Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse BackDoor.Generic14.CBJJ in dfsc.sys


  • Please log in to reply
15 replies to this topic

#1 LVLawyer

LVLawyer

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 December 2011 - 02:14 PM

Merry Christmas! About a week ago, I left my laptop running while I ran into another room. I come back, and Vista Antivirus 2012 had somehow managed to install itself on my computer. I suspect little elves were playing with the keyboard, but no one is talking. I did a search using another computer (because my laptop wouldn't connect to sites that provided information on this program), and was able to download FixNCR.reg. I transferred it to my laptop, ran it, and then used RKill (downloaded as iexplorer). I ran Malwarebytes, but while both it and AVG 2012 found the virus in C:\Windows\System32\drivers\dfsc.sys, neither of them could fix it. Although it appears Vista Antivirus 2012 is gone, it left a nasty little Christmas present.
I've tried running in safe mode and command prompt mode, and haven't gotten anywhere.

My Specs:

Dell Inspiron 1521, running Vista SP1, 32-bit. 2GB of RAM, AMD 1.6 Turion 1.6 GHz
AVG Free Edition 2012

Observed symptoms:
Running very slowly, Firefox frequently gobbles up large amounts of memory, and when I enter a url manually, often I'll get just a blank website until I force it to load again.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:50 PM

Posted 24 December 2011 - 02:54 PM

Welcome aboard Posted Image

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    dfsc.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 LVLawyer

LVLawyer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 December 2011 - 03:07 PM

When it was done AVG Resident Shield popped up identifying c:\Windows\system32\drivers\dfsc.sys as a threat because it was "Detected on open." Don't know if this makes a difference, but I thought I'd include it.

SystemLook 30.07.11 by jpshortstuff
Log created at 11:56 on 24/12/2011 by Allen
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys --a---- 75264 bytes [05:46 02/12/2011] [04:14 11/04/2009] 218D8AE46C88E82014F5D73D0236D9B2
C:\Windows\System32\drivers\dfsc.sys --a---- 75264 bytes [18:22 21/06/2011] [14:24 14/04/2011] A8F9797D685D48048D2AFA7D28DE08AB
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --a---- 74752 bytes [08:31 02/11/2006] [08:31 02/11/2006] A7179DE59AE269AB70345527894CCD7C
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --a---- 75264 bytes [23:53 30/11/2010] [05:28 19/01/2008] 9E635AE5E8AD93E2B5989E2E23679F97
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys --a---- 75264 bytes [18:22 21/06/2011] [13:22 13/04/2011] E20FB30D720810646ED24FB7CA9899A2
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys --a---- 75264 bytes [18:22 21/06/2011] [14:59 14/04/2011] 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys --a---- 75264 bytes [18:22 21/06/2011] [14:36 14/04/2011] 3A3436F7DFE0E0C58CD5C3B6C9F21634

-= EOF =-

Edited by LVLawyer, 24 December 2011 - 03:09 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:50 PM

Posted 24 December 2011 - 03:13 PM

First, let's make sure that file is really infected.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\System32\drivers\dfsc.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 LVLawyer

LVLawyer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 24 December 2011 - 03:19 PM

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
dfsc.sys
Submission date:
2011-12-24 20:09:32 (UTC)
Current status:
finished
Result:
28/ 43 (65.1%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.24.00 2011.12.24 Dropper/Win32.Tdss
AntiVir 7.11.20.16 2011.12.24 TR/TDss.aowin
Antiy-AVL 2.0.3.7 2011.12.24 Trojan/win32.agent.gen
Avast 6.0.1289.0 2011.12.24 Win32:Aluroot [Rtk]
AVG 10.0.0.1190 2011.12.24 BackDoor.Generic14.CBJJ
BitDefender 7.2 2011.12.24 Trojan.Generic.7025352
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.24 -
ClamAV 0.97.3.0 2011.12.24 -
Commtouch 5.3.2.6 2011.12.24 W32/FakeAlert.RL.gen!Eldorado
Comodo 11076 2011.12.24 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.12.24 -
Emsisoft 5.1.0.11 2011.12.24 Trojan-Dropper.Win32.Sirefef!IK
eSafe 7.0.17.0 2011.12.22 -
eTrust-Vet 37.0.9642 2011.12.23 -
F-Prot 4.6.5.141 2011.12.24 W32/FakeAlert.RL.gen!Eldorado
F-Secure 9.0.16440.0 2011.12.24 Trojan.Generic.7025352
Fortinet 4.3.388.0 2011.12.24 W32/ZAccess.K!tr.rkit
GData 22 2011.12.24 Trojan.Generic.7025352
Ikarus T3.1.1.109.0 2011.12.24 Trojan-Dropper.Win32.Sirefef
Jiangmin 13.0.900 2011.12.24 -
K7AntiVirus 9.120.5757 2011.12.23 Riskware
Kaspersky 9.0.0.837 2011.12.24 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.12.24 ZeroAccess.v
McAfee-GW-Edition 2010.1E 2011.12.24 Artemis!A8F9797D685D
Microsoft 1.7903 2011.12.24 TrojanDropper:Win32/Sirefef.B
NOD32 6739 2011.12.24 a variant of Win32/Rootkit.Kryptik.GG
Norman 6.07.13 2011.12.24 W32/Suspicious_Gen2.TXWAU
nProtect 2011-12-24.01 2011.12.24 -
Panda 10.0.3.5 2011.12.24 Generic Trojan
PCTools 8.0.0.5 2011.12.24 -
Prevx 3.0 2011.12.24 -
Rising 23.89.04.02 2011.12.23 -
Sophos 4.72.0 2011.12.24 -
SUPERAntiSpyware 4.40.0.1006 2011.12.24 Trojan.Agent/Gen-Falpdb
Symantec 20111.2.0.82 2011.12.24 WS.Reputation.1
TheHacker 6.7.0.1.362 2011.12.22 Trojan/Kryptik.gg
TrendMicro 9.500.0.1008 2011.12.24 TROJ_GEN.R47C7LF
TrendMicro-HouseCall 9.500.0.1008 2011.12.24 TROJ_GEN.R47C7LF
VBA32 3.12.16.4 2011.12.22 -
VIPRE 11298 2011.12.24 Trojan.FakeAlert
ViRobot 2011.12.24.4845 2011.12.24 -
VirusBuster 14.1.132.0 2011.12.24 -
Additional information
MD5 : a8f9797d685d48048d2afa7d28de08ab
SHA1 : 3501ec995ed44e34c129ef07217887ac2c3c9304
SHA256: 71bea94200074cfa44a21d6cfafe0666a61772e344216f79540eb009f7cdad3a
ssdeep: 1536:M3/ya5wJB52AaCXlvU3O40slwUEe4Z8E4yFuv+t1v:XyqBUe40sCUDi8E4yFG+t1v
File size : 75264 bytes
First seen: 2011-12-10 23:24:22
Last seen : 2011-12-24 20:09:32
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x62D1
timedatestamp....: 0x4EE12909 (Thu Dec 08 21:15:53 2011)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x721E, 0x7400, 7.88, f911d0d44ef2e317c03fb276d5902178
.file, 0x9000, 0x168, 0x200, 3.84, 5ed1c63df415039a415449a78cbec8a2
.data, 0xA000, 0x60A0, 0x800, 5.59, 73ffd63ce85d6980ca3dfe53d5b5ddf0
.rdata, 0x11000, 0x250F, 0x2600, 7.87, 6800d7fe0e0b3d6bd2221eec18bef4db
.type, 0x14000, 0x45D, 0x600, 3.76, ac487d28619bd0fa1f9de2184970aff7
.rsrc, 0x15000, 0x10, 0x200, 0.02, 4e3b2ec5da7200456d338156d854c01b
.reloc, 0x16000, 0x264, 0x400, 4.38, dc4e76dccd529148ddc0fdaa93b886d4

[[ 1 import(s) ]]
ntoskrnl.exe: PsGetCurrentThreadId, ObReferenceObjectByPointer, ExCreateCallback, ObGetObjectSecurity, RtlUnicodeStringToAnsiString, RtlSubAuthoritySid, RtlPrefixUnicodeString, FsRtlIsNameInExpression, RtlHashUnicodeString, KeClearEvent, SeQueryAuthenticationIdToken, _wcsupr, RtlInitUnicodeString, RtlFillMemoryUlong, RtlInitString, RtlEqualString, RtlCompareString, RtlEqualUnicodeString
ExifTool:
file metadata
CodeSize: 39424
EntryPoint: 0x62d1
FileSize: 74 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 5632
LinkerVersion: 10.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
PEType: PE32
Subsystem: Native
SubsystemVersion: 5.1
TimeStamp: 2011:12:08 22:15:53+01:00
UninitializedDataSize: 0

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:50 PM

Posted 24 December 2011 - 03:26 PM

Very well...

Restart computer in safe mode.
Open Windows Explorer, navigate to C:\Windows\System32\drivers folder, rename dfsc.sys to dfsc.old.
Then, go to C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a folder, copy dfsc.sys file from there and paste it to C:\Windows\System32\drivers folder.

Restart computer.
See if AVG still complains.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 LVLawyer

LVLawyer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 25 December 2011 - 12:54 AM

AVG doesn't pick it up at all now, not even when I scan dfsc.old directly. Virustotal.com still reads dfsc.old the same as previously posted. Should I reinstall Malwarebytes, or just delete dfsc.old?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:50 PM

Posted 25 December 2011 - 01:00 AM

You can delete delete dfsc.old.

Now I want you to run some extra scans.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 LVLawyer

LVLawyer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 25 December 2011 - 06:08 PM

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 17
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 11.1.102.55
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

==========================================
MiniToolBox by Farbar
Ran by Allen (administrator) on 24-12-2011 at 23:19:19
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)

***************************************************************************

alwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122501

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

12/24/2011 11:46:52 PM
mbam-log-2011-12-24 (23-46-52).txt

Scan type: Quick scan
Objects scanned: 194862
Time elapsed: 23 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mordred
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1C-26-23-C1-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 24, 2011 9:37:34 PM
Lease Expires . . . . . . . . . . : Tuesday, December 27, 2011 11:08:02 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lv.cox.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1C-23-82-FE-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.wireless.unlv.edu
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.lv.cox.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.224.116
74.125.224.112
74.125.224.113
74.125.224.114
74.125.224.115



Pinging google.com [74.125.224.113] with 32 bytes of data:

Reply from 74.125.224.113: bytes=32 time=27ms TTL=54

Reply from 74.125.224.113: bytes=32 time=27ms TTL=54



Ping statistics for 74.125.224.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 27ms, Average = 27ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=69ms TTL=54

Reply from 209.191.122.70: bytes=32 time=63ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 63ms, Maximum = 69ms, Average = 66ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1c 26 23 c1 b6 ...... Dell Wireless 1390 WLAN Mini-Card
8 ...00 1c 23 82 fe 27 ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
13 ...00 00 00 00 00 00 00 e0 isatap.wireless.unlv.edu
12 ...00 00 00 00 00 00 00 e0 isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
20 ...00 00 00 00 00 00 00 e0 isatap.lv.cox.net
15 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.5 281
192.168.2.5 255.255.255.255 On-link 192.168.2.5 281
192.168.2.255 255.255.255.255 On-link 192.168.2.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] ()
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/24/2011 11:14:39 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/24/2011 11:14:37 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (12/24/2011 10:47:36 PM) (Source: Application Error) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.9.0, time stamp 0x4acfa581, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01d64fa3,
process id 0x1038, application start time 0xHPWUCli.exe0.

Error: (12/24/2011 09:37:43 PM) (Source: Application Error) (User: )
Description: Faulting application bcmwltry.exe, version 4.102.15.61, time stamp 0x45f8a9d0, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc015000f, fault offset 0x0007632f,
process id 0x140, application start time 0xbcmwltry.exe0.

Error: (12/24/2011 09:21:40 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/24/2011 11:08:38 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00045ec8,
process id 0x830, application start time 0xExplorer.EXE0.

Error: (12/24/2011 01:31:53 AM) (Source: Automatic LiveUpdate Scheduler) (User: SYSTEM)SYSTEM
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Error: (12/23/2011 10:06:09 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1400) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/23/2011 10:03:28 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/23/2011 10:03:26 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (12/24/2011 09:40:52 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (12/24/2011 09:37:37 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer PrimoPDF with shared resource name PrimoPDF. Error 1753. The printer cannot be used by others on the network.

Error: (12/24/2011 09:37:22 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (12/24/2011 09:22:58 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/24/2011 09:22:48 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (12/24/2011 09:22:27 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068


Microsoft Office Sessions:
=========================
Error: (01/05/2011 00:50:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/11/2009 09:45:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/02/2009 01:23:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/01/2009 10:43:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 163438 seconds with 10500 seconds of active time. This session ended with a crash.

Error: (08/20/2009 10:33:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/14/2009 10:03:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/19/2009 09:15:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/06/2009 11:10:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 265932 seconds with 60 seconds of active time. This session ended with a crash.

Error: (04/17/2009 10:58:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 97334 seconds with 6900 seconds of active time. This session ended with a crash.

Error: (12/01/2008 06:40:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 150749 seconds with 6300 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.2.0)
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AspenLaw Studydesk (Version: 3.1.0.0)
ATI Catalyst Control Center (Version: 1.007.0323.1740)
ATI PCI Express (3GIO) Filter Driver (Version: 1.00.0000.)
AutoUpdate (Version: 1.1)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1901)
Big Fish Games Client
Boat (Version: 1.0.0)
Bonjour (Version: 3.0.0.2)
Broadcom Management Programs (Version: 10.15.03)
BufferChm (Version: 140.0.212.000)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.3.0.14)
Canon MOV Encoder (Version: 1.1.0.18)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon Utilities CameraWindow (Version: 7.2.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities Digital Photo Professional 3.6 (Version: 3.6.0.0)
Canon Utilities EOS Utility (Version: 2.6.0.0)
Canon Utilities MyCamera (Version: 7.2.0.4)
Canon Utilities Original Data Security Tools (Version: 1.6.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities WFT-E1/E2/E3/E4 Utility (Version: 3.3.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.3.1.8)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Canvas for Microsoft® OneNote® 2007 (Version: 1.1.1315.0)
Catalyst Control Center Core Implementation (Version: 2007.0320.2223.38170)
Catalyst Control Center Graphics Full Existing (Version: 2007.0320.2223.38170)
Catalyst Control Center Graphics Full New (Version: 2007.0320.2223.38170)
Catalyst Control Center Graphics Light (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Danish (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Dutch (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Finnish (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization French (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization German (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Italian (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Japanese (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Korean (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Norwegian (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Portuguese (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Russian (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Spanish (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Swedish (Version: 2007.0320.2223.38170)
Catan - Cities and Knights (Version: 1.229)
ccc-Branding (Version: 1.00.0000)
ccc-core-static (Version: 2007.0320.2223.38170)
ccc-utility (Version: 2007.0320.2223.38170)
CCC Help Chinese Standard (Version: 2007.0320.2222.38170)
CCC Help Chinese Traditional (Version: 2007.0320.2222.38170)
CCC Help Danish (Version: 2007.0320.2222.38170)
CCC Help Dutch (Version: 2007.0320.2222.38170)
CCC Help English (Version: 2007.0320.2222.38170)
CCC Help Finnish (Version: 2007.0320.2222.38170)
CCC Help French (Version: 2007.0320.2222.38170)
CCC Help German (Version: 2007.0320.2222.38170)
CCC Help Italian (Version: 2007.0320.2222.38170)
CCC Help Japanese (Version: 2007.0320.2222.38170)
CCC Help Korean (Version: 2007.0320.2222.38170)
CCC Help Norwegian (Version: 2007.0320.2222.38170)
CCC Help Portuguese (Version: 2007.0320.2222.38170)
CCC Help Russian (Version: 2007.0320.2222.38170)
CCC Help Spanish (Version: 2007.0320.2222.38170)
CCC Help Swedish (Version: 2007.0320.2222.38170)
CDDRV_Installer (Version: 4.60)
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows (Version: 4.0)
Dell Support Center (Version: 3.1.5907.16)
Dell System Customization Wizard (Version: 1.00.0000)
Dell Touchpad (Version: 9.1.18.6)
DELL Webcam Center
DELL Webcam Manager
Dell Wireless WLAN Card (Version: 4.102.15.61)
Digital Line Detect (Version: 1.21)
DivX Content Uploader (Version: 1.2.1)
DivX Converter (Version: 6.5.1)
DivX Player (Version: 6.6.0)
DivX Web Player (Version: 1.4.0)
Fax (Version: 90.0.146.000)
FlowBreeze Standard 2.3.0.11 (Version: 2.3.0.11)
FLV Player (Version: 2.0 )
Free Realms Installer (Version: 1.0.3.63)
Games, Music, & Photos Launcher (Version: 1.00.0000)
Garmin BaseCamp (Version: 2.0.7)
Garmin Communicator Plugin (Version: 2.8.1)
Garmin TOPO U.S. 2008 (Version: 4.0.0.0)
Garmin WebUpdater (Version: 2.4.2)
Google Chrome (Version: 16.0.912.63)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 2.5.8.4958)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
GPBaseService2 (Version: 140.0.211.000)
GSAK 7.7.3.53 (Final)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
HPProductAssistant (Version: 140.0.212.000)
Icewind Dale II (Version: 1.00.000)
Instant JPEG From RAW (Version: 1.6.0)
iTunes (Version: 10.4.0.80)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 17 (Version: 6.0.170)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
K-Lite Codec Pack 7.1.0 (Full) (Version: 7.1.0)
KhalInstallWrapper (Version: 4.70.213)
KONICA MINOLTA magicolor 2530DL
Laptop Integrated Webcam Driver (1.04.01.1011)
LexisNexis CaseMap 7 (Version: 7.50.24.00)
Live! Cam Avatar Creator (Version: 4.5.2722.1)
Live! Cam Avatar v1.0 (Version: 1.0)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.2.0)
Logitech SetPoint (Version: 4.70)
Loki Browser Plugin
MapSource (Version: 6.0)
MarketResearch (Version: 140.0.212.000)
MediaDirect (Version: 4.7)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Accounting 2007 (Version: 2.0.7503.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Accounting Equifax Addin (Version: 2.0.7416.00)
Microsoft Office Accounting Fixed Asset Manager (Version: 2.0.7416.00)
Microsoft Office Accounting PayPal Addin (Version: 2.0.7416.00)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Modem Diagnostic Tool (Version: 1.0.20.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.44)
nLite 1.4.9.1 (Version: 1.4.9.1)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
OpenOffice.org 2.2 (Version: 2.2.9161)
Opera 9.52 (Version: 9.52)
OutlookAddinSetup (Version: 1.0.0)
Pando Media Booster (Version: 2.3.3.6)
Premium Viewer ONLY (Version: 8.06.0000)
PrimoPDF (Version: 4.0.1)
Product Documentation Launcher (Version: 1.00.0000)
Quick Stego 1.2
QuickSet (Version: 8.0.11)
QuickTime (Version: 7.69.80.9)
QuickTime Alternative 2.8.0 (Version: 2.8.0)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Ride!
Rigos_Aspen2 (Version: 1.0.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
SigmaTel Audio (Version: 5.10.5102.0)
Skins (Version: 2007.0320.2223.38170)
Skype™ 4.0 (Version: 4.0.206)
SmartDraw 7 (Version: 7.00)
SolutionCenter (Version: 140.0.213.000)
Sonic Activation Module (Version: 1.0)
swMSM (Version: 12.0.0.1)
TBS WMP Plug-in (Version: 1.00.007)
TradeWinds 2 (remove only)
UnloadSupport (Version: 9.0.0)
URL Assistant
User's Guides
WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR archiver
Wootalyzer!
WordPerfectRecovery
Zeno Interpreter 1.2

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1917.42 MB
Available physical RAM: 758.83 MB
Total Pagefile: 4080.11 MB
Available Pagefile: 2711.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.03 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:136.49 GB) (Free:21.93 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.12 GB) NTFS

========================= Users: ========================================

User accounts for \\MORDRED

Administrator Allen ASPNET
Guest


**** End of log ****
===========================================================================

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122501

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

12/24/2011 11:46:52 PM
mbam-log-2011-12-24 (23-46-52).txt

Scan type: Quick scan
Objects scanned: 194862
Time elapsed: 23 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
==============================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-25 01:28:55
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS rev.3.CDD
Running: ny1detj5.exe; Driver: C:\Users\Allen\AppData\Local\Temp\uwldypob.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 8613EF00
INT 0x62 ? 8613EF00
INT 0x62 ? 8613EF00
INT 0x71 ? 84377BF8
INT 0x81 ? 84377BF8
INT 0x91 ? 84377BF8
INT 0x92 ? 8613EF00
INT 0x92 ? 8613EF00
INT 0xB3 ? 8613EF00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spfa.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 87F5246F 5 Bytes JMP 8613E4E0
.text acyboxxk.SYS 87DC2000 22 Bytes [26, 02, 5C, 82, 10, 01, 5C, ...]
.text acyboxxk.SYS 87DC2017 145 Bytes [00, 32, D7, D0, 82, 3D, D5, ...]
.text acyboxxk.SYS 87DC20A9 35 Bytes [30, 25, 82, 60, 27, 25, 82, ...]
.text acyboxxk.SYS 87DC20CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text acyboxxk.SYS 87DC20DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82C116D6] \SystemRoot\System32\Drivers\spfa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82C11042] \SystemRoot\System32\Drivers\spfa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82C11800] \SystemRoot\System32\Drivers\spfa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82C110C0] \SystemRoot\System32\Drivers\spfa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82C1113E] \SystemRoot\System32\Drivers\spfa.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82C20B90] \SystemRoot\System32\Drivers\spfa.sys
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortWritePortUchar] 8387DE8F
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F87DE60
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\acyboxxk.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73998864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [739D9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7399B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7398FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73997A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7398EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [739CB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7399BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73990756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [739906BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [739871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73A1D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [739B7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7398E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7398697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2324] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73992475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197eda7822
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197eda7822@0023d77634ac 0xAB 0x57 0x90 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x0A 0xE0 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0xA8 0x55 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9A 0xFF 0x73 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x01 0xA5 0x53 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197eda7822 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197eda7822@0023d77634ac 0xAB 0x57 0x90 0x72 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x0A 0xE0 0x10 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0xA2 0x3B 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9A 0xFF 0x73 0x98 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x01 0xA5 0x53 0xEB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10090400000000000F01FEC\Usage@OutlookMAPI2Intl_1033 1066668951
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber 45
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointSignature 9e3f1de6-3d73-477b-b76a-b6c468752261
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointNumber 3

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB50365$\1306721288 0 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340 0 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\@ 2048 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\bckfg.tmp 849 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\keywords 224 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\L 0 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\L\qnbwvoto 75264 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\U 0 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB50365$\2336313340\U\80000032.@ 98304 bytes

---- EOF - GMER 1.0.15 ----
====================================
Farbar Service Scanner
Ran by Allen (administrator) on 25-12-2011 at 01:33:57
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:50 PM

Posted 25 December 2011 - 06:53 PM

FSS log is incomplete.
Please repost.

MiniToolbox log has upper part missing.
Please repost.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 LVLawyer

LVLawyer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 26 December 2011 - 03:25 AM

Sorry about that. I'm not quite sure what happened.

MiniToolBox by Farbar
Ran by Allen (administrator) on 24-12-2011 at 23:19:19
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)

***************************************************************************

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mordred
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1C-26-23-C1-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 24, 2011 9:37:34 PM
Lease Expires . . . . . . . . . . : Tuesday, December 27, 2011 11:08:02 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lv.cox.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1C-23-82-FE-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.wireless.unlv.edu
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.lv.cox.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.224.116
74.125.224.112
74.125.224.113
74.125.224.114
74.125.224.115



Pinging google.com [74.125.224.113] with 32 bytes of data:

Reply from 74.125.224.113: bytes=32 time=27ms TTL=54

Reply from 74.125.224.113: bytes=32 time=27ms TTL=54



Ping statistics for 74.125.224.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 27ms, Average = 27ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=69ms TTL=54

Reply from 209.191.122.70: bytes=32 time=63ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 63ms, Maximum = 69ms, Average = 66ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1c 26 23 c1 b6 ...... Dell Wireless 1390 WLAN Mini-Card
8 ...00 1c 23 82 fe 27 ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
13 ...00 00 00 00 00 00 00 e0 isatap.wireless.unlv.edu
12 ...00 00 00 00 00 00 00 e0 isatap.{3DDFDEB3-F3B7-416C-8604-6E8C4B7A1DD2}
20 ...00 00 00 00 00 00 00 e0 isatap.lv.cox.net
15 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.5 281
192.168.2.5 255.255.255.255 On-link 192.168.2.5 281
192.168.2.255 255.255.255.255 On-link 192.168.2.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] ()
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/24/2011 11:14:39 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/24/2011 11:14:37 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (12/24/2011 10:47:36 PM) (Source: Application Error) (User: )
Description: Faulting application HPWUCli.exe, version 5.0.9.0, time stamp 0x4acfa581, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01d64fa3,
process id 0x1038, application start time 0xHPWUCli.exe0.

Error: (12/24/2011 09:37:43 PM) (Source: Application Error) (User: )
Description: Faulting application bcmwltry.exe, version 4.102.15.61, time stamp 0x45f8a9d0, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc015000f, fault offset 0x0007632f,
process id 0x140, application start time 0xbcmwltry.exe0.

Error: (12/24/2011 09:21:40 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/24/2011 11:08:38 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00045ec8,
process id 0x830, application start time 0xExplorer.EXE0.

Error: (12/24/2011 01:31:53 AM) (Source: Automatic LiveUpdate Scheduler) (User: SYSTEM)SYSTEM
Description: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Error: (12/23/2011 10:06:09 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (1400) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/23/2011 10:03:28 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/23/2011 10:03:26 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (12/24/2011 09:40:52 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (12/24/2011 09:39:40 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (12/24/2011 09:37:37 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer PrimoPDF with shared resource name PrimoPDF. Error 1753. The printer cannot be used by others on the network.

Error: (12/24/2011 09:37:22 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (12/24/2011 09:22:58 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/24/2011 09:22:48 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (12/24/2011 09:22:27 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068


Microsoft Office Sessions:
=========================
Error: (01/05/2011 00:50:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/11/2009 09:45:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/02/2009 01:23:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/01/2009 10:43:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 163438 seconds with 10500 seconds of active time. This session ended with a crash.

Error: (08/20/2009 10:33:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/14/2009 10:03:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/19/2009 09:15:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/06/2009 11:10:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 265932 seconds with 60 seconds of active time. This session ended with a crash.

Error: (04/17/2009 10:58:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 97334 seconds with 6900 seconds of active time. This session ended with a crash.

Error: (12/01/2008 06:40:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 150749 seconds with 6300 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.2.0)
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AspenLaw Studydesk (Version: 3.1.0.0)
ATI Catalyst Control Center (Version: 1.007.0323.1740)
ATI PCI Express (3GIO) Filter Driver (Version: 1.00.0000.)
AutoUpdate (Version: 1.1)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1901)
Big Fish Games Client
Boat (Version: 1.0.0)
Bonjour (Version: 3.0.0.2)
Broadcom Management Programs (Version: 10.15.03)
BufferChm (Version: 140.0.212.000)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.3.0.14)
Canon MOV Encoder (Version: 1.1.0.18)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon Utilities CameraWindow (Version: 7.2.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities Digital Photo Professional 3.6 (Version: 3.6.0.0)
Canon Utilities EOS Utility (Version: 2.6.0.0)
Canon Utilities MyCamera (Version: 7.2.0.4)
Canon Utilities Original Data Security Tools (Version: 1.6.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities WFT-E1/E2/E3/E4 Utility (Version: 3.3.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.3.1.8)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Canvas for Microsoft® OneNote® 2007 (Version: 1.1.1315.0)
Catalyst Control Center Core Implementation (Version: 2007.0320.2223.38170)
Catalyst Control Center Graphics Full Existing (Version: 2007.0320.2223.38170)
Catalyst Control Center Graphics Full New (Version: 2007.0320.2223.38170)
Catalyst Control Center Graphics Light (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Danish (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Dutch (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Finnish (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization French (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization German (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Italian (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Japanese (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Korean (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Norwegian (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Portuguese (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Russian (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Spanish (Version: 2007.0320.2223.38170)
Catalyst Control Center Localization Swedish (Version: 2007.0320.2223.38170)
Catan - Cities and Knights (Version: 1.229)
ccc-Branding (Version: 1.00.0000)
ccc-core-static (Version: 2007.0320.2223.38170)
ccc-utility (Version: 2007.0320.2223.38170)
CCC Help Chinese Standard (Version: 2007.0320.2222.38170)
CCC Help Chinese Traditional (Version: 2007.0320.2222.38170)
CCC Help Danish (Version: 2007.0320.2222.38170)
CCC Help Dutch (Version: 2007.0320.2222.38170)
CCC Help English (Version: 2007.0320.2222.38170)
CCC Help Finnish (Version: 2007.0320.2222.38170)
CCC Help French (Version: 2007.0320.2222.38170)
CCC Help German (Version: 2007.0320.2222.38170)
CCC Help Italian (Version: 2007.0320.2222.38170)
CCC Help Japanese (Version: 2007.0320.2222.38170)
CCC Help Korean (Version: 2007.0320.2222.38170)
CCC Help Norwegian (Version: 2007.0320.2222.38170)
CCC Help Portuguese (Version: 2007.0320.2222.38170)
CCC Help Russian (Version: 2007.0320.2222.38170)
CCC Help Spanish (Version: 2007.0320.2222.38170)
CCC Help Swedish (Version: 2007.0320.2222.38170)
CDDRV_Installer (Version: 4.60)
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows (Version: 4.0)
Dell Support Center (Version: 3.1.5907.16)
Dell System Customization Wizard (Version: 1.00.0000)
Dell Touchpad (Version: 9.1.18.6)
DELL Webcam Center
DELL Webcam Manager
Dell Wireless WLAN Card (Version: 4.102.15.61)
Digital Line Detect (Version: 1.21)
DivX Content Uploader (Version: 1.2.1)
DivX Converter (Version: 6.5.1)
DivX Player (Version: 6.6.0)
DivX Web Player (Version: 1.4.0)
Fax (Version: 90.0.146.000)
FlowBreeze Standard 2.3.0.11 (Version: 2.3.0.11)
FLV Player (Version: 2.0 )
Free Realms Installer (Version: 1.0.3.63)
Games, Music, & Photos Launcher (Version: 1.00.0000)
Garmin BaseCamp (Version: 2.0.7)
Garmin Communicator Plugin (Version: 2.8.1)
Garmin TOPO U.S. 2008 (Version: 4.0.0.0)
Garmin WebUpdater (Version: 2.4.2)
Google Chrome (Version: 16.0.912.63)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 2.5.8.4958)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
GPBaseService2 (Version: 140.0.211.000)
GSAK 7.7.3.53 (Final)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.002.002)
HPProductAssistant (Version: 140.0.212.000)
Icewind Dale II (Version: 1.00.000)
Instant JPEG From RAW (Version: 1.6.0)
iTunes (Version: 10.4.0.80)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 17 (Version: 6.0.170)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
K-Lite Codec Pack 7.1.0 (Full) (Version: 7.1.0)
KhalInstallWrapper (Version: 4.70.213)
KONICA MINOLTA magicolor 2530DL
Laptop Integrated Webcam Driver (1.04.01.1011)
LexisNexis CaseMap 7 (Version: 7.50.24.00)
Live! Cam Avatar Creator (Version: 4.5.2722.1)
Live! Cam Avatar v1.0 (Version: 1.0)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.2.0)
Logitech SetPoint (Version: 4.70)
Loki Browser Plugin
MapSource (Version: 6.0)
MarketResearch (Version: 140.0.212.000)
MediaDirect (Version: 4.7)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Accounting 2007 (Version: 2.0.7503.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Accounting Equifax Addin (Version: 2.0.7416.00)
Microsoft Office Accounting Fixed Asset Manager (Version: 2.0.7416.00)
Microsoft Office Accounting PayPal Addin (Version: 2.0.7416.00)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Modem Diagnostic Tool (Version: 1.0.20.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.44)
nLite 1.4.9.1 (Version: 1.4.9.1)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
OpenOffice.org 2.2 (Version: 2.2.9161)
Opera 9.52 (Version: 9.52)
OutlookAddinSetup (Version: 1.0.0)
Pando Media Booster (Version: 2.3.3.6)
Premium Viewer ONLY (Version: 8.06.0000)
PrimoPDF (Version: 4.0.1)
Product Documentation Launcher (Version: 1.00.0000)
Quick Stego 1.2
QuickSet (Version: 8.0.11)
QuickTime (Version: 7.69.80.9)
QuickTime Alternative 2.8.0 (Version: 2.8.0)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Ride!
Rigos_Aspen2 (Version: 1.0.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
SigmaTel Audio (Version: 5.10.5102.0)
Skins (Version: 2007.0320.2223.38170)
Skype™ 4.0 (Version: 4.0.206)
SmartDraw 7 (Version: 7.00)
SolutionCenter (Version: 140.0.213.000)
Sonic Activation Module (Version: 1.0)
swMSM (Version: 12.0.0.1)
TBS WMP Plug-in (Version: 1.00.007)
TradeWinds 2 (remove only)
UnloadSupport (Version: 9.0.0)
URL Assistant
User's Guides
WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR archiver
Wootalyzer!
WordPerfectRecovery
Zeno Interpreter 1.2

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1917.42 MB
Available physical RAM: 758.83 MB
Total Pagefile: 4080.11 MB
Available Pagefile: 2711.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.03 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:136.49 GB) (Free:21.93 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.12 GB) NTFS

========================= Users: ========================================

User accounts for \\MORDRED

Administrator Allen ASPNET
Guest


**** End of log ****

===============================
Farbar Service Scanner
Ran by Allen (administrator) on 25-12-2011 at 01:33:57
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2010-11-30 15:52] - [2008-01-18 23:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-21 10:22] - [2011-04-21 05:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-11-30 23:47] - [2010-06-16 07:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-12 21:50] - [2011-03-02 06:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2010-11-30 15:54] - [2008-01-18 23:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-11-30 15:52] - [2008-01-18 23:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys
[2010-11-30 15:54] - [2008-01-18 21:54] - 0064000 ____A (Microsoft Corporation) 22241FEBA9B2DEFA669C8CB0A8DD7D2E

C:\Windows\system32\SDRSVC.dll
[2010-11-30 15:53] - [2008-01-18 23:36] - 0104960 ____A (Microsoft Corporation) 716313D9F6B0529D03F726D5AAF6F191

C:\Windows\system32\vssvc.exe
[2010-11-30 15:50] - [2008-01-18 23:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-17 23:04] - [2009-03-02 20:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:50 PM

Posted 26 December 2011 - 11:22 AM

For starters we have "hosts" file missing.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost
::1         	localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image

NOTE.
If you receive You don't have permission to save in this location message take ownership of C:\windows\system32\drivers\etc folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
If the above doesn't work save the file to some known location, like your desktop, copy it from there and paste it to "etc" folder.

====================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

=================================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 LVLawyer

LVLawyer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 31 December 2011 - 11:31 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 00:33 on 31/12/2011 by Allen
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 735 bytes [08:32 31/12/2011] [08:32 31/12/2011]
lmhosts.sam --a---- 3683 bytes [06:38 02/11/2006] [21:41 18/09/2006]
networks --a---- 407 bytes [10:23 02/11/2006] [21:41 18/09/2006]
protocol --a---- 1358 bytes [10:23 02/11/2006] [21:41 18/09/2006]
services --a---- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006]

---Folders---
None found.

-= EOF =-

===================================
aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-31 07:23:49
-----------------------------
07:23:49.519 OS Version: Windows 6.0.6001 Service Pack 1
07:23:49.520 Number of processors: 2 586 0x4802
07:23:49.522 ComputerName: MORDRED UserName: Allen
07:23:54.103 Initialize success
07:24:05.819 AVAST engine defs: 11123001
07:24:20.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:24:20.508 Disk 0 Vendor: ST9160821AS 3.CDD Size: 152627MB BusType: 3
07:24:20.539 Disk 0 MBR read successfully
07:24:20.542 Disk 0 MBR scan
07:24:20.549 Disk 0 Windows VISTA default MBR code
07:24:20.554 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
07:24:20.582 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
07:24:20.631 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139763 MB offset 21100544
07:24:20.640 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
07:24:20.793 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
07:24:20.804 Disk 0 scanning sectors +312578048
07:24:21.067 Disk 0 scanning C:\Windows\system32\drivers
07:24:48.494 Service scanning
07:24:50.817 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
07:24:51.533 Modules scanning
07:25:01.362 Disk 0 trace - called modules:
07:25:01.398 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x851371f8]<<
07:25:01.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852d0708]
07:25:01.415 3 CLASSPNP.SYS[8819f745] -> nt!IofCallDriver -> [0x852a8248]
07:25:01.423 5 acpi.sys[82d2f6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852b6ba0]
07:25:01.431 \Driver\atapi[0x843afae8] -> IRP_MJ_CREATE -> 0x851371f8
07:25:04.099 AVAST engine scan C:\Windows
07:25:10.359 AVAST engine scan C:\Windows\system32
07:28:53.196 AVAST engine scan C:\Windows\system32\drivers
07:29:09.883 AVAST engine scan C:\Users\Allen
07:52:00.803 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
07:52:00.818 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
08:17:54.634 AVAST engine scan C:\ProgramData
08:27:43.782 Scan finished successfully
08:29:15.222 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
08:29:15.242 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"
08:29:40.331 Disk 0 MBR has been saved successfully to "C:\Users\Allen\Desktop\MBR.dat"
08:29:40.343 The log file has been saved successfully to "C:\Users\Allen\Desktop\aswMBR.txt"


=============================

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:50 PM

Posted 31 December 2011 - 01:27 PM

Looks good :)

Last checks...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 LVLawyer

LVLawyer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 01 January 2012 - 01:26 AM

Happy New Year, and here's the ESET log:

C:\Users\Allen\AppData\Local\Temp\jar_cache18752.tmp multiple threats deleted - quarantined
C:\Users\Allen\Downloads\Boat.zip probably a variant of Win32/Agent.DUEXESJ trojan deleted - quarantined
C:\Users\Allen\Downloads\Boat\setup.exe probably a variant of Win32/Agent.DUEXESJ trojan cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users