Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lan Proxy Hijacked


  • Please log in to reply
17 replies to this topic

#1 ConfoundedX

ConfoundedX

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 11 January 2012 - 05:09 PM

Hello Team,

A few weeks back a computer on our home office network, was discovered to have a root kit. I learned about this from forum@malwareremoval.com.

http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=58703

That PC was reformatted and WinXP pro was reinstalled!

This week I received a call from SANTANDER BUSINESSS BANK and learned someone had gotten into our account, set themselves up as authorised user, added payees and a series of payments to out reguluarly in the range of some of our normal payment amounts. Thank God they called.

I am writing today because I just discovered that another PC running win7 ult SP1 has proxy issue. The use proxy or automatically detect proxy settings window is not ticked. nonetheless, if I remove the settings it is back on every reboot. I have run scans and nothing comes up. I have McAffe Security Center, from PlusNet including firewall. There is a record in McAfee however that 3 Trojans were removed in the last scan that ran automatically, but I cannot find what these actually were or where they were. There does not seem to a quarentine record. I ran IOBIT Malware Engine and nothing comes up. In a last attempt today. I ran TDSSKiller from Kasperspy. It located 3 unsigned files in System32\Drivers

netaapl.sys
PCASp50sys
libusbo.sys

I copied these to quarantine and deleted them.

On reboot I found the LAN PROXY is still reset again, but only on one profile. The problem now is I lost my network adaptor, usb access, and sound. The device manager shows [!] and drivers cannot be installed.

Oh forgot to mention, ....for the last few weeks another symtop on this WIN7 box was to BSOD when shutting down. The error was in the USBHUB.SYS and there are dump files with more details. If all USB devices were unplugged the box would shut down. So something is up there too and I do not know if it is related and if so to LIBUSB0.SYS that was removed.

I guess I need to reinstall these files. From here I would really like some instruction. Once back online we run diagnostics and post logs as I may be directed.

Thanks in advance for any consideration!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:17 AM

Posted 11 January 2012 - 11:58 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 12 January 2012 - 06:57 AM

Hi Thanks for your reply.
Problem is that the WIN7 PC in question, now does not have NET SOUND or USB Access as stated since

netaapl.sys
PCASp50sys
libusb0.sys

Were quarantined and deleted by TDSSKiller.

I have to get the machine going hopefully without resinstalling the OS.

Tks
James

#4 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 12 January 2012 - 07:29 PM

OK I was able to do a system restore which got me back in business. I replaced the (3) files in question with later versions.

The logs you requested are here.
MiniToolBox by Farbar
Ran by Medion (administrator) on 12-01-2012 at 16:56:46
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http://98.191.225.180:3128 *****[note this PROXY IP re-appears after re-boot]*****
========================= Hosts content: =================================

::1 localhost
74.208.10.249 gs.apple.com

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SAMSUNG-Q210
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1F-E2-EC-54-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-13-77-91-7B-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::656d:35d9:2c8:1707%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 12 January 2012 15:12:22
Lease Expires . . . . . . . . . . : 13 January 2012 15:12:22
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 251663223
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-B1-67-2D-00-13-77-91-7B-41
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F3F7E41F-0377-4AA5-934A-4A706A72703A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.67.99
173.194.67.103
173.194.67.147
173.194.67.106
173.194.67.105
173.194.67.104


Pinging google.com [209.85.229.103] with 32 bytes of data:
Reply from 209.85.229.103: bytes=32 time=307ms TTL=53
Reply from 209.85.229.103: bytes=32 time=41ms TTL=53

Ping statistics for 209.85.229.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 307ms, Average = 174ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
98.137.149.56
72.30.2.43


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=617ms TTL=48
Reply from 98.139.180.149: bytes=32 time=689ms TTL=48

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 617ms, Maximum = 689ms, Average = 653ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 1f e2 ec 54 ce ......Bluetooth Device (Personal Area Network)
9...00 13 77 91 7b 41 ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.71 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.71 276
192.168.1.71 255.255.255.255 On-link 192.168.1.71 276
192.168.1.255 255.255.255.255 On-link 192.168.1.71 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.71 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.71 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 276 fe80::/64 On-link
9 276 fe80::656d:35d9:2c8:1707/128
On-link
1 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/12/2012 04:57:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:57:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:56:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:56:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:55:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:55:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:54:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:54:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:53:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/12/2012 04:53:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (01/12/2012 02:37:32 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Scanner service failed to start due to the following error:
%%1053

Error: (01/12/2012 02:37:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.

Error: (01/12/2012 02:37:32 PM) (Source: DCOM) (User: )
Description: 1053MCODS{C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error: (01/12/2012 02:36:34 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (01/12/2012 02:34:35 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/12/2012 02:30:11 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/12/2012 02:28:53 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (01/12/2012 02:08:22 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (01/12/2012 02:08:22 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:
%%1056


Microsoft Office Sessions:
=========================
Error: (12/16/2011 02:28:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/02/2011 00:13:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/01/2011 03:05:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 337 seconds with 180 seconds of active time. This session ended with a crash.

Error: (10/11/2011 09:17:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 97 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/01/2011 02:33:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/22/2011 10:55:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 130534 seconds with 6060 seconds of active time. This session ended with a crash.

Error: (08/21/2011 10:39:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 340124 seconds with 8160 seconds of active time. This session ended with a crash.

Error: (08/16/2011 04:50:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 12691 seconds with 960 seconds of active time. This session ended with a crash.

Error: (07/31/2011 05:41:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 86 seconds with 60 seconds of active time. This session ended with a crash.

Error: (07/31/2011 05:40:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 347 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
Acronis Disk Director 11 Home (Version: 11.0.2121)
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Acrobat 6.0.1 Professional (Version: 006.000.001)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3)
Adobe Acrobat and Reader 6.0.4 Update (Version: 6.0.4)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 8.1.4 (Version: 8.1.4)
Advanced SystemCare 5 (Version: 5.0.0)
Agere Systems HDA Modem
Amazon MP3 Downloader 1.0.9
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Atheros WLAN Client (Version: 1.00.000)
Auction Sentry (Version: 4.1.0.34412)
Basic PAYE Tools (Version: 3.1.0.15205)
BBC iPlayer Desktop (Version: 3.0.7)
BELKIN F5U109 (Version: 2.01)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Bullzip PDF Printer 7.1.0.1218 (Version: 7.1.0.1218)
CCleaner
CDCheck
CDDRV_Installer (Version: 4.60)
CyberLink DVD Suite (Version: 5.0.2403)
CyberLink Power2Go (Version: 5.0.3825)
D3DX10 (Version: 15.4.2368.0902)
Dell Mobile Broadband Card Utility (Version: 2.05.31.27)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
DVB-T USB 2.0
DYMO Label Software
e-Saver 1.0
Easy Battery Manager (Version: 3.2.1.7)
Easy Display Manager (Version: 2.0.0.0)
Easy Network Manager 3.0 (Version: 3.0.0.0)
Easy SpeedUp Manager (Version: 2.0.1.0)
erLT (Version: 1.20.0137)
Fax (Version: 130.0.418.000)
ffdshow (Version: 1.0)
Free HD Converter V 2.0 (Version: 2.0.0.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 130.0.371.000)
GPL Ghostscript Lite 8.70
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Product Detection (Version: 10.7.9.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 1.0.2.17)
imagine digital freedom - Samsung (Version: 1.0.2.0)
IObit Malware Fighter (Version: 1.0)
IObit Toolbar v4.9 (Version: 4.9)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
KhalInstallWrapper (Version: 2.00.0000)
LabelPrint (Version: .2406)
LibUSB-Win32-0.1.12.2 (Version: 0.1.12.2)
LightScribe Applications (Version: 1.18.5.1)
LightScribe System Software (Version: 1.18.8.1)
LightScribe Template Labeler (Version: 1.18.5.1)
Logitech SetPoint (Version: 4.80)
MarketResearch (Version: 130.0.374.000)
McAfee SecurityCenter (Version: 11.0.649)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 14.0.5139.5001)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Web Access S/MIME (Version: 6.5.7651.60)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SOAP Toolkit 2.0 SP2 (Version: 623.1)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 130.0.374.000)
NVIDIA Display Control Panel (Version: 1.6)
NVIDIA Drivers (Version: 1.10)
NVIDIA PhysX (Version: 9.09.0814)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Palm Desktop (Version: 4.1.0410)
Play AVStation (Version: 4.1.20.50)
Play Camera (Version: 2.0.0.13)
PowerDirector (Version: 5.0.3927)
PowerDVD (Version: 7.0.3118.0)
PowerProducer (Version: 085120(3.7)_Vista_SSPC)
Quicken 2004
Quicken 2011 (Version: 20.1.8.6)
QuickTime (Version: 7.71.80.42)
Rapport (Version: 3.5.1108.55)
Realtek High Definition Audio Driver
Samsung Magic Doctor (Version: 5.00)
Samsung Recovery Solution III (Version: 3.0.0.5)
Samsung Update Plus (Version: 2.0)
Satellite Antenna Alignment v2.80.0 (Version: 2.80.0)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Smart Defrag 2 (Version: 2.2)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
SureThing CD Labeler Deluxe Trial (Version: 5.2.681.0)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Toolbox (Version: 130.0.648.000)
TouchCopy 11 (Version: 11.03)
TrayApp (Version: 130.0.376.000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wrapper (Version: 010.000.0157)
USB2.0 UVC 1.3M WebCam
USB2.0 UVC WebCam (Version: 6.11.706.012)
User Guide (Version: 1.0)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
VoipCheapCom (Version: 4.03 build 543)
WebEx
WebReg (Version: 130.0.132.017)
WIDCOMM Bluetooth Software 6.0.1.6300 (Version: 6.0.1.6300)
WiFi Engine (Version: 1.3)
Win7codecs (Version: 2.4.8)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR archiver
X-Lite 2.0 release 1105x

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3066.61 MB
Available physical RAM: 1961.95 MB
Total Pagefile: 6129.45 MB
Available Pagefile: 4213.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.11 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:144 GB) (Free:42.28 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:144.09 GB) (Free:129.28 GB) NTFS
3 Drive e: (REPAIR-FILES) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
4 Drive f: () (Fixed) (Total:97.63 GB) (Free:91.84 GB) FAT32
5 Drive g: (DATA 1) (Fixed) (Total:97.63 GB) (Free:72.93 GB) FAT32
6 Drive h: () (Fixed) (Total:172.8 GB) (Free:0.01 GB) NTFS
7 Drive i: (DATA 2) (Fixed) (Total:97.63 GB) (Free:65.89 GB) FAT32
8 Drive k: (NORI) (Removable) (Total:0.12 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\SAMSUNG-Q210

Admin Administrator Guest
Medion

========================= Minidump Files ==================================

No minidump file found

**** End of log ****
--------------------------------------------------------------------------------------------------------------

Farbar Service Scanner
Ran by Medion (administrator) on 12-01-2012 at 20:48:15
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Medion :: SAMSUNG-Q210 [administrator]

Protection: Enabled

12/01/2012 17:03:44
mbam-log-2012-01-12 (20-32-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214183
Time elapsed: 22 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Admin\Downloads\installer_windows_install_clean_up_English.exe (PUP.SmsPay.pns) -> No action taken.

(end)
-------------------------------------------------------------------------
-------------------------------------------------------------------------
I have did am MBR complete scan, and but after 3 hours it seemed to get hung on a program on my desktop called TinyUmbrella. I had to stop MBR and restart now doing a Quick 'Scan' and will include it next. I also have DDS logs files ready.

Thanks

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:17 AM

Posted 12 January 2012 - 08:09 PM

That proxy setting is irrelevant because the previous line says:
Proxy is not enabled.

What are the current issues?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:17 AM

Posted 12 January 2012 - 08:10 PM

Also your MBAM log says " No action taken".
Re-run it, FIX all issues and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 13 January 2012 - 10:48 AM

Yes I caught that PROXY was not enabled. I still would like to know what causes that entry to reappear on every reboot, because this what happened on the other networked box that was compromised. That proxy was enabled every time!
It was quite a serious rootkit as our bank was hit and that took getting past two lots of 3 digit random entrys inputs from 8 with 3 attempts allowed or account is blocked.

RE MBAM LOG was 1st try & wrong log attached. I caught that too and ran it again.
Here it is.
Protection: Enabled

12/01/2012 17:03:44
mbam-log-2012-01-12 (17-03-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214183
Time elapsed: 22 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Admin\Downloads\installer_windows_install_clean_up_English.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.

(end)

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:17 AM

Posted 13 January 2012 - 11:57 AM

I still need aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 15 January 2012 - 12:38 PM

Broni I am confused. That was the MBR Log pasted in my last comment right above your last reply!
Here it again!

12/01/2012 17:03:44
mbam-log-2012-01-12 (17-03-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214183
Time elapsed: 22 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Admin\Downloads\installer_windows_install_clean_up_English.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.

(end)

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:17 AM

Posted 15 January 2012 - 01:40 PM

Re-read my reply #2 - aswMBR.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 15 January 2012 - 02:29 PM

Sorry confused MBR with MBAM

Here is quickscan. Running a full scan of C:`\ now again.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 21:44:15
-----------------------------
21:44:15.283 OS Version: Windows 6.1.7601 Service Pack 1
21:44:15.283 Number of processors: 2 586 0xF0D
21:44:15.288 ComputerName: SAMSUNG-Q210 UserName: Medion
21:44:16.668 Initialize success
21:45:44.224 AVAST engine defs: 12011200
21:46:25.919 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:46:25.922 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 3
21:46:25.966 Disk 0 MBR read successfully
21:46:25.971 Disk 0 MBR scan
21:46:25.985 Disk 0 unknown MBR code
21:46:26.003 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
21:46:26.020 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147456 MB offset 20973568
21:46:26.049 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147547 MB offset 322963456
21:46:26.061 Disk 0 scanning sectors +625139712
21:46:26.137 Disk 0 scanning C:\Windows\system32\drivers
21:46:57.568 Service scanning
21:46:59.822 Modules scanning
21:47:14.386 Disk 0 trace - called modules:
21:47:14.416 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys ndis.sys
21:47:14.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870b03b8]
21:47:14.440 3 CLASSPNP.SYS[8d2bd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86bd8030]
21:47:15.079 AVAST engine scan C:\
00:03:23.531 Disk 0 MBR has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\MBR.dat"
00:03:23.619 The log file has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-13 00:46:49
-----------------------------
00:46:49.729 OS Version: Windows 6.1.7601 Service Pack 1
00:46:49.729 Number of processors: 2 586 0xF0D
00:46:49.729 ComputerName: SAMSUNG-Q210 UserName: Medion
00:46:50.415 Initialize success
00:46:57.419 AVAST engine defs: 12011200
00:47:01.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:47:01.101 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 3
00:47:01.195 Disk 0 MBR read successfully
00:47:01.195 Disk 0 MBR scan
00:47:01.195 Disk 0 unknown MBR code
00:47:01.226 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
00:47:01.273 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147456 MB offset 20973568
00:47:01.304 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147547 MB offset 322963456
00:47:01.304 Disk 0 scanning sectors +625139712
00:47:01.413 Disk 0 scanning C:\Windows\system32\drivers
00:47:23.565 Service scanning
00:47:25.172 Modules scanning
00:47:33.565 Disk 0 trace - called modules:
00:47:33.580 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
00:47:33.580 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a4030]
00:47:33.580 3 CLASSPNP.SYS[8c2d159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bd0908]
00:47:34.781 AVAST engine scan C:\Windows
00:47:39.430 AVAST engine scan C:\Windows\system32
00:51:35.615 AVAST engine scan C:\Windows\system32\drivers
00:51:52.775 AVAST engine scan C:\Users\Medion
02:10:50.987 AVAST engine scan C:\ProgramData
02:15:17.747 Scan finished successfully
10:58:52.224 Disk 0 MBR has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\MBR.dat"
10:58:52.271 The log file has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\aswMBR.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:17 AM

Posted 15 January 2012 - 02:32 PM

Re-run MiniToolbox.

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
Click Go and post the result.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 15 January 2012 - 03:10 PM

Ok it will say the same as before, but I delete the proxy entries on every reboot. Which means I have reboot again.

#14 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 15 January 2012 - 04:14 PM

MiniToolBox by Farbar
Ran by Medion (administrator) on 15-01-2012 at 21:09:03
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http://98.191.225.180:3128
========================= Hosts content: =================================

::1 localhost
74.208.10.249 gs.apple.com

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SAMSUNG-Q210
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1F-E2-EC-54-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-13-77-91-7B-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::656d:35d9:2c8:1707%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 15 January 2012 21:04:27
Lease Expires . . . . . . . . . . : 16 January 2012 21:04:25
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 251663223
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-B1-67-2D-00-13-77-91-7B-41
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F3F7E41F-0377-4AA5-934A-4A706A72703A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.67.99
173.194.67.103
173.194.67.105
173.194.67.147
173.194.67.104
173.194.67.106


Pinging google.com [173.194.66.147] with 32 bytes of data:
Reply from 173.194.66.147: bytes=32 time=112ms TTL=48
Reply from 173.194.66.147: bytes=32 time=41ms TTL=48

Ping statistics for 173.194.66.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 112ms, Average = 76ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=357ms TTL=48
Reply from 98.137.149.56: bytes=32 time=303ms TTL=49

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 303ms, Maximum = 357ms, Average = 330ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
12...00 1f e2 ec 54 ce ......Bluetooth Device (Personal Area Network)
9...00 13 77 91 7b 41 ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.71 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.71 276
192.168.1.71 255.255.255.255 On-link 192.168.1.71 276
192.168.1.255 255.255.255.255 On-link 192.168.1.71 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.71 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.71 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 276 fe80::/64 On-link
9 276 fe80::656d:35d9:2c8:1707/128
On-link
1 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/15/2012 09:05:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2012 09:05:19 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (01/15/2012 07:09:19 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (01/13/2012 02:25:34 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (01/13/2012 02:22:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2012 11:14:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: 83ilchl6.exe, version: 1.0.15.15641, time stamp: 0x4e21f2b1
Faulting module name: 83ilchl6.exe, version: 1.0.15.15641, time stamp: 0x4e21f2b1
Exception code: 0xc0000005
Fault offset: 0x0000c676
Faulting process id: 0x18d0
Faulting application start time: 0x83ilchl6.exe0
Faulting application path: 83ilchl6.exe1
Faulting module path: 83ilchl6.exe2
Report Id: 83ilchl6.exe3

Error: (01/13/2012 11:05:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: BLACKLIGHT.exe, version: 2.2.1092.0, time stamp: 0x48a543e2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0dce6860
Faulting process id: 0x2448
Faulting application start time: 0xBLACKLIGHT.exe0
Faulting application path: BLACKLIGHT.exe1
Faulting module path: BLACKLIGHT.exe2
Report Id: BLACKLIGHT.exe3

Error: (01/13/2012 11:02:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2012 11:01:59 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (01/13/2012 00:51:52 AM) (Source: PerfNet) (User: )
Description:


System errors:
=============
Error: (01/15/2012 09:05:44 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/15/2012 08:26:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: DYMO - printer - DYMO LabelWriter DUO Tape.

Error: (01/14/2012 08:24:58 AM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (01/13/2012 02:22:56 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/13/2012 02:10:23 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (01/13/2012 00:12:36 PM) (Source: Service Control Manager) (User: )
Description: The VQPISRIYMU service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/13/2012 11:01:56 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/13/2012 10:59:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/13/2012 10:59:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/13/2012 10:59:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/16/2011 02:28:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/02/2011 00:13:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/01/2011 03:05:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 337 seconds with 180 seconds of active time. This session ended with a crash.

Error: (10/11/2011 09:17:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 97 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/01/2011 02:33:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/22/2011 10:55:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 130534 seconds with 6060 seconds of active time. This session ended with a crash.

Error: (08/21/2011 10:39:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 340124 seconds with 8160 seconds of active time. This session ended with a crash.

Error: (08/16/2011 04:50:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 12691 seconds with 960 seconds of active time. This session ended with a crash.

Error: (07/31/2011 05:41:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 86 seconds with 60 seconds of active time. This session ended with a crash.

Error: (07/31/2011 05:40:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 347 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
Acronis Disk Director 11 Home (Version: 11.0.2121)
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Acrobat 6.0.1 Professional (Version: 006.000.001)
Adobe Acrobat and Reader 6.0.3 Update (Version: 6.0.3)
Adobe Acrobat and Reader 6.0.4 Update (Version: 6.0.4)
Adobe Acrobat and Reader 6.0.5 Update (Version: 6.0.5)
Adobe Acrobat and Reader 6.0.6 Update (Version: 6.0.6)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 8.1.4 (Version: 8.1.4)
Advanced SystemCare 5 (Version: 5.0.0)
Agere Systems HDA Modem
Amazon MP3 Downloader 1.0.9
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Atheros WLAN Client (Version: 1.00.000)
Auction Sentry (Version: 4.1.1.34779)
Basic PAYE Tools (Version: 3.1.0.15205)
BBC iPlayer Desktop (Version: 3.0.7)
BELKIN F5U109 (Version: 2.01)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Bullzip PDF Printer 7.1.0.1218 (Version: 7.1.0.1218)
CCleaner
CDCheck
CDDRV_Installer (Version: 4.60)
CyberLink DVD Suite (Version: 5.0.2403)
CyberLink Power2Go (Version: 5.0.3825)
D3DX10 (Version: 15.4.2368.0902)
Dell Mobile Broadband Card Utility (Version: 2.05.31.27)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
DVB-T USB 2.0
DYMO Label Software
e-Saver 1.0
Easy Battery Manager (Version: 3.2.1.7)
Easy Display Manager (Version: 2.0.0.0)
Easy Network Manager 3.0 (Version: 3.0.0.0)
Easy SpeedUp Manager (Version: 2.0.1.0)
erLT (Version: 1.20.0137)
Fax (Version: 130.0.418.000)
ffdshow (Version: 1.0)
Free HD Converter V 2.0 (Version: 2.0.0.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 130.0.371.000)
GPL Ghostscript Lite 8.70
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Product Detection (Version: 10.7.9.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 1.0.2.17)
imagine digital freedom - Samsung (Version: 1.0.2.0)
IObit Malware Fighter (Version: 1.0)
IObit Toolbar v4.9 (Version: 4.9)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
KhalInstallWrapper (Version: 2.00.0000)
LabelPrint (Version: .2406)
LibUSB-Win32-0.1.12.2 (Version: 0.1.12.2)
LightScribe Applications (Version: 1.18.5.1)
LightScribe System Software (Version: 1.18.8.1)
LightScribe Template Labeler (Version: 1.18.5.1)
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MarketResearch (Version: 130.0.374.000)
McAfee SecurityCenter (Version: 11.0.649)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 14.0.5139.5001)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook Web Access S/MIME (Version: 6.5.7651.60)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SOAP Toolkit 2.0 SP2 (Version: 623.1)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 130.0.374.000)
NVIDIA Display Control Panel (Version: 1.6)
NVIDIA Drivers (Version: 1.10)
NVIDIA PhysX (Version: 9.09.0814)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Palm Desktop (Version: 4.1.0410)
Play AVStation (Version: 4.1.20.50)
Play Camera (Version: 2.0.0.13)
PowerDirector (Version: 5.0.3927)
PowerDVD (Version: 7.0.3118.0)
PowerProducer (Version: 085120(3.7)_Vista_SSPC)
Quicken 2004
Quicken 2011 (Version: 20.1.8.6)
QuickTime (Version: 7.71.80.42)
Rapport (Version: 3.5.1108.55)
Realtek High Definition Audio Driver
Samsung Magic Doctor (Version: 5.00)
Samsung Recovery Solution III (Version: 3.0.0.5)
Samsung Update Plus (Version: 2.0)
Satellite Antenna Alignment v2.80.0 (Version: 2.80.0)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Smart Defrag 2 (Version: 2.2)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
SureThing CD Labeler Deluxe Trial (Version: 5.2.681.0)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
Toolbox (Version: 130.0.648.000)
TouchCopy 11 (Version: 11.03)
TrayApp (Version: 130.0.376.000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wrapper (Version: 010.000.0157)
USB2.0 UVC 1.3M WebCam
USB2.0 UVC WebCam (Version: 6.11.706.012)
User Guide (Version: 1.0)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
VoipCheapCom (Version: 4.03 build 543)
WebEx
WebReg (Version: 130.0.132.017)
WIDCOMM Bluetooth Software 6.0.1.6300 (Version: 6.0.1.6300)
WiFi Engine (Version: 1.3)
Win7codecs (Version: 2.4.8)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR archiver
X-Lite 2.0 release 1105x

========================= Devices: ================================

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3066.61 MB
Available physical RAM: 1430.13 MB
Total Pagefile: 6129.45 MB
Available Pagefile: 4316.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.11 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:144 GB) (Free:51.7 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:144.09 GB) (Free:129.28 GB) NTFS
3 Drive e: (REPAIR-FILES) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
4 Drive f: () (Fixed) (Total:97.63 GB) (Free:91.84 GB) FAT32
5 Drive g: (DATA 1) (Fixed) (Total:97.63 GB) (Free:72.93 GB) FAT32
6 Drive h: () (Fixed) (Total:172.8 GB) (Free:0.01 GB) NTFS
7 Drive i: (DATA 2) (Fixed) (Total:97.63 GB) (Free:65.94 GB) FAT32
8 Drive k: (NORI) (Removable) (Total:0.12 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\SAMSUNG-Q210

Admin Administrator Guest
Medion


**** End of log ****

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:17 AM

Posted 15 January 2012 - 04:18 PM

Is Cox your ISP?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users