Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Bleeping Computer, you're my only Hope! I believe my laptop has been hacked


  • Please log in to reply
42 replies to this topic

#1 pappy1865

pappy1865

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 09 February 2012 - 02:23 PM

Hello all! About 4 and a half years ago, we had a Trojan issue with our laptop. The great people over at another site helped out. I believe we have problems again, and have received no response from the other site, so I came here.

First off, we don't use the laptop hardly at all, and do most of our surfing via Droid Bionic. It does get used to pay some bills, etc. once a month. The other day, however, I received an email from my Time Warner Cable Road Runner email account, that was sent to myself (to my gmail), my wife (to her work, Road Runner, and gmail emails), and a few other folks. I don't use my Road Runner email at all, as I do everything through gmail, or my work email, so that sent off a warning flag. I went to the laptop, ran task manager, and noticed over 20+ ping.exe and 15-20 cmd.exe commands running. Ran Superantispyware, Spybot, and a few other programs, and all seemed fine for a week or so. Well, at least I don't have the ping.exe or cmd.exe files running.

Now however, I keep seeing messages that internet explorer has "encountered a problem" and crashed. We use Chrome or Firefox, NOT IE, and haven't for years. This is why I believe we've been hacked. Checked settings on my Cisco router, and all seems ok, or at least it's not showing any unregistered users, and it is password protected, but I'm stumped, and am hoping you guys can help me make sure we're not compromised here at home. Xbox Live Gaming has been slow as well I've noticed, since the fake email was sent. I use Mike Lin's startup manager, but tried to check MSCONFIG, and it told me it wasn't found. The .exe file is still in the windows folder to access, but not from the run menu.

Also, every so often I'll hear what sounds like a usb drive being disconnected/connected, and will also hear random default windows sound bits, like the default Windows Critical Stop sound, the Default Beep sound, etc. from time to time as well.

Thanks in advance, and I await any replies and help! Sorry if this is all over the place as well! Also, if this is the wrong sub forum, please move me wherever!

Thanks again,

Vince

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 09 February 2012 - 06:23 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 pappy1865

pappy1865
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 February 2012 - 09:01 AM

Checking in from work. Thanks for the reply. Is it better to save these files to a jump drive here, then run them at home?

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 10 February 2012 - 11:27 AM

I'm not sure what you're asking....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 pappy1865

pappy1865
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 February 2012 - 11:32 AM

Sorry! Was asking if it would be better to download all the programs to run to a jump drive,while I'm at work, and then run them from said jump drive once I got home to the laptop.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 10 February 2012 - 11:44 AM

You can do that.
Don't run them from a flash drive though.
Transfer them to laptop's desktop.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 pappy1865

pappy1865
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 February 2012 - 05:48 PM

Well lovely. Malwarebytes keeps force closing, and now I've got the blue screen. Dumping physical memory now

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 10 February 2012 - 05:49 PM

Skip MBAM for now.
Post other logs.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 pappy1865

pappy1865
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 February 2012 - 05:51 PM

I shall once the dreaded blue screen is done

Run the aswMBR file first?

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 10 February 2012 - 05:52 PM

You may but eventually I'd like to see all other 3 logs.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 pappy1865

pappy1865
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 February 2012 - 05:56 PM

I shall once the dreaded blue screen is done

Sorry fir the double post. DROID does what it wants sometimes.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 10 February 2012 - 06:15 PM

Try to run MBAM and aswMBR from safe mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 pappy1865

pappy1865
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 February 2012 - 06:23 PM

Should I run the other 2 in safe mode while you are looking at these 3 logs now? Logs to follow:






Start of Security Check Log:


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
HijackThis 2.0.2
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.1.102.55
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````

===============================================


Start of FSS Log:

Farbar Service Scanner Version: 08-02-2012
Ran by Vince Antrim (administrator) on 10-02-2012 at 12:26:45
Running from "C:\Documents and Settings\Vince Antrim\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Bridge(10) BridgeMP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000090000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****

============================================================

Start of MiniToolBox Log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Vince Antrim (administrator) on 10-02-2012 at 12:27:39
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com

There are 15191 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : vince-284aade4f Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ma.rr.comEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC Physical Address. . . . . . . . . : 00-C0-9F-E2-80-CBEthernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : ma.rr.com Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN Physical Address. . . . . . . . . : 00-14-A5-1F-6E-69 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.129 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 192.168.1.1 Lease Obtained. . . . . . . . . . : Friday, February 10, 2012 6:19:49 AM Lease Expires . . . . . . . . . . : Saturday, February 11, 2012 6:19:49 AMServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.115.103, 74.125.115.104, 74.125.115.105, 74.125.115.106
74.125.115.147, 74.125.115.99

Pinging google.com [74.125.113.99] with 32 bytes of data:Reply from 74.125.113.99: bytes=32 time=52ms TTL=50Reply from 74.125.113.99: bytes=32 time=53ms TTL=50Ping statistics for 74.125.113.99: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 52ms, Maximum = 53ms, Average = 52msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.183.24

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=69ms TTL=53Reply from 98.137.149.56: bytes=32 time=69ms TTL=53Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 69ms, Maximum = 69ms, Average = 69msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 9f e2 80 cb ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 14 a5 1f 6e 69 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.129 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.129 192.168.1.129 25
192.168.1.129 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.129 192.168.1.129 25
224.0.0.0 240.0.0.0 192.168.1.129 192.168.1.129 25
255.255.255.255 255.255.255.255 192.168.1.129 2 1
255.255.255.255 255.255.255.255 192.168.1.129 192.168.1.129 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 09:28:12 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x0015220f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/06/2012 08:34:43 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x0015220f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/05/2012 04:54:56 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x0015220f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/04/2012 08:44:10 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x0015220f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/28/2012 10:29:13 AM) (Source: Application Error) (User: )
Description: Faulting application motohelperagent.exe, version 2.1.32.0, faulting module motohelperagent.exe, version 2.1.32.0, fault address 0x00036220.
Processing media-specific event for [motohelperagent.exe!ws!]

Error: (01/10/2012 01:13:19 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/10/2012 01:13:19 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/17/2011 10:25:19 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03e957e0.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (02/08/2012 09:56:58 AM) (Source: Service Control Manager) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/06/2012 06:19:45 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.127 for the Network Card with network address 0014A51F6E69 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/06/2012 06:17:11 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (02/06/2012 06:17:11 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (02/02/2012 05:55:24 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (02/02/2012 05:55:12 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/01/2012 05:29:11 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (02/01/2012 05:28:48 PM) (Source: DCOM) (User: Vince Antrim)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (02/01/2012 05:28:26 PM) (Source: Service Control Manager) (User: )
Description: The HP Pci Information service failed to start due to the following error:
%%3

Error: (02/01/2012 05:28:26 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/30/2011 09:34:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 111 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/26/2009 06:43:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 566 seconds with 120 seconds of active time. This session ended with a crash.

Error: (11/28/2008 09:50:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 39145 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (05/30/2008 08:06:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 225 seconds with 180 seconds of active time. This session ended with a crash.

Error: (01/02/2008 04:48:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 93854 seconds with 240 seconds of active time. This session ended with a crash.

Error: (09/29/2007 00:33:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 117 seconds with 60 seconds of active time. This session ended with a crash.

Error: (08/11/2007 10:49:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1674 seconds with 480 seconds of active time. This session ended with a crash.

Error: (08/11/2007 10:21:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 256 seconds with 60 seconds of active time. This session ended with a crash.

Error: (08/11/2007 10:16:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 359 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/24/2007 11:47:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

AC3Filter (remove only)
Acoustica Effects Pack (Version: 3.0)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional (Version: 8.3.1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AudioShell 1.3.5 (Version: 1.3.5)
AutoCAD 2008 - English (Version: 17.1.51.0)
Autodesk DWF Viewer 7 (Version: 7.2.0)
avast! Free Antivirus (Version: 6.0.1367.0)
BitTorrent (Version: 7.0.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 4.170.25.12)
Cisco Connect (Version: 1.4.12005.2)
Codec Pack - All In 1 6.0.3.0
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
DivX ;-) Audio Compressor 4.02
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.3.1.2)
DivX Version Checker (Version: 7.1.0.9)
Driver Detective (Version: 8.0.1)
ESPN Java Check
EvilLyrics
Free YouTube to MP3 Converter version 3.10.11.923
GiPo@FileUtilities 2.9 (Version: 2.9.150)
GiPo@MoveOnBoot 1.9.5 (Version: 1.9.5)
Google Apps Sync™ for Microsoft Outlook® 3.0.50.95 (Version: 3.0.50.95)
Google Calendar Sync
Google Chrome (Version: 16.0.912.77)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.99)
Google Updater (Version: 2.4.2432.1652)
Google Video Player
HijackThis 2.0.2 (Version: 2.0.2)
HP BatteryCheck 1.00 A7 (Version: 1.00 A7)
HP Help and Support (Version: 4.4.0002)
HP Product Detection (Version: 10.7.4.0)
HP Software Update (Version: 3.0.2.991)
HP Wireless Assistant 2.00 G2 (Version: 2.00 G2)
Intel® Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo WinDVD (Version: 5.0-B11.637)
IrfanView (remove only)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Lexmark 3400 Series
LightScribe 1.4.97.1 (Version: 1.4.97.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint 2003 Template Pack 1 (Version: 11.0.5614.0)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Move Media Player
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Music Manager
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Personal License Update Wizard for Windows Media Player
Quick Launch Buttons 5.20 H1 (Version: 5.20 H1)
QuickTime (Version: 7.71.80.42)
Realtek AC'97 Audio (Version: 5.36)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.71)
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Soft Data Fax Modem with SmartCP
Sonic Audio Module (Version: 2.0.0.1)
Sonic Copy Module (Version: 2.0.0.1)
Sonic Data Module (Version: 2.0.0.1)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.3)
Sonic Update Manager (Version: 3.0.0)
Sony Media Manager 2.1 (Version: 2.1.242)
Startup Control Panel (Version: 2.7.0.0)
System Requirements Lab for Intel (Version: 4.3.1.0)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.13.0000)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.20.0000)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.21.0000)
Time Zone Data Update Tool for Microsoft Office Outlook (Version: 12.0.4518.1062)
TIPCI (Version: 1.20.0000)
TIPCI (Version: 1.21.0000)
Unity Web Player (Version: 2.6.1f3_31223)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (2627.01) (Version: 6.03.00.9402)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
Weather Exchange (Version: 1.0.47)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 1270.42 MB
Available physical RAM: 358.55 MB
Total Pagefile: 4937.57 MB
Available Pagefile: 3977.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.32 GB) (Free:33.92 GB) NTFS
3 Drive f: (SEA_DISC) (Fixed) (Total:149.01 GB) (Free:6.27 GB) FAT32

========================= Users: ========================================

User accounts for \\VINCE-284AADE4F

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Vince Antrim


**** End of log ****
==========================================

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:14 PM

Posted 10 February 2012 - 06:58 PM

Yes, go ahead....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 pappy1865

pappy1865
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 10 February 2012 - 07:36 PM

Same issues. MBAM crashed, and aswMBR caused another blue screen reboot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users