Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe Flash crashing in Chrome and IE displays nothing...


  • Please log in to reply
8 replies to this topic

#1 Xastabus

Xastabus

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 14 May 2012 - 04:51 PM

Hi,

I am having a problem with Adobe Flash crashing in Chrome and when I launch Internet Explorer 9 it just sits there with a blank window trying to display the home page forever.
The affected system is running Windows 7 64-bit with all important updates installed. IE9 & Chrome are the only installed browsers.

I have tried the following already:
  • GFI VIPRE scan (current company anti-virus) - clean
  • Malwarebytes scan - clean
  • Combofix - doesn't appear to have done anything though report is available for inspection if needed.
  • Removed and reinstalled Adobe Flash, Adobe Shockwave, and IE9

I haven't tried to remove and reinstall Chrome yet only because it is the only functioning browser on this system.

I was hoping someone could check out a Hijack This report for me and see if anything is amiss.

Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:09:29 PM, on 5/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\smcconnell\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://itmanager:2000/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vandivier.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{527C4A4B-68F6-4B1B-8E7B-53D80DB8DE60}: NameServer = 192.168.1.7,192.168.1.91,192.168.1.92,8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vandivier.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = vandivier.local
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Business (SBAMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - GFI Software - C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7402 bytes

Edited by hamluis, 14 May 2012 - 04:57 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 16 May 2012 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not able to provide accurate information for 64 bit systems.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please paste the contents of the DDS.txt log in your next post.

The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image

#3 Xastabus

Xastabus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 16 May 2012 - 10:05 AM

DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by smcconnell at 11:02:54 on 2012-05-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.6421 [GMT -4:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe
C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RemotelyAnywhere\x64\RAGui.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\RemotelyAnywhere\x64\LMIGuardian.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\wuauclt.exe
C:\Users\smcconnell\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\smcconnell\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: unionremittance.com\dlockbox
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://itmanager:2000/activex/RACtrl.cab
TCP: Interfaces\{527C4A4B-68F6-4B1B-8E7B-53D80DB8DE60} : NameServer = 192.168.1.7,192.168.1.91,192.168.1.92,8.8.8.8,8.8.4.4
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SBAMTray] "C:\Program Files (x86)\GFI Software\GFIAgent\SBAMTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-8-30 101624]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-18 2348352]
R2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files (x86)\RemotelyAnywhere\x64\rainfo.sys [2010-1-27 15928]
R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;\??\C:\Windows\system32\drivers\RARfsDriver.sys --> C:\Windows\system32\drivers\RARfsDriver.sys [?]
R2 SBAMSvc;VIPRE Business;C:\Program Files (x86)\GFI Software\GFIAgent\SBAMSvc.exe [2011-10-12 2804312]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\GFIAgent\SBPIMSvc.exe [2011-10-12 181616]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-4-10 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-10 2655768]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 IOMap;IOMap;\??\C:\Windows\system32\drivers\IOMap64.sys --> C:\Windows\system32\drivers\IOMap64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 ramirr;ramirr;C:\Windows\system32\DRIVERS\ramirr.sys --> C:\Windows\system32\DRIVERS\ramirr.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-4-10 30528]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-14 20:26:54 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-14 20:10:39 98816 ----a-w- C:\Windows\sed.exe
2012-05-14 20:10:39 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-14 20:10:39 256000 ----a-w- C:\Windows\PEV.exe
2012-05-14 20:10:39 208896 ----a-w- C:\Windows\MBR.exe
2012-05-14 19:21:47 -------- d-----w- C:\Users\smcconnell\AppData\Roaming\Malwarebytes
2012-05-14 19:21:43 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-14 19:21:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-14 19:21:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-14 19:04:47 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-14 19:04:47 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-14 19:04:46 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-12 22:01:00 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-12 21:47:34 -------- d---a-w- C:\Users\smcconnell\AppData\Roaming\.minecraft
2012-05-12 21:15:45 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-12 21:15:17 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-12 20:53:01 -------- d-----w- C:\Users\smcconnell\AppData\Roaming\NVIDIA
2012-05-11 20:18:31 -------- d-----w- C:\WebDev
2012-05-09 16:52:52 -------- d-----w- C:\Users\smcconnell\AppData\Local\TomTom
2012-05-09 16:52:50 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2012-05-09 16:52:42 -------- d-----w- C:\Program Files (x86)\MyTomTom 3
2012-05-09 16:41:02 -------- d-----w- C:\Program Files\MFP-Printer Utility
2012-05-09 16:40:46 40448 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\KOAZXAAP.DLL
2012-05-09 16:39:54 14848 ----a-w- C:\Windows\System32\KOAZXAAL.DLL
2012-05-09 16:39:53 14848 ----a-w- C:\Windows\System32\KOAZXJAL.DLL
2012-05-09 16:39:51 -------- d-----w- C:\35C-4_Series_PS_PCL_FAX_Win7_v6.4.x_inst
2012-05-03 15:35:37 -------- d-----w- C:\Users\smcconnell\AppData\Roaming\GFI Software
2012-05-03 15:35:31 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-05-03 15:35:31 55416 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-05-03 15:35:31 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-05-03 15:33:40 -------- d-----w- C:\ProgramData\GFI Software
2012-05-03 15:33:39 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-05-01 08:58:26 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02EF2DAF-060D-4BCA-89E3-1FE5A58DA525}\mpengine.dll
2012-04-30 17:05:42 -------- d--h--w- C:\Windows\msdownld.tmp
2012-04-30 17:05:35 -------- d-----w- C:\Windows\SysWow64\directx
2012-04-26 14:17:22 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-25 20:50:01 -------- d-----w- C:\CPDB HQ
2012-04-25 20:36:09 -------- d-----w- C:\Users\smcconnell\AppData\Roaming\Nortel
2012-04-25 20:36:08 958464 ----a-w- C:\Windows\SysWow64\nmdcab32.dll
2012-04-25 20:36:08 925696 ----a-w- C:\Windows\SysWow64\nmdcsv32.dll
2012-04-25 20:36:08 876544 ----a-w- C:\Windows\SysWow64\nmdcms32.dll
2012-04-25 20:36:08 876544 ----a-w- C:\Windows\SysWow64\nmdcext.dll
2012-04-25 20:36:08 794624 ----a-w- C:\Windows\SysWow64\nmdcxp32.dll
2012-04-25 20:36:06 -------- d-----w- C:\Program Files (x86)\Nortel
2012-04-20 20:39:40 -------- d-----w- C:\Users\smcconnell\AppData\Local\ElevatedDiagnostics
2012-04-20 20:31:26 -------- d-----w- C:\Users\smcconnell\AppData\Local\LogMeIn
2012-04-20 20:31:26 -------- d-----w- C:\ProgramData\LogMeIn
2012-04-20 20:31:23 52112 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\RAproc.dll
2012-04-20 20:31:23 29584 ----a-w- C:\Windows\System32\RAport.dll
2012-04-20 20:31:22 89008 ----a-w- C:\Windows\System32\RARfsClientNP.dll
2012-04-20 20:31:22 72232 ----a-w- C:\Windows\System32\drivers\RARfsDriver.sys
2012-04-20 20:31:18 80784 ----a-w- C:\Windows\System32\RAinit.dll
2012-04-20 20:31:12 -------- d-----w- C:\Program Files (x86)\RemotelyAnywhere
2012-04-19 20:38:24 -------- d-----w- C:\Users\smcconnell\AppData\Local\Adobe
2012-04-19 20:35:47 -------- d-----w- C:\Users\smcconnell\AppData\Local\CutePDF Writer
2012-04-19 20:34:55 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-04-19 20:34:55 -------- d-----w- C:\Program Files (x86)\Acro Software
2012-04-19 20:34:32 -------- d-----w- C:\Program Files (x86)\GPLGS
2012-04-19 18:36:50 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2012-04-19 18:36:50 -------- d-----w- C:\Program Files\Nortel
2012-04-19 18:35:52 -------- d--h--w- C:\Users\smcconnell\InstallAnywhere
2012-04-19 17:01:14 485376 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr
2012-04-19 17:01:14 1147392 ----a-w- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe
2012-04-19 17:01:14 -------- d-----w- C:\Program Files\MyDefrag v4.3.1
2012-04-19 16:59:09 -------- d-----w- C:\Programs
2012-04-18 21:45:47 -------- d-----w- C:\Windows\PCHEALTH
2012-04-18 21:44:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-18 21:44:03 -------- d-----w- C:\Users\smcconnell\AppData\Local\Microsoft Help
2012-04-18 21:39:31 -------- d-----w- C:\Install
2012-04-18 14:24:08 -------- d-----w- C:\Windows\SysWow64\NV
2012-04-18 14:24:08 -------- d-----w- C:\Windows\System32\NV
2012-04-18 14:24:04 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-04-18 14:22:50 -------- d-----w- C:\NVIDIA
.
==================== Find3M ====================
.
2012-05-14 20:58:57 25640 ----a-w- C:\Windows\gdrv.sys
2012-05-05 13:43:16 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-10 17:12:34 16384 ----a-w- C:\Windows\System32\drivers\EIO64.sys
2012-04-10 14:55:30 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 17:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 11:03:07.97 ===============

Edited by Xastabus, 16 May 2012 - 10:07 AM.


#4 Xastabus

Xastabus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 16 May 2012 - 10:08 AM

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2012 10:23:05 PM
System Uptime: 5/14/2012 4:50:28 PM (43 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z68MA-D2H-B3
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | Socket 1155 | 3701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 875.919 GiB free.
D: is CDROM ()
Z: is NetworkDisk (NTFS) - 500 GiB total, 347.841 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP29: 5/12/2012 5:15:26 PM - Installed JavaFX 2.1.0
RP30: 5/12/2012 5:54:09 PM - Windows Update
RP31: 5/14/2012 1:48:16 PM - Restore Operation
RP32: 5/14/2012 3:03:42 PM - Windows Update
RP33: 5/14/2012 3:04:49 PM - Windows Update
RP34: 5/14/2012 4:34:51 PM - Windows Modules Installer
RP35: 5/14/2012 4:45:04 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
@BIOS
Adobe Reader X (10.1.3)
ASUS Gamer OSD
ASUS nVidia Driver
ASUS Smart Doctor
AutoGreen B10.1021.1
BCM Monitor
Easy Tune 6 B11.0630.1
Etron USB3.0 Host Controller
GFI Business Agent
GNU Aspell 0.50-3
Google Chrome
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 31
Java™ 7 Update 4
JavaFX 2.1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.1.0.530
Nortel Business Element Manager
Nortel CallPilot Desktop Messaging
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B11.0110.1
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RemotelyAnywhere
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Smart 6 B11.0512.1
swMSM
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility
Visual Studio C++ 10.0 Runtime
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 8:01:17 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5/14/2012 4:51:00 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain VANDIVIER due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
5/14/2012 4:31:37 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
5/14/2012 4:14:18 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/14/2012 4:13:08 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/14/2012 3:09:54 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer VANDC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{527C4A4B-68F6-4B1B-8E7B-53D80DB8DE60}. The master browser is stopping or an election is being forced.
5/14/2012 12:30:01 PM, Error: NetBT [4321] - The name "VANDIVIER :1d" could not be registered on the interface with IP address 192.168.1.34. The computer with the IP address 192.168.1.7 did not allow the name to be claimed by this computer.
5/14/2012 11:27:32 AM, Error: Microsoft-Windows-GroupPolicy [1030] - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
5/14/2012 1:53:20 PM, Error: NETLOGON [3210] - This computer could not authenticate with \\vandc.vandivier.local, a Windows domain controller for domain VANDIVIER, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
5/14/2012 1:53:13 PM, Error: NETLOGON [3210] - This computer could not authenticate with \\VMHost1.vandivier.local, a Windows domain controller for domain VANDIVIER, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
5/11/2012 4:23:54 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
.
==== End Of File ===========================

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 16 May 2012 - 10:22 AM

Try this.

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If still no joy.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

#6 Xastabus

Xastabus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 16 May 2012 - 12:16 PM

Unfortunately flushing the DNS cache did not help. I even moved the main Google DNS server to the top of the list.

Here is the MiniToolBox log.


MiniToolBox by Farbar  Version: 18-01-2012
Ran by [secret] (administrator) on 16-05-2012 at 12:57:41
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Yes
add address name="Local Area Connection" address=192.168.1.34 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : ITManager
   Primary Dns Suffix  . . . . . . . : vandivier.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : vandivier.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 50-E5-49-E9-38-07
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8dd5:3a0e:f31c:660f%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.34(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 240182601
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-16-A6-58-50-E5-49-E9-38-07
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       192.168.1.7
                                       192.168.1.91
                                       192.168.1.92
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{527C4A4B-68F6-4B1B-8E7B-53D80DB8DE60}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  74.125.228.73
	  74.125.228.69
	  74.125.228.78
	  74.125.228.68
	  74.125.228.66
	  74.125.228.64
	  74.125.228.72
	  74.125.228.67
	  74.125.228.71
	  74.125.228.65
	  74.125.228.70


Pinging google.com [74.125.228.73] with 32 bytes of data:
Reply from 74.125.228.73: bytes=32 time=25ms TTL=53
Reply from 74.125.228.73: bytes=32 time=25ms TTL=53

Ping statistics for 74.125.228.73:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 25ms, Average = 25ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  72.30.38.140
	  98.139.183.24
	  209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=131ms TTL=49
Reply from 72.30.38.140: bytes=32 time=95ms TTL=49

Ping statistics for 72.30.38.140:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 95ms, Maximum = 131ms, Average = 113ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    bleepingcomputer.com
Address:  208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...50 e5 49 e9 38 07 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.34    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.34    276
     192.168.1.34  255.255.255.255         On-link      192.168.1.34    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.34    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.34    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.34    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::8dd5:3a0e:f31c:660f/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/16/2012 00:36:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2012 00:26:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2012 00:19:38 PM) (Source: Chrome) (User: [secret])[secret]
Description: Chrome has encountered a fatal error.
ver=18.0.1025.168;is_machine=0;minidump=C:\Users\[secret]\AppData\Local\Google\CrashReports\62bca5d4-6f6f-4746-9faf-baf03c888b82.dmp

Error: (05/14/2012 05:01:09 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10c0

Start Time: 01cd32148a28e61b

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: daf10284-9e07-11e1-96cb-50e549e93807

Error: (05/14/2012 04:52:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2012 04:38:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2012 04:32:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2012 04:15:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2012 04:03:59 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c78

Start Time: 01cd320c8a4598d6

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (05/14/2012 03:40:06 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 21c

Start Time: 01cd3209492e61f6

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (05/16/2012 00:36:59 PM) (Source: Microsoft-Windows-GroupPolicy) (User: SYSTEM)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
<img src='http://www.bleepingcomputer.com/forums/public/style_emoticons/<#EMO_DIR#>/cool.gif' class='bbc_emoticon' alt='B)' /> Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (05/16/2012 00:36:59 PM) (Source: Microsoft-Windows-GroupPolicy) (User: [secret])
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
<img src='http://www.bleepingcomputer.com/forums/public/style_emoticons/<#EMO_DIR#>/cool.gif' class='bbc_emoticon' alt='B)' /> Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (05/16/2012 00:34:47 PM) (Source: Microsoft-Windows-GroupPolicy) (User: [secret])
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (05/16/2012 00:34:46 PM) (Source: Microsoft-Windows-GroupPolicy) (User: SYSTEM)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (05/16/2012 00:34:42 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain VANDIVIER due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (05/16/2012 00:25:14 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain VANDIVIER due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (05/14/2012 04:51:00 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain VANDIVIER due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (05/14/2012 04:37:02 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain VANDIVIER due to the following: 
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (05/14/2012 04:31:37 PM) (Source: Microsoft-Windows-GroupPolicy) (User: [secret])
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (05/14/2012 04:31:36 PM) (Source: Microsoft-Windows-GroupPolicy) (User: SYSTEM)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8109.12 MB
Available physical RAM: 6491.49 MB
Total Pagefile: 16216.43 MB
Available Pagefile: 14379.28 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:882.39 GB) NTFS

========================= Users: ========================================

User accounts for \\ITMANAGER

Administrator            Guest                    Sean                     
UpdatusUser              


**** End of log ****

Edited by Xastabus, 16 May 2012 - 04:07 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 16 May 2012 - 01:04 PM

This is out of my league. I suggest you start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

Post your problem and include the MiniToolBox log.

I will leave this topic open for 6 days.

Keep me posted.

#8 Xastabus

Xastabus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 16 May 2012 - 03:36 PM

Will do, thanks for your help.

#9 Xastabus

Xastabus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 17 May 2012 - 08:23 AM

Actually, I've decided that trying to fix this issue is more trouble than it is worth. I am backing up my valuable data and reformatting. Thank you again for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users