Compliant System
AMD Sempron™ Processor 3100+
ACPI Power Button
System board
ACPI Fan
ACPI Thermal Zone
ACPI Fixed Feature Button
PCI bus
PCI standard RAM Controller
nForce HyperTransport Bridge
nForce Memory Controller
nForce Memory Controller
nForce Memory Controller
nForce Memory Controller
nForce Memory Controller
PCI standard PCI-to-PCI bridge
PCI standard PCI-to-PCI bridge
PCI standard PCI-to-PCI bridge
nForce Memory Controller
PCI standard ISA bridge
NVIDIA nForce PCI System Management
nForce Memory Controller
NVIDIA nForce Serial ATA Controller
Realtek AC'97 Audio
NVIDIA nForce Networking Controller
AMD HyperTransport™ Configuration
AMD Address Map Configuration
AMD DRAM and HyperTransport™ Trace Mode Configuration
AMD Miscellaneous Configuration
Motherboard resources
Motherboard resources
Programmable interrupt controller
Direct memory access controller
System timer
System CMOS/real time clock
System speaker
Numeric data processor
Communications Port (COM1)
PS/2 Compatible Mouse
Standard PS/2 Keyboard
Motherboard resources
NVIDIA GeForce 6100
Generic PnP Monitor
Standard OpenHCD USB Host Controller
USB Root Hub
USB Mass Storage Device
Generic USB SD Reader USB Device
Generic USB CF Reader USB Device
Generic USB SM Reader USB Device
Generic USB MS Reader USB Device
Standard Enhanced PCI to USB Host Controller
USB Root Hub
USB Mass Storage Device
WD My Passport 0730 USB Device
WD SES Device
Standard Dual Channel PCI IDE Controller
ATA Channel 0
WDC WD400BB-75FJA1 ATA Device
ATA Channel 1
LITE-ON DVDRW SHW-1635S ATA Device
PCI standard PCI-to-PCI bridge
In-Build CX11256 modem
Printer Port (LPT1)
Printer Port Logical Interface
CPU
AMD Sempron 3100+
Cores 1
Threads 1
Name AMD Sempron 3100+
Code Name Palermo
Package Socket 754
Technology 90nm
Specification AMD Sempron™ Processor 3100+
Family F
Extended Family F
Model C
Extended Model 2C
Stepping 2
Revision DH-E6
Instructions MMX (+), 3DNow! (+), SSE, SSE2, SSE3, AMD 64
Virtualization Unsupported
Hyperthreading Not supported
Fan Speed 4295 RPM
Bus Speed 200.9 MHz
Rated Bus Speed 803.7 MHz
Stock Core Speed 1800 MHz
Stock Bus Speed 200 MHz
Average Temperature 66 C
Caches
L1 Data Cache Size 64 KBytes
L1 Instructions Cache Size 64 KBytes
L2 Unified Cache Size 256 KBytes
Core 0
Core Speed 1808.6 MHz
Multiplier x 9.0
Bus Speed 200.9 MHz
Rated Bus Speed 803.7 MHz
Temperature 66 C
Thread 1
APIC ID 0
RAM
Memory slots
Total memory slots 2
Used memory slots 1
Free memory slots 1
Memory
Type DDR
Size 1024 MBytes
Channels # Single
DRAM Frequency 200.9 MHz
CAS# Latency (CL) 3 clocks
RAS# to CAS# Delay (tRCD) 4 clocks
RAS# Precharge (tRP) 4 clocks
Cycle Time (tRAS) 8 clocks
Bank Cycle Time (tRC) 12 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 67 %
Total Physical 990 MB
Available Physical 331 MB
Total Virtual 2.00 GB
Available Virtual 1.89 GB
SPD
Number Of SPD Modules 1
Slot #1
Type DDR
Size 1024 MBytes
Manufacturer
Max Bandwidth PC3200 (200 MHz)
SPD Ext. EPP
JEDEC #2
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 8
Voltage 2.500 V
JEDEC #1
Frequency 166.7 MHz
CAS# Latency 2.5
RAS# To CAS# 4
RAS# Precharge 4
tRAS 7
Voltage 2.500 V
Motherboard
Manufacturer First International Computer, Inc.
Model K8MC51G
Version SYS-xxxxxx
Chipset Vendor NVIDIA
Chipset Model GeForce 6100
Chipset Revision A2
Southbridge Vendor NVIDIA
Southbridge Model nForce 410/430 MCP
Southbridge Revision A2
System Temperature 40 C
BIOS
Brand Phoenix Technologies, LTD
Version 6.00 PG
Date 11/25/2005
Voltage
+5VTR 4.973 V
CPU CORE 1.412 V
ATX +3.3V 3.367 V
ATX +5V 5.052 V
ATX +12V 11.984 V
PCI Data
1. PCI Available
Graphics
Monitor
Name K717 on NVIDIA GeForce 6100
Current Resolution 1280x1024 pixels
Work Resolution 1280x984 pixels
State enabled, primary, output devices support
Monitor Width 1280
Monitor Height 1024
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
GeForce 6100
GPU C51G
Device ID 10DE-0242
Revision A3
Subvendor FIC (1509)
Current Performance Level Level 1
Current GPU Clock 425 MHz
Current Memory Clock 100 MHz
Technology 91 nm
Release Date Nov 2005
DirectX Support 9.0c
DirectX Shader Model 3.0
OpenGL Support 2.0
Bus Interface FPCI
Driver nvlddmkm.sys
Driver version 8.17.12.5896
ForceWare version 258.96
BIOS Version 5.51.22.26.00
ROPs 2
Shaders Vertex 2/Pixel 2
Memory Type System
Physical Memory 32 MB
Virtual Memory 288 MB
Count of performance levels : 1
Level 0
GPU Clock 425 MHz
Memory Clock 100 MHz
Hard Drives
WDC WD400BB-75FJA1 ATA Device
Manufacturer Western Digital
Form Factor GB/2.5-inch
Heads 16
Cylinders 16383
Device type Fixed
ATA Standard ATA/ATAPI-6
48-bit LBA Unsupported
Serial Number WD-WCAJA2137076
Interface PATA
Capacity 39.1GB
Real size 40,000,000,000 bytes
S.M.A.R.T
01 Read Error Rate 200 (001 worst) Data 0000000021
03 Spin-Up Time 105 (094) Data 0000000823
04 Start/Stop Count 098 (098) Data 000000080F
05 Reallocated Sectors Count 199 (199) Data 0000000008
07 Seek Error Rate 200 (200) Data 0000000000
09 Power-On Hours (POH) 063 (063) Data 0000006B97
0A Spin Retry Count 100 (097) Data 0000000000
0B Recalibration Retries 100 (100) Data 0000000000
0C Device Power Cycle Count 098 (098) Data 00000007F4
C2 Temperature 089 (012) Data 0000000036
C4 Reallocation Event Count 199 (199) Data 0000000001
C5 Current Pending Sector Count 200 (200) Data 0000000000
C6 Uncorrectable Sector Count 200 (200) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 200 (200) Data 0000000000
Temperature 54 C
Temperature Range warn (50 C to 55 C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 100 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number 70AA70F1
Size 37.2GB
Used Space 32.0GB (87%)
Free Space 5.12GB (13%)
Optical Drives
LITE-ON DVDRW SHW-1635S ATA Device
Media Type DVD Writer
Name LITE-ON DVDRW SHW-1635S ATA Device
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 1
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Audio
Sound Card
Realtek AC'97 Audio
Playback Devices
Speakers (Realtek AC'97 Audio) (default)
Realtek Digital Output (Realtek AC'97 Audio)
Recording Devices
Phone Line (Realtek AC'97 Audio)
Line In (Realtek AC'97 Audio)
Microphone (Realtek AC'97 Audio) (default)
Speaker Configuration
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
PS/2 Compatible Mouse
Device Kind Mouse
Device Name PS/2 Compatible Mouse
Location plugged into PS/2 mouse port
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic USB SD Reader USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic USB SM Reader USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor WD
Comment WD My Passport 0730 USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic USB CF Reader USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor GENERIC
Comment Generic USB MS Reader USB Device
Location USB Mass Storage Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\disk.sys
Network
You are not connected to the internet
Computer Name
NetBIOS Name EMACHINE-PC
DNS Name emachine-PC
Domain Name emachine-PC
Remote Desktop
Console
State Active
Domain emachine-PC
WinInet Info
An internal error occurred.
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect Yes
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
Media Sharing Enabled
Adapters List
NVIDIA nForce Networking Controller
IP Address 169.254.117.233
Subnet mask 255.255.0.0
Gateway server 0.0.0.0
Network Shares
Users C:\Users
EPSON NX125 NX127 Series EPSON NX125 NX127 Series,LocalsplOnly




---------------

MiniToolBox by Farbar
Ran by emachine (administrator) on 01-07-2011 at 17:39:27
Windows 7 Professional (X86)

***************************************************************************


================= Flush DNS: ==============================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

================= End of Flush DNS ========================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

"Reset IE Proxy Settings": Proxy Settings were reset.

=============== Hosts content: ============================================

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection* 6-QoS Packet Scheduler-0000" nexthop=71.95.252.1 publish=Yes
add address name="Local Area Connection* 6-QoS Packet Scheduler-0000" address=71.95.252.38


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : emachine-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-40-CA-B1-C6-ED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.117.233(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EF6223E7-2179-4F0C-8CA2-FCE93CDE125C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 40 ca b1 c6 ed ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.117.233 276
169.254.117.233 255.255.255.255 On-link 169.254.117.233 276
169.254.255.255 255.255.255.255 On-link 169.254.117.233 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.117.233 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.117.233 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 71.95.252.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/01/2011 04:53:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2011 04:53:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/30/2011 01:07:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2011 10:17:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2011 10:59:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2011 10:17:31 AM) (Source: RasClient) (User: )
Description: CoId={2CF341F0-6D6D-4C4C-9C52-E4A5824E92F7}: The user emachine-PC\emachine dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (06/28/2011 09:55:40 AM) (Source: RasClient) (User: )
Description: CoId={FD33E245-2155-498B-B2BC-589B41CA326F}: The user emachine-PC\emachine dialed a connection named New which has failed. The error code returned on failure is 651.

Error: (06/28/2011 09:54:07 AM) (Source: RasClient) (User: )
Description: CoId={C4E07501-D4C2-49EC-9555-C283C0FF3CEC}: The user emachine-PC\emachine dialed a connection named New which has failed. The error code returned on failure is 651.

Error: (06/27/2011 05:15:27 PM) (Source: RasClient) (User: )
Description: CoId={A995CF63-C7AF-4520-BDC3-91F10D870B90}: The user emachine-PC\emachine dialed a connection named Broadband Connection which has failed. The error code returned on failure is 638.

Error: (06/27/2011 03:11:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/01/2011 04:04:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/01/2011 04:04:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/01/2011 04:04:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/01/2011 04:04:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/01/2011 04:04:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/01/2011 04:04:17 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/01/2011 04:04:17 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/01/2011 04:04:17 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/01/2011 04:04:12 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/01/2011 04:04:12 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 64%
Total physical RAM: 990.49 MB
Available physical RAM: 353.92 MB
Total Pagefile: 2014.49 MB
Available Pagefile: 1164.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.54 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:37.15 GB) (Free:5.12 GB) NTFS
7 Drive i: (My Passport) (Fixed) (Total:698.6 GB) (Free:641.93 GB) NTFS

================= Users: ==================================================

User accounts for \\EMACHINE-PC

-------------------------------------------------------------------------------
Administrator emachine Guest
The command completed successfully.

================= End of Users ============================================

=========================== Minidump Files ====================

No minidump file found

=========================== End oF Minidump Files =============

Edited by Andrew, 02 July 2011 - 02:33 AM.
Mod Edit: Redacted Windows Product Key - AA


#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:19 AM

Posted 01 July 2011 - 09:03 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#12 dirk_dagger

dirk_dagger
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 02 July 2011 - 01:45 PM

http://www.bleepingcomputer.com/forums/topic407295.html

Thank You

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:19 PM

Posted 02 July 2011 - 02:22 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Now that your log is posted and you are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users