Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't know what this is. Its kicking my a^^


  • Please log in to reply
18 replies to this topic

#1 tom1965

tom1965

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 08:22 PM

I have spent more time than expected trying to rid this thing.....5 days. started out as no connection to internet. wifi says its on but will not connect to cisco router or internet. I was in safe mode. BIos the hard disk to start disk. so far I have probably run more than i should have. cc cleaner, newest malwarebytes, avast latest, windows defender, rkill, downloaded combofix, tdsskiller, spy bot s and d, and look into my pc....I'm not sure in what order....at first malware bites found a hijack, trojans, now it is finding nothing. avast has found a few things but virus vault resets everytime i run it. when i run aswmbr it says port 80 on partition 1 is open. windows defender is current and has not found nothing lately.

I first noticed the high cpu usage, computer shutting down on its own. thought i fixed that. briefly had a redirect problem. now i just a couple checks a day but its not going away......i just downloaded hijackthis and i got sent to the forum to post my results....

Although i have learned things about my computer, this is becoming a real pain, I need help with this...I don't know what i'm doing and could use some help...thanks.

i don't know if thats detailed enough. first time poster....most recent report was rkill.exe found
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\grpconv.exe

windows 7 64 bit.

Edited by tom1965, 06 February 2012 - 08:25 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:31 PM

Posted 06 February 2012 - 08:28 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 09:21 PM

wow....quick response....ok...here goes

checkup
MiniToolBox by Farbar Version: 18-01-2012
Ran by thomas (administrator) on 06-02-2012 at 19:45:23
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15167 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Ralink RT5390 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : donk
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink RT5390 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 88-9F-FA-31-AE-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c404:83f6:ec2:af26%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, February 06, 2012 7:01:28 PM
Lease Expires . . . . . . . . . . : Tuesday, February 07, 2012 7:01:32 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 327720954
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6D-62-06-78-AC-C0-52-27-BD
DNS Servers . . . . . . . . . . . : 24.217.0.5
24.217.201.67
24.247.15.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 78-AC-C0-52-27-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5234EEB6-9645-4B41-80B9-9D92E56E0DAB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F86C1503-1C18-4311-821A-0746555072C2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24fd:22f6:e754:c4f4(Preferred)
Link-local IPv6 Address . . . . . : fe80::24fd:22f6:e754:c4f4%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: google.com
Addresses: 74.125.45.99
74.125.45.104
74.125.45.147
74.125.45.106
74.125.45.103
74.125.45.105


Pinging google.com [74.125.65.104] with 32 bytes of data:
Reply from 74.125.65.104: bytes=32 time=35ms TTL=52
Reply from 74.125.65.104: bytes=32 time=33ms TTL=52

Ping statistics for 74.125.65.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 35ms, Average = 34ms
Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=65ms TTL=53
Reply from 72.30.2.43: bytes=32 time=64ms TTL=53

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 65ms, Average = 64ms
Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...88 9f fa 31 ae 4d ......Ralink RT5390 802.11b/g/n WiFi Adapter
10...78 ac c0 52 27 bd ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.111 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.111 281
192.168.1.111 255.255.255.255 On-link 192.168.1.111 281
192.168.1.255 255.255.255.255 On-link 192.168.1.111 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.111 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.111 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:24fd:22f6:e754:c4f4/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::24fd:22f6:e754:c4f4/128
On-link
12 281 fe80::c404:83f6:ec2:af26/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/04/2012 11:02:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c
Exception code: 0xe053534f
Fault offset: 0x000000000000cacd
Faulting process id: 0x%9
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3

Error: (02/04/2012 09:41:14 PM) (Source: CardSpace 3.0.0.0) (User: SYSTEM)SYSTEM
Description: The Windows CardSpace service is too busy to process this request.
User has too many outstanding requests.



Additional Information:
at System.Environment.get_StackTrace()
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=13:tid=620:usr=thomas}
The client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 0B025504-00000429, last error 2).

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=13:app=Microsoft Word Starter 2010 9014006604090000:tid=12F0}
Unable to shut app down (launch thread still going)

Error: (02/04/2012 02:57:07 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=7D0:usr=thomas}
Unable to shut app down (launch thread still going)

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=16AC:usr=thomas}
The client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 0C701533-000006BE, last error 87).

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=16AC:usr=thomas}
Unable to CreateProcess (rc 0C701533-000006BE)

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
The client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6112.5001.sft' (rc 16001E0A-000001D1, original rc 16001E0A-000001D1).

Error: (02/03/2012 05:29:31 PM) (Source: MsiInstaller) (User: thomas)thomas
Description: Product: Adobe Reader X (10.1.2) - Update 'Adobe Reader X (10.1.2)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (02/06/2012 07:44:40 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:39:30 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:34:20 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:29:10 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:24:00 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:24:00 PM) (Source: BROWSER) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is CISCO03913.

Error: (02/06/2012 07:18:50 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:13:40 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:08:30 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:03:20 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (02/04/2012 11:02:59 PM) (Source: Application Error)(User: )
Description: mmc.exe6.1.7600.163854a5bc808KERNELBASE.dll6.1.7601.176514e21213ce053534f000000000000cacd

Error: (02/04/2012 09:41:14 PM) (Source: CardSpace 3.0.0.0)(User: SYSTEM)SYSTEM
Description: User has too many outstanding requests.



Additional Information:
at System.Environment.get_StackTrace()
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=13:tid=620:usr=thomas}
Q:\140066.enu\Office14\WINWORDC.EXE0B025504-000004292

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=13:app=Microsoft Word Starter 2010 9014006604090000:tid=12F0}

Error: (02/04/2012 02:57:07 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=7D0:usr=thomas}

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=16AC:usr=thomas}
Q:\140066.enu\Office14\WINWORDC.EXE0C701533-000006BE87

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=16AC:usr=thomas}
0C701533-000006BE

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
16001E0A-000001D1

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6112.5001.sft16001E0A-000001D116001E0A-000001D1

Error: (02/03/2012 05:29:31 PM) (Source: MsiInstaller)(User: thomas)thomas
Description: Adobe Reader X (10.1.2)Adobe Reader X (10.1.2)1603(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ares 2.1.7 (Version: 2.1.7-Build#3041)
avast! Free Antivirus (Version: 6.0.1367.0)
AVG 2011 (Version: 10.0.1416)
AVG 2011 (Version: 10.0.2109)
Bing Rewards Client Installer (Version: 16.0.345.0)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 3.15)
Cisco Connect (Version: 1.3.11006.1)
Compaq Setup Manager (Version: 1.0.12844.3519)
CyberLink DVD Suite (Version: 7.0.3320)
CyberLink MediaShow (Version: 5.0.1920)
CyberLink PowerDVD 9 (Version: 9.0.1.4604)
CyberLink YouCam (Version: 3.2.3321)
D3DX10 (Version: 15.4.2368.0902)
DHTML Editing Component (Version: 6.02.0001)
Energy Star Digital Logo (Version: 1.0.1)
ESU for Microsoft Windows 7 (Version: 1.0.0)
HiJackThis (Version: 1.0.0)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.2.1)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.1.2)
HP Quick Launch (Version: 2.2.7)
HP Setup (Version: 8.4.4400.3525)
HP Software Framework (Version: 4.0.70.1)
HP Support Assistant (Version: 5.1.8.12)
HP Wireless Assistant (Version: 4.0.10.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3220)
LightScribe System Software (Version: 1.18.18.1)
LookInMyPC
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
PhotoNow! (Version: 1.1.7717)
PlayReady PC Runtime x86 (Version: 1.3.0)
Power2Go (Version: 6.1.4419)
QuickTime (Version: 7.70.80.34)
Ralink RT5390 802.11b/g/n WiFi Adapter (Version: 3.1.11.0)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6206)
Recovery Manager (Version: 5.5.3223)
RoxioNow Player (Version: 1.9.5.101)
RtVOsd (Version: 1.0.6)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WildTangent Games App (HP Games) (Version: 4.0.5.14)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 1978.93 MB
Available physical RAM: 897.64 MB
Total Pagefile: 3957.85 MB
Available Pagefile: 2448.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:213.72 GB) (Free:167.33 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:18.86 GB) (Free:2.74 GB) NTFS

========================= Users: ========================================

User accounts for \\DONK

Administrator Guest thomas
tnttom


**** End of log ****
---------------------------------------------------------------------------------------------------------------------------------------------------------------
ffs

Farbar Service Scanner Version: 05-02-2012
Ran by thomas (administrator) on 06-02-2012 at 19:42:43
Running from "C:\Users\thomas\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
-------------------------------------------------------------------------------------------------------------------------------------------------------

#4 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 09:30 PM

toolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by thomas (administrator) on 06-02-2012 at 19:45:23
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15167 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Ralink RT5390 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : donk
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink RT5390 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 88-9F-FA-31-AE-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c404:83f6:ec2:af26%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, February 06, 2012 7:01:28 PM
Lease Expires . . . . . . . . . . : Tuesday, February 07, 2012 7:01:32 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 327720954
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6D-62-06-78-AC-C0-52-27-BD
DNS Servers . . . . . . . . . . . : 24.217.0.5
24.217.201.67
24.247.15.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 78-AC-C0-52-27-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5234EEB6-9645-4B41-80B9-9D92E56E0DAB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F86C1503-1C18-4311-821A-0746555072C2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24fd:22f6:e754:c4f4(Preferred)
Link-local IPv6 Address . . . . . : fe80::24fd:22f6:e754:c4f4%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: google.com
Addresses: 74.125.45.99
74.125.45.104
74.125.45.147
74.125.45.106
74.125.45.103
74.125.45.105


Pinging google.com [74.125.65.104] with 32 bytes of data:
Reply from 74.125.65.104: bytes=32 time=35ms TTL=52
Reply from 74.125.65.104: bytes=32 time=33ms TTL=52

Ping statistics for 74.125.65.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 35ms, Average = 34ms
Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=65ms TTL=53
Reply from 72.30.2.43: bytes=32 time=64ms TTL=53

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 65ms, Average = 64ms
Server: vip01olvemo.stls.mo.charter.com
Address: 24.217.0.5

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...88 9f fa 31 ae 4d ......Ralink RT5390 802.11b/g/n WiFi Adapter
10...78 ac c0 52 27 bd ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.111 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.111 281
192.168.1.111 255.255.255.255 On-link 192.168.1.111 281
192.168.1.255 255.255.255.255 On-link 192.168.1.111 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.111 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.111 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:24fd:22f6:e754:c4f4/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::24fd:22f6:e754:c4f4/128
On-link
12 281 fe80::c404:83f6:ec2:af26/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/04/2012 11:02:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc808
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c
Exception code: 0xe053534f
Fault offset: 0x000000000000cacd
Faulting process id: 0x%9
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3

Error: (02/04/2012 09:41:14 PM) (Source: CardSpace 3.0.0.0) (User: SYSTEM)SYSTEM
Description: The Windows CardSpace service is too busy to process this request.
User has too many outstanding requests.



Additional Information:
at System.Environment.get_StackTrace()
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=13:tid=620:usr=thomas}
The client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 0B025504-00000429, last error 2).

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=13:app=Microsoft Word Starter 2010 9014006604090000:tid=12F0}
Unable to shut app down (launch thread still going)

Error: (02/04/2012 02:57:07 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=7D0:usr=thomas}
Unable to shut app down (launch thread still going)

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=16AC:usr=thomas}
The client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 0C701533-000006BE, last error 87).

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=16AC:usr=thomas}
Unable to CreateProcess (rc 0C701533-000006BE)

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
The client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6112.5001.sft' (rc 16001E0A-000001D1, original rc 16001E0A-000001D1).

Error: (02/03/2012 05:29:31 PM) (Source: MsiInstaller) (User: thomas)thomas
Description: Product: Adobe Reader X (10.1.2) - Update 'Adobe Reader X (10.1.2)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (02/06/2012 07:44:40 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:39:30 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:34:20 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:29:10 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:24:00 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:24:00 PM) (Source: BROWSER) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is CISCO03913.

Error: (02/06/2012 07:18:50 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:13:40 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:08:30 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.

Error: (02/06/2012 07:03:20 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.111.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (02/04/2012 11:02:59 PM) (Source: Application Error)(User: )
Description: mmc.exe6.1.7600.163854a5bc808KERNELBASE.dll6.1.7601.176514e21213ce053534f000000000000cacd

Error: (02/04/2012 09:41:14 PM) (Source: CardSpace 3.0.0.0)(User: SYSTEM)SYSTEM
Description: User has too many outstanding requests.



Additional Information:
at System.Environment.get_StackTrace()
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=13:tid=620:usr=thomas}
Q:\140066.enu\Office14\WINWORDC.EXE0B025504-000004292

Error: (02/04/2012 02:57:25 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=13:app=Microsoft Word Starter 2010 9014006604090000:tid=12F0}

Error: (02/04/2012 02:57:07 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=7D0:usr=thomas}

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=16AC:usr=thomas}
Q:\140066.enu\Office14\WINWORDC.EXE0C701533-000006BE87

Error: (02/04/2012 02:55:25 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=16AC:usr=thomas}
0C701533-000006BE

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
16001E0A-000001D1

Error: (02/04/2012 02:53:39 PM) (Source: Application Virtualization Client)(User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=308:usr=thomas}
http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6112.5001.sft16001E0A-000001D116001E0A-000001D1

Error: (02/03/2012 05:29:31 PM) (Source: MsiInstaller)(User: thomas)thomas
Description: Adobe Reader X (10.1.2)Adobe Reader X (10.1.2)1603(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ares 2.1.7 (Version: 2.1.7-Build#3041)
avast! Free Antivirus (Version: 6.0.1367.0)
AVG 2011 (Version: 10.0.1416)
AVG 2011 (Version: 10.0.2109)
Bing Rewards Client Installer (Version: 16.0.345.0)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 3.15)
Cisco Connect (Version: 1.3.11006.1)
Compaq Setup Manager (Version: 1.0.12844.3519)
CyberLink DVD Suite (Version: 7.0.3320)
CyberLink MediaShow (Version: 5.0.1920)
CyberLink PowerDVD 9 (Version: 9.0.1.4604)
CyberLink YouCam (Version: 3.2.3321)
D3DX10 (Version: 15.4.2368.0902)
DHTML Editing Component (Version: 6.02.0001)
Energy Star Digital Logo (Version: 1.0.1)
ESU for Microsoft Windows 7 (Version: 1.0.0)
HiJackThis (Version: 1.0.0)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.2.1)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.1.2)
HP Quick Launch (Version: 2.2.7)
HP Setup (Version: 8.4.4400.3525)
HP Software Framework (Version: 4.0.70.1)
HP Support Assistant (Version: 5.1.8.12)
HP Wireless Assistant (Version: 4.0.10.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3220)
LightScribe System Software (Version: 1.18.18.1)
LookInMyPC
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
PhotoNow! (Version: 1.1.7717)
PlayReady PC Runtime x86 (Version: 1.3.0)
Power2Go (Version: 6.1.4419)
QuickTime (Version: 7.70.80.34)
Ralink RT5390 802.11b/g/n WiFi Adapter (Version: 3.1.11.0)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6206)
Recovery Manager (Version: 5.5.3223)
RoxioNow Player (Version: 1.9.5.101)
RtVOsd (Version: 1.0.6)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WildTangent Games App (HP Games) (Version: 4.0.5.14)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 1978.93 MB
Available physical RAM: 897.64 MB
Total Pagefile: 3957.85 MB
Available Pagefile: 2448.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:213.72 GB) (Free:167.33 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:18.86 GB) (Free:2.74 GB) NTFS

========================= Users: ========================================

User accounts for \\DONK

Administrator Guest thomas
tnttom


**** End of log ****

--------------------------------------------------------------------------------------------------------------------------------------------------------------

asw

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-06 20:04:35
-----------------------------
20:04:35.862 OS Version: Windows x64 6.1.7601 Service Pack 1
20:04:35.862 Number of processors: 1 586 0x170A
20:04:35.862 ComputerName: DONKEY UserName: thomas
20:04:38.046 Initialize success
20:04:38.764 AVAST engine defs: 12020601
20:04:47.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:04:47.250 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 3
20:04:47.281 Disk 0 MBR read successfully
20:04:47.281 Disk 0 MBR scan
20:04:47.281 Disk 0 Windows 7 default MBR code
20:04:47.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:04:47.313 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218854 MB offset 409600
20:04:47.344 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19317 MB offset 448622592
20:04:47.375 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
20:04:47.375 Service scanning
20:04:54.270 Modules scanning
20:04:54.270 Disk 0 trace - called modules:
20:04:54.333 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
20:04:54.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044853d0]
20:04:54.847 3 CLASSPNP.SYS[fffff88001b7943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002224050]
20:04:55.612 AVAST engine scan C:\Windows
20:04:58.903 AVAST engine scan C:\Windows\system32
20:08:50.835 AVAST engine scan C:\Windows\system32\drivers
20:09:08.572 AVAST engine scan C:\Users\thomas
20:10:41.284 Disk 0 MBR has been saved successfully to "C:\Users\thomas\Documents\MBR.dat"
20:10:41.300 The log file has been saved successfully to "C:\Users\thomas\Documents\aswMBR2-6.txt"

==============================================================================================================================================================

I did the malwarebytes scan but cannot find the log.?????nothing showed up.....I looked in the two spots you told me...if i find it i will post it or rerun it?

#5 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 09:38 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
thomas :: DONK [administrator]

2/6/2012 7:56:27 PM
mbam-log-2012-02-06 (19-56-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 198217
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:31 PM

Posted 06 February 2012 - 09:41 PM

All looks clean so far.

You posted MiniToolbox log twice.
I still need Security Check log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 10:19 PM

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 30
Out of date Java installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
``````````End of Log````````````


I don't get it......everytime i run rkill.exe it puts a proxy icon on my desktop? I forgot to add all my files that look like open file icons. you used to be able to see the pictures that were in that file peaking out. now if i go to start.documents. pictures. I cannot see any pics until i physically click on it and hit open...Thanks so much for helping me out here......I wish i knew more. Interesting stuff.

I got a warning in cmd when chkdsk was run......"warning no f" I just tried it again it says, access denied, you have to be running in elevated mode?

Edited by tom1965, 06 February 2012 - 10:24 PM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:31 PM

Posted 06 February 2012 - 10:33 PM

now if i go to start.documents. pictures. I cannot see any pics until i physically click on it and hit open

You may need to enable thumbnails: http://www.sevenforums.com/tutorials/11738-thumbnail-previews-enable-disable.html

access denied, you have to be running in elevated mode?

Go Start and in "Start search" type in:
cmd
Hold CTRL and SHIFT, press Enter.
That will open command prompt in elevated (admin) mode.

Any other issues?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 10:42 PM

just looked in avast vault....
has some of what viruses it found. is there a way to copy past the virus vault?

tsk0002.dta win32:rootkit-gen c:recycle bin
52b6e056-6983a95a win32fakealert-bxm c:recycle bin
tsk003.dta MBR:pihar-c c:recycle bin
endprocess.exe------------win32killapp-w pup c: hp\bin
svchost.dmp-----------------win32dnschanger-vj c:users\thomas\appdata\temp
tsk0000.dta--------------------win32dnschanger-vj tdsskiller
tsk0008-------------------------win32auleron-anw tdsskiller
tsk0007 -----------------------win32auleron-anw tdsskiller

tsk006----------------------------mbrauleron-anw tdsskiller

Edited by tom1965, 06 February 2012 - 10:55 PM.


#10 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 11:03 PM

I opened cmd in admin mode......i don't know how or feel comfortable adding the f

opened and says....ntfs mode
!warning f parameter not specified
running chkdsk in read only mode.


do i need to keep all the programs on the computer or what would you keep......

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:31 PM

Posted 06 February 2012 - 11:22 PM

You can add "f" switch no problem.

Any particular reason you're checking Avast vault?
Whatever is there is inactive.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 06 February 2012 - 11:57 PM

I have had so many different viruses. I had them scribbled down everywhere...I just thought I would try and give you an idea of what it was...actually I wanted to know the name of it....just found a few more...svchost.exe *32 Iexplore.exe and Heuristics.reserved.word.exploit....

the sad part is that is just a few.........i guess i was really unprotected...do i have to worry about the other computers on the router?

I still have to do eset, but when i ran the temp file cleaner. it ran ok and wanted to restart. i clicked ok and walked away, came back and it was still waiting on a blank program....after 6 minutes i forced it down......then it went black but the power light stayed lit.....i turned it off manually, upon restart it went to the black screen with the timer and options of safe mode or not....I started it regular and when the internet was coming up on wifi it was saying connected to 72389xxxxxx but on the picture it was showing 684563xxxxx as the connection. i disconnect from the 7xxxxxxxxxxxx and the stair power bars for the wifi went to a computer screen. opened it again and it showed connected to 7xxxxxxxxxxxxxxxxxxx but 6xxxxxxxxxxxxxxx was the connection....Is it normal to have two different numbers with a router. i have never noticed it but once while ridding of this thing........once avast came on it went to 7xxxxxxxxxxxx and showed 7xxxxxxxxxxx......

I just feel like i'm missing something...as you can tell, I'm low level with this stuff. I was thinking that you said save those downloads to desktop and i didn't have that option. All I could do was save and then move to desktop. I was using firefox and not explorer. could that have messed something up....

should i run the file cleaner again?

Edited by tom1965, 06 February 2012 - 11:58 PM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:31 PM

Posted 07 February 2012 - 12:27 AM

Run TFC from safe mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 tom1965

tom1965
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 07 February 2012 - 04:01 AM

ran file cleaner, then eset.....

found 2.....i was unable to save them. i wrote them down with their info.

c:\programdata\microsoft\windows\drm\aff6.tmp WIN64/olmarik-ad trojan
c:\programdata\microsoft\windows\drm\aff6.tmp WIN64/olmarik-ad trojan

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:31 PM

Posted 07 February 2012 - 11:41 AM

Any current issues?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users