Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I must be Infected


  • Please log in to reply
17 replies to this topic

#1 unforgvin

unforgvin

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 January 2012 - 02:46 PM

Im not sure what happend my kid was using my laptop 1 day and when I came home, I attempted to start my laptop and it would only boot into safe mode.

Im running windows vista basic
Intel® celeron®M cpu 430@ 1.73GHz
446 MB
32-bit

There are no error codes just only allowed to boot into safe mode even when I tell it to start normally it just ignores me and goes into safe mode.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 29 January 2012 - 04:08 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 January 2012 - 04:15 PM

Doing this now. Thanks for help. Im unable to update on the infected lap top since its not connected to the internet.

Edited by unforgvin, 29 January 2012 - 04:50 PM.


#4 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 January 2012 - 05:00 PM

Results of screen317's Security Check version 0.99.24
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee AntiVirus Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Farbar Service Scanner Version: 18-01-2012 01
Ran by Dominican Republic (administrator) on 29-01-2012 at 13:25:50
Microsoft® Windows Vista™ Home Basic (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
Checking LEGACY_Nsi: Attention! Unable to open LEGACY_Nsi\0000 registry key. The key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2010-01-05 11:38] - [2010-01-05 11:38] - 0204800 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\afd.sys
[2006-11-02 00:58] - [2006-11-02 00:58] - 0270336 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 18-01-2012
Ran by Dominican Republic (administrator) on 29-01-2012 at 13:27:05
Microsoft® Windows Vista™ Home Basic (X86)
Boot Mode: Minimal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : COMPUTER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Server: UnKnown
Address: 127.0.0.1:53

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1:53

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1:53

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Unable to contact IP driver, error code 1753,

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [227328] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2012 00:56:14 PM) (Source: PerfNet) (User: )
Description:

Error: (01/29/2012 00:56:14 PM) (Source: PerfNet) (User: )
Description:

Error: (01/29/2012 00:56:12 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/29/2012 00:56:12 PM) (Source: Perflib) (User: )
Description: DFSRC:\Windows\System32\DfsrPerf.dll4

Error: (01/29/2012 00:56:12 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (01/29/2012 00:52:19 PM) (Source: Windows Search Service Profile Notification) (User: )
Description: Unable to remove Windows Search Service indexed data for user 'COMPUTER\TAXES' in response to user profile deletion. Error code 0x8007043C.

This service cannot be started in Safe Mode
.

Error: (01/29/2012 00:51:35 PM) (Source: Windows Search Service Profile Notification) (User: )
Description: Unable to remove Windows Search Service indexed data for user 'COMPUTER\Guest' in response to user profile deletion. Error code 0x8007043C.

This service cannot be started in Safe Mode
.

Error: (01/29/2012 00:45:11 PM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/29/2012 00:43:19 PM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/29/2012 00:41:38 PM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (01/29/2012 00:45:45 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:45:45 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:45:12 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:45:12 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:43:52 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:43:52 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:43:52 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/29/2012 00:43:19 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:43:19 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/29/2012 00:43:19 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Ask Toolbar (Version: 1.12.2.0)
ATT-HSI
Audacity 1.2.6
Big Fish Games: Game Manager (Version: 3.0.0.271)
Blackjack Card Counting Pro (Version: 1.0.0)
DivX Setup (Version: 2.5.0.11)
Epson Event Manager (Version: 2.40.0001)
EPSON NX420 Series Printer Uninstall
EPSON Scan
EUcasino
FL Studio 9
Google Chrome (Version: 13.0.782.220)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.65)
Hotel Dash 2 Lost Luxuries
Hotel Dash: Suite Success
Itibiti RTC (Version: 0.0.1)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 14.0.8117.416)
Macromedia Extension Manager (Version: 1.7.277)
Macromedia Flash 8 (Version: 8.00.0000)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
McAfee AntiVirus Plus (Version: 11.0.586)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft LifeCam (Version: 3.0.215.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Web Publishing Wizard 1.52
Mortimer Beckett and the Secrets of Spooky Manor (Version: 1.1.0.0)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Photo Explosion Deluxe 3.0 (Version: 3.0.1.5)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.3 (Version: 5.3.120)
SocialRibbons LP4
SUPERAntiSpyware (Version: 5.0.1142)
TurboTax 2008
TurboTax 2008 wcaiper (Version: 008.000.0141)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 wcaiper (Version: 009.000.1050)
TurboTax 2009 wcapbpm (Version: 009.000.0249)
TurboTax 2009 wgaiper (Version: 009.000.0913)
TurboTax 2009 WinBizFedFormset (Version: 009.000.0744)
TurboTax 2009 WinBizReleaseEngine (Version: 009.000.0225)
TurboTax 2009 WinBizTaxSupport (Version: 009.000.0167)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1532)
TurboTax 2010 wgaiper (Version: 010.000.1266)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4495)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0216)
TurboTax 2010 wnciper (Version: 010.000.1401)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax Business 2009
TurboTax Home & Business 2006
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
TurboTax Premier 2007
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Windows Essentials Media Codec Pack 3.1 (Version: 3.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 94%
Total physical RAM: 445.5 MB
Available physical RAM: 25.87 MB
Total Pagefile: 1441.04 MB
Available Pagefile: 1031.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.99 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:34.68 GB) NTFS
3 Drive e: () (Removable) (Total:0.98 GB) (Free:0.92 GB) FAT

========================= Users: ========================================

User accounts for \\

Administrator Dominican Republic Guest
TAXES


**** End of log ****

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows Vista x86 NTFS (Safe Mode)
Internet Explorer 7.0.6000.16982
Dominican Republic :: COMPUTER [administrator]

Protection: Disabled

1/29/2012 1:29:05 PM
mbam-log-2012-01-29 (13-29-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 164381
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 13:49:49
-----------------------------
13:49:49.691 OS Version: Windows 6.0.6000
13:49:49.691 Number of processors: 1 586 0xE08
13:49:49.691 ComputerName: COMPUTER UserName:
13:49:50.878 Initialize success
13:50:10.222 AVAST engine download error: 0
13:50:16.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:50:16.644 Disk 0 Vendor: TOSHIBA_MK8037GSX DL230M Size: 76319MB BusType: 3
13:50:16.722 Disk 0 MBR read successfully
13:50:16.722 Disk 0 MBR scan
13:50:16.722 Disk 0 Windows VISTA default MBR code
13:50:16.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
13:50:16.785 Disk 0 scanning sectors +156299264
13:50:17.003 Disk 0 scanning C:\Windows\system32\drivers
13:50:51.660 Service scanning
13:50:53.910 Modules scanning
13:51:00.269 Disk 0 trace - called modules:
13:51:00.285 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:51:00.285 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x830e1848]
13:51:00.863 3 ntoskrnl.exe[81ca80af] -> nt!IofCallDriver -> [0x82f03200]
13:51:00.863 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x82f13bb0]
13:51:00.863 Scan finished successfully
13:52:24.941 Disk 0 MBR has been saved successfully to "C:\Users\Dominican Republic\Desktop\MBR.dat"
13:52:24.956 The log file has been saved successfully to "C:\Users\Dominican Republic\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 13:49:49
-----------------------------
13:49:49.691 OS Version: Windows 6.0.6000
13:49:49.691 Number of processors: 1 586 0xE08
13:49:49.691 ComputerName: COMPUTER UserName:
13:49:50.878 Initialize success
13:50:10.222 AVAST engine download error: 0
13:50:16.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:50:16.644 Disk 0 Vendor: TOSHIBA_MK8037GSX DL230M Size: 76319MB BusType: 3
13:50:16.722 Disk 0 MBR read successfully
13:50:16.722 Disk 0 MBR scan
13:50:16.722 Disk 0 Windows VISTA default MBR code
13:50:16.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
13:50:16.785 Disk 0 scanning sectors +156299264
13:50:17.003 Disk 0 scanning C:\Windows\system32\drivers
13:50:51.660 Service scanning
13:50:53.910 Modules scanning
13:51:00.269 Disk 0 trace - called modules:
13:51:00.285 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:51:00.285 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x830e1848]
13:51:00.863 3 ntoskrnl.exe[81ca80af] -> nt!IofCallDriver -> [0x82f03200]
13:51:00.863 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x82f13bb0]
13:51:00.863 Scan finished successfully
13:52:24.941 Disk 0 MBR has been saved successfully to "C:\Users\Dominican Republic\Desktop\MBR.dat"
13:52:24.956 The log file has been saved successfully to "C:\Users\Dominican Republic\Desktop\aswMBR.txt"
13:52:30.503 Verifying
13:52:40.550 Disk 0 Windows 600 MBR fixed successfully
13:53:08.863 Disk 0 MBR has been saved successfully to "C:\Users\Dominican Republic\Desktop\MBR.dat"
13:53:08.878 The log file has been saved successfully to "C:\Users\Dominican Republic\Desktop\aswMBR.txt"

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 29 January 2012 - 07:46 PM

when I tell it to start normally it just ignores me and goes into safe mode.

Do you see "Safe mode" wording in all for corners of your screen?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 January 2012 - 09:22 PM

yes

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 29 January 2012 - 09:24 PM

While in safe mode....

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 29 January 2012 - 09:43 PM

doing this now!!! Same Problem

Edited by unforgvin, 29 January 2012 - 09:46 PM.


#9 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 30 January 2012 - 02:24 AM

doing this now!!! Same Problem

I followed the directions but still nothing new, was a good try though

#10 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 30 January 2012 - 05:16 AM

Ok here is a update after trying 100 diff things im finally able to boot into normal mode I will run all the recommended scans again and re post logs

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:57 AM

Posted 30 January 2012 - 10:55 AM

OK.....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 30 January 2012 - 11:42 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 13:49:49
-----------------------------
13:49:49.691 OS Version: Windows 6.0.6000
13:49:49.691 Number of processors: 1 586 0xE08
13:49:49.691 ComputerName: COMPUTER UserName:
13:49:50.878 Initialize success
13:50:10.222 AVAST engine download error: 0
13:50:16.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:50:16.644 Disk 0 Vendor: TOSHIBA_MK8037GSX DL230M Size: 76319MB BusType: 3
13:50:16.722 Disk 0 MBR read successfully
13:50:16.722 Disk 0 MBR scan
13:50:16.722 Disk 0 Windows VISTA default MBR code
13:50:16.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
13:50:16.785 Disk 0 scanning sectors +156299264
13:50:17.003 Disk 0 scanning C:\Windows\system32\drivers
13:50:51.660 Service scanning
13:50:53.910 Modules scanning
13:51:00.269 Disk 0 trace - called modules:
13:51:00.285 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:51:00.285 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x830e1848]
13:51:00.863 3 ntoskrnl.exe[81ca80af] -> nt!IofCallDriver -> [0x82f03200]
13:51:00.863 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x82f13bb0]
13:51:00.863 Scan finished successfully
13:52:24.941 Disk 0 MBR has been saved successfully to "C:\Users\Dominican Republic\Desktop\MBR.dat"
13:52:24.956 The log file has been saved successfully to "C:\Users\Dominican Republic\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 13:49:49
-----------------------------
13:49:49.691 OS Version: Windows 6.0.6000
13:49:49.691 Number of processors: 1 586 0xE08
13:49:49.691 ComputerName: COMPUTER UserName:
13:49:50.878 Initialize success
13:50:10.222 AVAST engine download error: 0
13:50:16.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:50:16.644 Disk 0 Vendor: TOSHIBA_MK8037GSX DL230M Size: 76319MB BusType: 3
13:50:16.722 Disk 0 MBR read successfully
13:50:16.722 Disk 0 MBR scan
13:50:16.722 Disk 0 Windows VISTA default MBR code
13:50:16.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
13:50:16.785 Disk 0 scanning sectors +156299264
13:50:17.003 Disk 0 scanning C:\Windows\system32\drivers
13:50:51.660 Service scanning
13:50:53.910 Modules scanning
13:51:00.269 Disk 0 trace - called modules:
13:51:00.285 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:51:00.285 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x830e1848]
13:51:00.863 3 ntoskrnl.exe[81ca80af] -> nt!IofCallDriver -> [0x82f03200]
13:51:00.863 5 acpi.sys[8047632a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x82f13bb0]
13:51:00.863 Scan finished successfully
13:52:24.941 Disk 0 MBR has been saved successfully to "C:\Users\Dominican Republic\Desktop\MBR.dat"
13:52:24.956 The log file has been saved successfully to "C:\Users\Dominican Republic\Desktop\aswMBR.txt"
13:52:30.503 Verifying
13:52:40.550 Disk 0 Windows 600 MBR fixed successfully
13:53:08.863 Disk 0 MBR has been saved successfully to "C:\Users\Dominican Republic\Desktop\MBR.dat"
13:53:08.878 The log file has been saved successfully to "C:\Users\Dominican Republic\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 21:27:25
-----------------------------
21:27:25.753 OS Version: Windows 6.0.6000
21:27:25.753 Number of processors: 1 586 0xE08
21:27:25.769 ComputerName: COMPUTER UserName:
21:27:27.347 Initialize success
21:27:31.753 AVAST engine download error: 0
21:27:36.238 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:27:36.238 Disk 0 Vendor: TOSHIBA_MK8037GSX DL230M Size: 76319MB BusType: 3
21:27:36.269 Disk 0 MBR read successfully
21:27:36.269 Disk 0 MBR scan
21:27:36.269 Disk 0 Windows VISTA default MBR code
21:27:36.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
21:27:36.285 Disk 0 scanning sectors +156299264
21:27:36.347 Disk 0 scanning C:\Windows\system32\drivers
21:27:42.691 Service scanning
21:27:44.988 Modules scanning
21:27:50.410 Disk 0 trace - called modules:
21:27:50.441 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:27:50.456 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x834df608]
21:27:50.972 3 ntoskrnl.exe[81ca80af] -> nt!IofCallDriver -> [0x8330c8e8]
21:27:50.972 5 acpi.sys[8046832a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83310bb0]
21:27:50.972 Scan finished successfully
21:36:01.753 Disk 0 MBR has been saved successfully to "C:\Users\Dominican Republic\Desktop\MBR.dat"
21:36:01.769 The log file has been saved successfully to "C:\Users\Dominican Republic\Desktop\aswMBR.txt"

Results of screen317's Security Check version 0.99.24
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

#13 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 30 January 2012 - 11:43 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Dominican Republic (administrator) on 30-01-2012 at 06:38:27
Microsoft® Windows Vista™ Home Basic (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)
Atheros AR5006EG Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set interface luid=loopback_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_2 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_1 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=ethernet_4 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=wireless_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : COMPUTER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-16-E3-CF-A3-22
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-16-D4-92-7A-B6
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{071B7F30-F813-4714-8510-45A8A470BFA7}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.sbx10493.sanjoca.wayport.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1:53

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1:53

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1:53

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 3ms, Maximum = 3ms, Average = 3ms

===========================================================================
Interface List
9 ...00 16 e3 cf a3 22 ...... Atheros AR5006EG Wireless Network Adapter
8 ...00 16 d4 92 7a b6 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{071B7F30-F813-4714-8510-45A8A470BFA7}
14 ...00 00 00 00 00 00 00 e0 isatap.sbx10493.sanjoca.wayport.net
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [227328] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/30/2012 03:11:09 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8004230c).

Error: (01/30/2012 03:11:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 0
Snapshot Context: 0
Execution Context: Coordinator

Error: (01/30/2012 03:11:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The Microsoft Software Shadow Copy Provider (SWPRV) service is
disabled. Please enable the service and try again.


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 0
Snapshot Context: 0
Execution Context: Coordinator

Error: (01/30/2012 03:11:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Delete Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 0
Snapshot Context: 0
Execution Context: Coordinator
Execution Context: Coordinator

Error: (01/30/2012 03:11:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The Microsoft Software Shadow Copy Provider (SWPRV) service is
disabled. Please enable the service and try again.


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Delete Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 0
Snapshot Context: 0
Execution Context: Coordinator
Execution Context: Coordinator

Error: (01/30/2012 03:11:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Check If Volume Is Supported by Provider
Add a Volume to a Shadow Copy Set

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 4194317
Snapshot Context: 4194317
Execution Context: Coordinator
Provider ID: {00000000-0000-0000-0000-000000000000}
Volume Name: \\?\Volume{4dc11bb1-f973-11de-b16e-806e6f6e6963}\
Execution Context: Coordinator

Error: (01/30/2012 03:11:09 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The Microsoft Software Shadow Copy Provider (SWPRV) service is
disabled. Please enable the service and try again.


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Check If Volume Is Supported by Provider
Add a Volume to a Shadow Copy Set

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 4194317
Snapshot Context: 4194317
Execution Context: Coordinator
Provider ID: {00000000-0000-0000-0000-000000000000}
Volume Name: \\?\Volume{4dc11bb1-f973-11de-b16e-806e6f6e6963}\
Execution Context: Coordinator

Error: (01/30/2012 03:11:06 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator

Error: (01/30/2012 03:11:06 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The Microsoft Software Shadow Copy Provider (SWPRV) service is
disabled. Please enable the service and try again.


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator

Error: (01/29/2012 10:27:20 PM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (01/30/2012 06:25:29 AM) (Source: Service Control Manager) (User: )
Description: cdrom

Error: (01/30/2012 06:25:25 AM) (Source: Service Control Manager) (User: )
Description: iolo System Servicevseamps

Error: (01/30/2012 06:25:25 AM) (Source: Service Control Manager) (User: )
Description: iolo FileInfoList Service%%2

Error: (01/30/2012 06:25:13 AM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.

Error: (01/30/2012 06:24:01 AM) (Source: ACPI) (User: )
Description: IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0.
Please contact your system vendor for technical assistance.

Error: (01/30/2012 03:28:59 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/30/2012 03:23:27 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/30/2012 03:13:29 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/30/2012 00:35:06 AM) (Source: Service Control Manager) (User: )
Description: cdrom

Error: (01/30/2012 00:35:06 AM) (Source: Service Control Manager) (User: )
Description: iolo System Servicevseamps


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Ask Toolbar (Version: 1.12.2.0)
ATT-HSI
Audacity 1.2.6
Big Fish Games: Game Manager (Version: 3.0.0.271)
Blackjack Card Counting Pro (Version: 1.0.0)
DivX Setup (Version: 2.5.0.11)
Epson Event Manager (Version: 2.40.0001)
EPSON NX420 Series Printer Uninstall
EPSON Scan
EUcasino
FL Studio 9
Google Chrome (Version: 13.0.782.220)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.65)
Hotel Dash: Suite Success
Itibiti RTC (Version: 0.0.1)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 14.0.8117.416)
Macromedia Extension Manager (Version: 1.7.277)
Macromedia Flash 8 (Version: 8.00.0000)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft LifeCam (Version: 3.0.215.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Web Publishing Wizard 1.52
Mortimer Beckett and the Secrets of Spooky Manor (Version: 1.1.0.0)
Mozilla Firefox 6.0.1 (x86 en-US) (Version: 6.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Photo Explosion Deluxe 3.0 (Version: 3.0.1.5)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.3 (Version: 5.3.120)
SUPERAntiSpyware (Version: 5.0.1142)
TuneUp Utilities 2011 (Version: 10.0.4410.11)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4410.11)
TurboTax 2008
TurboTax 2008 wcaiper (Version: 008.000.0141)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 wcaiper (Version: 009.000.1050)
TurboTax 2009 wcapbpm (Version: 009.000.0249)
TurboTax 2009 wgaiper (Version: 009.000.0913)
TurboTax 2009 WinBizFedFormset (Version: 009.000.0744)
TurboTax 2009 WinBizReleaseEngine (Version: 009.000.0225)
TurboTax 2009 WinBizTaxSupport (Version: 009.000.0167)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1532)
TurboTax 2010 wgaiper (Version: 010.000.1266)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4495)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0216)
TurboTax 2010 wnciper (Version: 010.000.1401)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax Business 2009
TurboTax Home & Business 2006
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
TurboTax Premier 2007
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Windows Essentials Media Codec Pack 3.1 (Version: 3.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 74%
Total physical RAM: 445.5 MB
Available physical RAM: 111.82 MB
Total Pagefile: 1441.04 MB
Available Pagefile: 877.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.9 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:34.2 GB) NTFS
2 Drive e: () (Removable) (Total:0.98 GB) (Free:0.92 GB) FAT

========================= Users: ========================================

User accounts for \\COMPUTER

Administrator Dominican Republic Guest
TAXES


**** End of log ****

#14 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 30 January 2012 - 11:44 AM

Mod Edit: Removed ComboFix log, not requested, not permitted in this forum ~ Hamluis.

Quote from top of this webpage: "When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."

humz i never put a combo fix log there and if i did lol im not sure how because I have not used that program yet lol sorry ok i need to figure out how to restore the internet

Edited by unforgvin, 30 January 2012 - 10:50 PM.


#15 unforgvin

unforgvin
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 30 January 2012 - 11:45 AM

Farbar Service Scanner Version: 18-01-2012 01
Ran by Dominican Republic (administrator) on 30-01-2012 at 06:37:17
Microsoft® Windows Vista™ Home Basic (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users