Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanDownloader:Win32/Adload.DA


  • Please log in to reply
22 replies to this topic

#1 Kiry

Kiry

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 22 July 2012 - 08:34 PM

Windows Explorer had crashed several times I think its because the action center says Im infected with the TrojanDownloader:Win32/Adload.DA virus. Made a full scan with the microsoft safety scanner tool to fix it but didnt detected the virus.
Neither SUPER Anti Spyware and Kaspersky Antivirus detected this threat.

Edited by Orange Blossom, 22 July 2012 - 09:24 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:05:14 PM

Posted 25 July 2012 - 05:26 PM

Hello Kiry and welcome to Bleeping Computer! :thumbup2: My name is swagger and I'll be assisting you.

Please follow the directions below, asking any questions before you proceed if you do not understand something completely.

::ESET Online Scanner::

Please run a free online scan with the ESET Online Scanner.
  • Tick the box next to Yes, I accept the Terms of Use.
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan Archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    (NOTE: If Eset doesn't find any threats, it will NOT produce any log.)

::Malwarebytes' Anti-Malware::

Please download Malwarebytes Anti-Malware and save it to your desktop.

Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
(NOTE: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.)

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Regards,

swagger

#3 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 12:55 AM

Thank You Swagger!! :lol:
I appreciate the help!!! :woot:

ESET SCAN:


C:\Users\Valy\Downloads\YouTubeDownloaderSetup30.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined


P.S. This is the first software that detected something! Finally! :cool:

#4 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 01:05 AM

The Trojan is the Youtube Downloader?? :wacko:
Do I need to uninstall this program? :blink:
And what happens if I delete that threat from the quarantine? :wacko:
Sorry to ask all those questions :P

Edited by Kiry, 26 July 2012 - 01:13 AM.


#5 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 01:13 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Valy :: VALY-VAIO [administrator]

7/26/2012 2:07:06 AM
mbam-log-2012-07-26 (02-07-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231120
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


P.S. I already had the Malwarebytes Anti-Malware installed on my computer.

#6 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:05:14 PM

Posted 26 July 2012 - 07:37 AM

Hello Kiry,

Thank You Swagger!! :lol: I appreciate the help!!! :woot: ESET SCAN:C:\Users\Valy\Downloads\YouTubeDownloaderSetup30.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantinedP.S. This is the first software that detected something! Finally! :cool:

Not a problem, hopefully we can get you fixed up!


The Trojan is the Youtube Downloader?? :wacko: Do I need to uninstall this program? :blink:And what happens if I delete that threat from the quarantine? :wacko: Sorry to ask all those questions :P

The trojan may not be the the Youtube Downloader program itself, but software that comes bundled in the installer. Since ESET has already moved the file to the quarantine, deleting it would remove the file from your machine completely. Quarantineworks almost like the Recycle Bin on your Desktop. You delete files from your computer and they go to the Recycle Bin but they can be restored UNTIL you empty the Recycle Bin - then they are gone for good unless you use special Recovery software to try and bring them back. Does that make sense?


Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.26.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Valy :: VALY-VAIO [administrator]7/26/2012 2:07:06 AMmbam-log-2012-07-26 (02-07-06).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 231120Time elapsed: 4 minute(s), 10 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)P.S. I already had the Malwarebytes Anti-Malware installed on my computer.

Have you run any recent scans with Malwarebytes Anti-Malware that found and/or removed anything? If so, Could you please post the logs here?

  • Open Malwarebytes' AntiMalware and click on the Logs tab.
  • Find the appropriate log in the Logs window and double-click on it.
  • Paste the contents of that log in your next reply.
Also, Are you still experience the crashes in Internet Explorer? If so, follow the instructions below. Again, if you have any questions, please ask FIRST before proceeding.

::aswMBR::

  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
  • Click the Scan button to start scan.
  • On completion of the scan click Save log button, save it to your desktop and post in your next reply.

    (NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.)
::Security Check::

Download Security Check, and save it to your Desktop.

  • Double-click SecurityCheck.exe to run it.
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    (NOTE: SecurityCheck may produce some false warning(s), so leave the results reading to me.)
::Farbar Service Scanner::

Download Farbar Service Scanner (FSS) and save it to your desktop.

  • Double-click on FSS.exe to run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Click the Scan button.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Regards,

swagger

#7 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 09:35 AM

Hello Kiry,


Thank You Swagger!! :lol: I appreciate the help!!! :woot: ESET SCAN:C:\Users\Valy\Downloads\YouTubeDownloaderSetup30.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantinedP.S. This is the first software that detected something! Finally! :cool:

Not a problem, hopefully we can get you fixed up!


The Trojan is the Youtube Downloader?? :wacko: Do I need to uninstall this program? :blink:And what happens if I delete that threat from the quarantine? :wacko: Sorry to ask all those questions :P

The trojan may not be the the Youtube Downloader program itself, but software that comes bundled in the installer. Since ESET has already moved the file to the quarantine, deleting it would remove the file from your machine completely. Quarantineworks almost like the Recycle Bin on your Desktop. You delete files from your computer and they go to the Recycle Bin but they can be restored UNTIL you empty the Recycle Bin - then they are gone for good unless you use special Recovery software to try and bring them back. Does that make sense?


Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.26.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Valy :: VALY-VAIO [administrator]7/26/2012 2:07:06 AMmbam-log-2012-07-26 (02-07-06).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 231120Time elapsed: 4 minute(s), 10 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)P.S. I already had the Malwarebytes Anti-Malware installed on my computer.

Have you run any recent scans with Malwarebytes Anti-Malware that found and/or removed anything? If so, Could you please post the logs here?

  • Open Malwarebytes' AntiMalware and click on the Logs tab.
  • Find the appropriate log in the Logs window and double-click on it.
  • Paste the contents of that log in your next reply.
Also, Are you still experience the crashes in Internet Explorer? If so, follow the instructions below. Again, if you have any questions, please ask FIRST before proceeding.

::aswMBR::

  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
  • Click the Scan button to start scan.
  • On completion of the scan click Save log button, save it to your desktop and post in your next reply.

    (NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.)
::Security Check::

Download Security Check, and save it to your Desktop.

  • Double-click SecurityCheck.exe to run it.
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    (NOTE: SecurityCheck may produce some false warning(s), so leave the results reading to me.)
::Farbar Service Scanner::

Download Farbar Service Scanner (FSS) and save it to your desktop.

  • Double-click on FSS.exe to run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Click the Scan button.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Regards,

swagger



Ohhhhh I understand now! Thanks! and yes it makes sense!

This is the only scan that malwarebytes detected something:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Valy :: VALY-VAIO [limited]

Protection: Enabled

6/20/2012 12:32:16 AM
mbam-log-2012-06-20 (00-32-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 500720
Time elapsed: 1 hour(s), 40 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Valy\Downloads\SoftonicDownloader_para_acronis-true-image.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)


It's not the Internet explorer that clashes, its the windows explorer.


Posted Image

#8 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:05:14 PM

Posted 26 July 2012 - 09:57 AM

Hello Kiry,

It's not the Internet explorer that clashes, its the windows explorer.


Posted Image


My apologies, I meant windows explorer. Can you post the logs that I've asked for? Thanks!

Regards,

swagger

#9 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 11:16 AM

::aswMBR::


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 11:32:10
-----------------------------
11:32:10.972 OS Version: Windows x64 6.1.7601 Service Pack 1
11:32:10.972 Number of processors: 4 586 0x2502
11:32:10.972 ComputerName: VALY-VAIO UserName: Valy
11:32:14.090 Initialize success
11:34:49.368 AVAST engine defs: 12072601
11:34:52.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:34:52.036 Disk 0 Vendor: ST950032 0004 Size: 476940MB BusType: 3
11:34:52.051 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006e
11:34:52.051 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
11:34:52.067 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000080
11:34:52.067 Disk 2 Vendor: RICOH 02 Size: 1884MB BusType: 0
11:34:52.082 Disk 0 MBR read successfully
11:34:52.098 Disk 0 MBR scan
11:34:52.098 Disk 0 Windows 7 default MBR code
11:34:52.114 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8650 MB offset 2048
11:34:52.145 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 17717248
11:34:52.192 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468188 MB offset 17922048
11:34:52.238 Disk 0 scanning C:\Windows\system32\drivers
11:35:10.678 Service scanning
11:35:53.767 Modules scanning
11:35:53.782 Disk 0 trace - called modules:
11:35:53.814 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys ACPI.sys iaStor.sys hal.dll
11:35:53.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006767060]
11:35:53.829 3 CLASSPNP.SYS[fffff8800238743f] -> nt!IofCallDriver -> [0xfffffa80065ffce0]
11:35:53.845 5 vsflt61.sys[fffff88000db70fd] -> nt!IofCallDriver -> [0xfffffa80047497f0]
11:35:53.860 7 ACPI.sys[fffff88000f837a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046fa050]
11:35:55.873 AVAST engine scan C:\Windows
11:35:59.539 AVAST engine scan C:\Windows\system32
11:41:12.318 AVAST engine scan C:\Windows\system32\drivers
11:41:42.266 AVAST engine scan C:\Users\Valy
11:53:48.639 AVAST engine scan C:\ProgramData
11:59:29.141 Scan finished successfully
12:09:20.385 Disk 0 MBR has been saved successfully to "C:\Users\Valy\Desktop\MBR.dat"
12:09:20.401 The log file has been saved successfully to "C:\Users\Valy\Desktop\aswMBR.txt"

#10 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 11:18 AM

::Security Check::


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Kaspersky Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

JavaFX 2.1.1
Java™ 6 Update 23
Java™ 6 Update 20
Java™ 7 Update 5
Out of date Java installed!
Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
CyberDefender SchedulerService SchedulerService.exe
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtblfs.exe
``````````End of Log````````````

#11 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 11:19 AM

::Farbar Service Scanner::

Farbar Service Scanner Version: 26-07-2012
Ran by Valy (administrator) on 26-07-2012 at 12:14:38
Running from "C:\Users\Valy\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Demand
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:05:14 PM

Posted 26 July 2012 - 12:33 PM

Hello Kiry,

Download MiniToolBox and save it to your Desktop.

  • Double-click MiniToolBox.exe to run it.
  • Check mark the following boxes:

    Report IE Proxy Settings
    List content of Hosts
    List IP Configuration
    List Winsock entries
    List last 10 Event Viewer Errors
    List Devices (Only problems)
    List Users, Partitions and Memory size.

  • Click the Go button and post the log file (Result.txt).

    (NOTE: The Result.txt should appear when the program completes. If the log does not automatically appear it should be on your desktop or in the folder the file was downloaded to.)
Regards,

swagger

Edited by swagger, 26 July 2012 - 12:36 PM.


#13 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 09:33 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Valy (administrator) on 26-07-2012 at 22:29:50
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================








127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com.*
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com

There are 42 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Valy-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 2A-81-58-F8-7F-8D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 50-63-13-F5-3D-59
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 2C-81-58-F8-7F-8D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bdc4:5dab:d3b8:8a70%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 26, 2012 6:19:47 PM
Lease Expires . . . . . . . . . . : Friday, July 27, 2012 10:26:09 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113630
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-03-E4-DF-00-24-BE-BE-75-CE
DNS Servers . . . . . . . . . . . : 70.45.95.8
70.45.95.9
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-24-BE-BE-75-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:342c:3688:3f57:fe9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::342c:3688:3f57:fe9b%19(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{C67F1FA0-7582-42B1-BDAF-119C1C7947BC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E713C92D-A565-472C-A643-4822E7FEEAA2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5CA2638F-A594-4D24-80BE-A37A7C278809}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F080DE39-A95A-4ECD-9EF4-659C412F3AD6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: static-host-70-45-95-8.onelinkpr.net
Address: 70.45.95.8

Name: google.com
Addresses: 2001:4860:4006:802::1006
74.125.229.102
74.125.229.103
74.125.229.104
74.125.229.105
74.125.229.110
74.125.229.96
74.125.229.97
74.125.229.98
74.125.229.99
74.125.229.100
74.125.229.101


Pinging google.com [74.125.229.228] with 32 bytes of data:
Reply from 74.125.229.228: bytes=32 time=36ms TTL=56
Reply from 74.125.229.228: bytes=32 time=37ms TTL=56

Ping statistics for 74.125.229.228:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 37ms, Average = 36ms
Server: static-host-70-45-95-8.onelinkpr.net
Address: 70.45.95.8

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=145ms TTL=50
Reply from 72.30.38.140: bytes=32 time=196ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 145ms, Maximum = 196ms, Average = 170ms
Server: static-host-70-45-95-8.onelinkpr.net
Address: 70.45.95.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...2a 81 58 f8 7f 8d ......Microsoft Virtual WiFi Miniport Adapter
12...50 63 13 f5 3d 59 ......Bluetooth Device (Personal Area Network)
11...2c 81 58 f8 7f 8d ......Atheros AR9285 Wireless Network Adapter
10...00 24 be be 75 ce ......Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 281
192.168.1.100 255.255.255.255 On-link 192.168.1.100 281
192.168.1.255 255.255.255.255 On-link 192.168.1.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 58 ::/0 On-link
1 306 ::1/128 On-link
19 58 2001::/32 On-link
19 306 2001:0:9d38:953c:342c:3688:3f57:fe9b/128
On-link
11 281 fe80::/64 On-link
19 306 fe80::/64 On-link
19 306 fe80::342c:3688:3f57:fe9b/128
On-link
11 281 fe80::bdc4:5dab:d3b8:8a70/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/26/2012 06:20:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/26/2012 06:20:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/26/2012 02:55:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/26/2012 10:34:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/25/2012 09:40:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/25/2012 09:40:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/25/2012 09:40:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/25/2012 06:58:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/25/2012 06:37:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/25/2012 05:55:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x0000000000028359
Faulting process id: 0x7b8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (07/26/2012 06:19:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (07/26/2012 06:17:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.

Error: (07/26/2012 06:16:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (07/26/2012 06:07:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.

Error: (07/26/2012 06:06:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.

Error: (07/26/2012 06:06:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.

Error: (07/26/2012 06:05:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.

Error: (07/26/2012 06:05:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.

Error: (07/26/2012 06:04:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFMEService service.

Error: (07/26/2012 00:32:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VcmIAlzMgr service.


Microsoft Office Sessions:
=========================
Error: (07/26/2012 06:20:40 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (07/26/2012 06:20:36 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (07/26/2012 02:55:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/26/2012 10:34:10 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (07/25/2012 09:40:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Valy\Downloads\esetsmartinstaller_enu.exe

Error: (07/25/2012 09:40:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Valy\Downloads\esetsmartinstaller_enu.exe

Error: (07/25/2012 09:40:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Valy\Downloads\esetsmartinstaller_enu.exe

Error: (07/25/2012 06:58:01 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (07/25/2012 06:37:57 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (07/25/2012 05:55:22 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec000000500000000000283597b801cd6a8e4f22e897C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll6e1d4958-d6a3-11e1-9692-506313f53d59


========================= Devices: ================================

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 4014.09 MB
Available physical RAM: 1697.98 MB
Total Pagefile: 8026.37 MB
Available Pagefile: 5156.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.81 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:457.21 GB) (Free:334.35 GB) NTFS
3 Drive f: () (Removable) (Total:1.84 GB) (Free:1.27 GB) FAT
4 Drive g: (KIS 2012) (CDROM) (Total:0.34 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\VALY-VAIO

Administrator Guest Mcx1-VALY-VAIO
Valy


**** End of log ****

#14 Kiry

Kiry
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 26 July 2012 - 09:39 PM

So far, my computer is working great! :lol: and I havent seen today the message of the trojan infection from the Action Center!
I think that the ESET Scan did the magic!
how we can be sure that the infection really disappeared once and for all?

Edited by Kiry, 26 July 2012 - 09:40 PM.


#15 swagger

swagger

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:05:14 PM

Posted 27 July 2012 - 07:22 AM

Hello Kiry,

So Windows Explorer hasn't crashed since the 25th? That's good news!

There might be one way we can verify if the ESET scan found the problem. If you go back into Action Center and to the message that you took a screen shot of, can you you click on Additional Details at the bottom? What I'm looking for is a filename that can tell us what was being labeled as Win32/Adload.DA.

One more question...

========================= Hosts content: =================================








127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com.*
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com

There are 42 more lines starting with "127.0.0.1"

Did you make these changes to your HOSTS file? I've seen instances of this when a pirated copy of Adobe software is being used. If this is the case, I urge you to reframe from using illegal copies of software because they can contain malware including rootkits that can go undetected. If that is not the case, this also could be related to Adobe's software changing the HOSTS file entries if your software license has expired.

regards,

swagger




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users