Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess.C - Advice? Current Risk Level? (Detailed)


  • Please log in to reply
31 replies to this topic

#1 aaugustwe

aaugustwe

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 27 March 2013 - 11:55 AM

OS: Windows 7 Service Pack 1

Issue: Trojan.Zeroaccess.C

 

Hello,

 

Below is a timeline of the events and actions taken thus far.

 

I was researching issues with Internet Explorer 10 on our office manager's computer and one of the websites linked to during my Google search lead me to a website that attempted to auto-download a file (unfortunately I do not have the name of the file). The standard download request bar came up at the bottom of the IE window, out of natural reaction I clicked the 'x' since I did not request to download anything. This occurred approximately 24 hours ago.

 

Shortly after this happened Symantec Endpoint Protection began displaying a detection notification for Trojan.Zeroaccess.C.

 

Symantec would show 'Action Taken: Pending Side Effect Analysis : Access Denied' on the first occurrence and then 'Action Taken: Cleaned by Deletion' on the second occurrence.

 

This would happen once for a file named '80000000.@' and once for a file named '800000cb.@' both located in the parent folder 'C:\$Recycle.Bin\...' (I do not have the complete file path).

 

This notification sequence repeated itself every 30 seconds or so...

 

I immediately enacted a full system scan and went to my computer to research the issue.

 

After some reading, I decided to pause the Symantec scan (which had not detected anything as of yet) and download/run the 'Microsoft® Windows® Malicious Software Removal Tool (KB890830)'. During this process I also decided to disconnect the computer from the internet.

 

The 'Microsoft® Windows® Malicious Software Removal Tool (KB890830)' detected and fixed an issue. Unfortunately I do not have the exact information from this scan but it seemed to be of the same name and nature as what was described in the Symantec notifications.

 

When the Windows scan completed I resumed the Symantec scan. The moment after I resumed the scan the Symantec notifications mentioned above appeared (only once this time). I allowed the scan to finish and nothing else was detected. This was the last occurrence of the Symantec notifications.

 

With the infected computer still disconnected from the internet, I downloaded the 'Symantec Trojan.Zeroaccess Removal Tool' on my computer and burned it to a CD. I ran this tool on the infected computer and nothing was detected.

 

Similarly I downloaded the 'Symantec Power Eraser with the Symantec Endpoint Protection Support Tool' and burned it to a CD. Before I ran this tool I reconnected the infected computer to the internet to allow for updates to be installed.The tool ran and everything seemed to come out okay.

 

(It probably doesn't matter but at this time I uninstalled the Internet Explorer 10 update and reverted the computer back to Internet Explorer 9.)

 

Finally, I updated and ran a Malwarebytes full scan. Fairly quickly, three risks were detected. I was unfortunately unable to stay at the office to see the scan to its completion. I disconnected the infected computer from the internet before I left the office to head home and allowed the scan to continue to run.

 

I spoke with our office manager this morning and the scan completed with the three risks as the only ones detected. They were of the same nature as the previous Symantec notifications.  At the bottom of this post is the Malwayebytes log.

 

Company work has been necessary on the infected computer this morning... it was reconnected and is currently connected to the internet. The computer seems to be running fine without any new notifications.

 

I am not convinced that the issue has been resolved though and am concerned that the security of the infected machine and our network may still be compromised.

 

Any advice on how to proceed and/or opinions on perceived current security risk would be greatly appreciated. Thank you!

 

"Trojan.Zeroaccess.C is a Trojan horse that may download more malware and steal confidential information from the compromised computer."

 

"Releases Confidential Info: May steal potentially confidential information."

 

http://www.symantec.com/security_response/writeup.jsp?docid=2012-080900-3758-99

 

"It then connects to a peer-to-peer network and downloads additional threat modules."

 

http://www.symantec.com/security_response/writeup.jsp?docid=2012-080900-3758-99&tabid=2

 

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.26.14
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE_60B1Z [administrator]
 
3/26/2013 3:49:13 PM
mbam-log-2013-03-26 (15-49-13).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 423100
Time elapsed: 2 hour(s), 4 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\$RECYCLE.BIN\S-1-5-18\$ffe5f16cf2654ac51edf7e8310ec9634\n (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-18\$ffe5f16cf2654ac51edf7e8310ec9634\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1573541877-1875989967-4547331-1003\$ffe5f16cf2654ac51edf7e8310ec9634\n (Trojan.0Access) -> Quarantined and deleted successfully.
 
(end)
 
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:21 PM

Posted 27 March 2013 - 11:58 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

 
 



#3 aaugustwe

aaugustwe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 27 March 2013 - 07:45 PM

15:25:30.0909 3256  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:25:31.0720 3256  ============================================================
15:25:31.0720 3256  Current date / time: 2013/03/27 15:25:31.0720
15:25:31.0720 3256  SystemInfo:
15:25:31.0720 3256 
15:25:31.0720 3256  OS Version: 6.1.7601 ServicePack: 1.0
15:25:31.0720 3256  Product type: Workstation
15:25:31.0720 3256  ComputerName: MICHELLE_60B1Z
15:25:31.0720 3256  UserName: Michelle
15:25:31.0720 3256  Windows directory: C:\Windows
15:25:31.0720 3256  System windows directory: C:\Windows
15:25:31.0720 3256  Processor architecture: Intel x86
15:25:31.0720 3256  Number of processors: 2
15:25:31.0720 3256  Page size: 0x1000
15:25:31.0720 3256  Boot type: Normal boot
15:25:31.0720 3256  ============================================================
15:25:35.0199 3256  BG loaded
15:25:37.0700 3256  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:25:37.0700 3256  ============================================================
15:25:37.0700 3256  \Device\Harddisk0\DR0:
15:25:37.0715 3256  MBR partitions:
15:25:37.0715 3256  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1FF800
15:25:37.0715 3256  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x200000, BlocksNum 0x1C53D000
15:25:37.0715 3256  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1C73D000, BlocksNum 0xA83800
15:25:37.0715 3256  ============================================================
15:25:37.0762 3256  C: <-> \Device\Harddisk0\DR0\Partition2
15:25:37.0856 3256  D: <-> \Device\Harddisk0\DR0\Partition3
15:25:37.0856 3256  ============================================================
15:25:37.0856 3256  Initialize success
15:25:37.0856 3256  ============================================================
15:26:11.0915 3360  ============================================================
15:26:11.0915 3360  Scan started
15:26:11.0915 3360  Mode: Manual; TDLFS;
15:26:11.0915 3360  ============================================================
15:26:12.0633 3360  ================ Scan system memory ========================
15:26:12.0633 3360  System memory - ok
15:26:12.0633 3360  ================ Scan services =============================
15:26:13.0039 3360  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:26:13.0054 3360  1394ohci - ok
... etc ...
15:26:41.0653 3360  [ AC7D0114246661B1E29A0939039157C5 ] C:\windows\System32\NlsLexicons000c.dll
15:26:41.0653 3360  C:\windows\System32\NlsLexicons000c.dll - ok
15:26:41.0653 3360  ============================================================
15:26:41.0653 3360  Scan finished
15:26:41.0653 3360  ============================================================
15:26:41.0669 3364  Detected object count: 0
15:26:41.0669 3364  Actual detected object count: 0
15:33:32.0408 3380  Deinitialize success

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/27/2013 03:39:56 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/27/2013 03:40:06 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

 

C:\Users\michelle.WEB\AppData\Local\Temp\jar_cache1855512770893792768.tmp Java/Exploit.Agent.NOA trojan
C:\Users\michelle.WEB\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6a0d3dbd-55dc50ef Java/Exploit.Agent.NOA trojan

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Professional x86
Ran by Michelle on Wed 03/27/2013 at 17:33:18.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/27/2013 at 17:35:51.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:21 PM

Posted 27 March 2013 - 08:34 PM

DId you quarantine the files detetected by ESET?

 

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log

 



#5 aaugustwe

aaugustwe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 27 March 2013 - 08:58 PM

DId you quarantine the files detetected by ESET?

 

I followed the posted instructions for ESET:

 

10. When the scan completes, click List Threats
11. Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
12. Click the Back button.
13. Click the Finish button
 
Symantec detected the files as well though (I'm assuming at the same time as ESET) and did quarantine them. I then deleted the files from quarantine.
 
I will go through the updated instructions now.
 
Thank you.

Edited by aaugustwe, 27 March 2013 - 08:58 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:21 PM

Posted 27 March 2013 - 09:00 PM

Please run ESET once again to make sure it comes out clean.


Edited by narenxp, 27 March 2013 - 09:00 PM.


#7 aaugustwe

aaugustwe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 28 March 2013 - 02:36 AM

Ran ESET again ... (C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe) ... nothing was detected.

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.28.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: MICHELLE_60B1Z [administrator]

3/27/2013 11:47:40 PM
mbam-log-2013-03-27 (23-47-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300343
Time elapsed: 10 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Michelle (administrator) on 28-03-2013 at 00:15:04
Running from "C:\Users\michelle.WEB\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: whitakerellis.com.web01.mxlogic.net:8080

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Michelle_60B1Z
   Primary Dns Suffix  . . . . . . . : we-concrete.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : we-concrete.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-0F-FE-CC-94-9E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4163:2266:23c4:b19a%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.32(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 27, 2013 7:23:36 PM
   Lease Expires . . . . . . . . . . : Thursday, April 04, 2013 11:44:49 PM
   Default Gateway . . . . . . . . . : 10.0.0.254
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 268439550
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-05-58-C0-00-0F-FE-CC-94-9E
   DNS Servers . . . . . . . . . . . : 10.0.0.1
                                       10.0.0.2
   Primary WINS Server . . . . . . . : 10.0.0.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{835FE80F-058F-46B7-9A2F-BF6BF46EC68E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dc1.we-concrete.local
Address:  10.0.0.1

Name:    google.com
Addresses:  2607:f8b0:400e:c00::65
   74.125.141.138
   74.125.141.101
   74.125.141.100
   74.125.141.102
   74.125.141.139
   74.125.141.113


Pinging google.com [74.125.141.138] with 32 bytes of data:
Reply from 74.125.141.138: bytes=32 time=91ms TTL=47
Reply from 74.125.141.138: bytes=32 time=59ms TTL=47

Ping statistics for 74.125.141.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 59ms, Maximum = 91ms, Average = 75ms
Server:  dc1.we-concrete.local
Address:  10.0.0.1

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=261ms TTL=50
Reply from 98.139.183.24: bytes=32 time=155ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 155ms, Maximum = 261ms, Average = 208ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...00 0f fe cc 94 9e ......Intel® 82567LM-3 Gigabit Network Connection
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.254        10.0.0.32     10
         10.0.0.0    255.255.255.0         On-link         10.0.0.32    266
        10.0.0.32  255.255.255.255         On-link         10.0.0.32    266
       10.0.0.255  255.255.255.255         On-link         10.0.0.32    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.32    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.32    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    266 fe80::/64                On-link
 12    266 fe80::4163:2266:23c4:b19a/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/27/2013 11:44:46 PM) (Source: Application Error) (User: )
Description: Invalid license data.
Details: Specified cast is not valid.

Error: (03/27/2013 08:29:07 PM) (Source: Application Error) (User: )
Description: Invalid license data.
Details: Specified cast is not valid.

Error: (03/27/2013 07:24:25 PM) (Source: Application Error) (User: )
Description: Invalid license data.
Details: Specified cast is not valid.

Error: (03/27/2013 05:49:21 PM) (Source: WinMgmt) (User: )
Description: 0x80004002

Error: (03/27/2013 05:46:36 PM) (Source: Application Error) (User: )
Description: Invalid license data.
Details: Cannot activate type with lookup: Sage.Licensing.FloatingUseWithMeteredDisconnectPolicy.\n Inner Exception is: TypeInitializationException.\n  Error: The type initializer for 'Sage.Licensing.FloatingUseWithMeteredDisconnectPolicy' threw an exception..\n  Stack Trace:    at System.Runtime.CompilerServices.RuntimeHelpers._RunClassConstructor(IntPtr type)
   at System.Runtime.CompilerServices.RuntimeHelpers.RunClassConstructor(RuntimeTypeHandle type)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Reflection.Assembly.CreateInstance(String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at Sage.Activation.TypeFactory.GetLocalObject(String typeLookup, Object[] ctorParams)

Error: (03/27/2013 05:46:36 PM) (Source: Application Error) (User: )
Description: An exception is being logged for diagnostic purposes. It is possible for exceptions to be logged during the normal operation of the software. Exceptions are included in increasing order of specificity.

*********************************************

Exception Source: Sage.Activation.TypeFactory
Exception Message:

Cannot activate type with lookup: Sage.Licensing.FloatingUseWithMeteredDisconnectPolicy.\n Inner Exception is: TypeInitializationException.\n  Error: The type initializer for 'Sage.Licensing.FloatingUseWithMeteredDisconnectPolicy' threw an exception..\n  Stack Trace:    at System.Runtime.CompilerServices.RuntimeHelpers._RunClassConstructor(IntPtr type)
   at System.Runtime.CompilerServices.RuntimeHelpers.RunClassConstructor(RuntimeTypeHandle type)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Reflection.Assembly.CreateInstance(String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at Sage.Activation.TypeFactory.GetLocalObject(String typeLookup, Object[] ctorParams)

*********************************************

Exception Source: mscorlib
Exception Message:

The type initializer for 'Sage.Licensing.FloatingUseWithMeteredDisconnectPolicy' threw an exception.
Exception Stack Trace:

   at System.Runtime.CompilerServices.RuntimeHelpers._RunClassConstructor(IntPtr type)
   at System.Runtime.CompilerServices.RuntimeHelpers.RunClassConstructor(RuntimeTypeHandle type)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Reflection.Assembly.CreateInstance(String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at Sage.Activation.TypeFactory.GetLocalObject(String typeLookup, Object[] ctorParams)
*********************************************

Exception Source: mscorlib
Exception Message:

Specified cast is not valid.
Exception Stack Trace:

   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at p.d()
   at p.h()
   at c4.a(Object A_0, String A_1)
   at Sage.Licensing.FloatingUseWithMeteredDisconnectPolicy.d()
   at Sage.Licensing.FloatingUseWithMeteredDisconnectPolicy..cctor()


System errors:
=============
Error: (03/27/2013 05:51:21 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (03/27/2013 05:50:54 PM) (Source: Microsoft-Windows-GroupPolicy) (User: WEB)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/27/2013 05:49:08 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/27/2013 05:49:07 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (03/27/2013 05:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/27/2013 05:49:06 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/27/2013 05:49:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/27/2013 05:49:05 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain WEB due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (02/18/2013 08:56:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 600 seconds with 540 seconds of active time.  This session ended with a crash.

Error: (01/25/2013 07:27:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 85 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/14/2011 01:08:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/14/2011 01:01:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/14/2011 01:00:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/10/2011 08:00:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/09/2011 03:15:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 227 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (07/27/2010 01:40:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1854 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/20/2010 02:11:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2010-02-25 16:31:41.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-25 07:27:24.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-25 07:14:28.095
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-24 12:05:39.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-24 07:51:57.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-24 07:45:15.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-24 07:14:59.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-24 06:29:28.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-24 02:10:56.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2010-02-24 02:03:13.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office system (Version: 12.0.6425.1000)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader 9.5.2 (Version: 9.5.2)
Brother P-touch Editor 5.0 (Version: 5.0.2200)
Brother P-touch Update Software (Version: 1.0.0010)
DataLink Viewer 9 (Version: 5.7002.0.90)
DataLink Viewer 9 (Version: 6.0.0.90)
DESI Labeling System (Version: 3.1.7.0)
dsdminst (Version: 1.00.0000)
ESET Online Scanner v3
Google Chrome (Version: 25.0.1364.172)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Setup (Version: 1.2.3215.3078)
HP Support Assistant (Version: 6.1.12.1)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Active Management Technology
InterVideo WinDVD 8 (Version: 8.5.10.36)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Otter32
PDF Complete Special Edition (Version: 3.5.109)
Realtek High Definition Audio Driver (Version: 6.0.1.5886)
Sage 100 Contractor 2013 (Version: )
Sage Master Builder (Version: 7.0)
Sage Master Builder 15 (Version: 15.1)
Sage Master Builder 16 (Version: 16.1)
Sage Master Builder 17 (Version: 17.1)
Sage Master Builder Licensing 1.1 (Version: 1.1.0.0)
Sage Master Builder Payroll Tax Reports (Version: 11.2.21)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Symantec Endpoint Protection (Version: 11.0.6005.562)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Word 2007 (KB974631)
Visual FoxPro ODBC Driver (Version: 1.0.0)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)

========================= Devices: ================================

Could not list devices.

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 3543.25 MB
Available physical RAM: 2389.01 MB
Total Pagefile: 7084.78 MB
Available Pagefile: 5947.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.56 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:226.62 GB) (Free:181.91 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:5.26 GB) (Free:0.53 GB) NTFS

========================= Users: ========================================

User accounts for \\MICHELLE_60B1Z

Administrator            Guest                    Michelle                


**** End of log ****

 

Farbar Service Scanner Version: 03-03-2013
Ran by Michelle (administrator) on 28-03-2013 at 00:18:38
Running from "C:\Users\michelle.WEB\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-12 14:12] - [2013-01-02 22:05] - 1293672 ____A (Microsoft Corporation) 7C0507D2391AF5933600CBCED799F277

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 00:20:23
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Michelle - MICHELLE_60B1Z
# Boot Mode : Normal
# Running from : C:\Users\michelle.WEB\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

*************************

AdwCleaner[S1].txt - [1153 octets] - [28/03/2013 00:20:23]

########## EOF - C:\AdwCleaner[S1].txt - [1213 octets] ##########

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "3/26/2013 2:22 PM"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe" "12/3/2012 12:34 AM"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe" "7/31/2012 4:19 AM"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe" "1/25/2010 12:51 PM"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "8/25/2010 11:59 AM"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "8/25/2010 12:00 PM"
+ "PDF Complete" "Sentry for PDF" "PDF Complete Inc" "c:\program files\pdf complete\pdfsty.exe" "6/19/1992 3:22 PM"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "8/25/2010 11:59 AM"
+ "picon" "Intel® Management and Security" "Intel Corporation" "c:\program files\common files\intel\privacy icon\privacyiconclient.exe" "7/16/2009 9:29 AM"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe" "6/30/2009 3:15 AM"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe" "1/17/2012 12:07 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "7/25/2009 6:42 AM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/13/2009 4:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "2/28/2013 10:32 AM"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\michelle.web\appdata\local\google\update\googleupdate.exe" "3/8/2010 11:10 PM"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "7/13/2009 9:41 PM"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll" "10/25/2008 1:26 AM"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "7/13/2009 9:41 PM"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll" "8/19/2006 1:23 AM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:41 PM"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll" "4/23/2010 12:37 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:41 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "12/14/2012 1:52 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:41 PM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "7/13/2009 6:09 PM"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "8/25/2010 11:59 AM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "6/13/2012 11:28 AM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "7/30/2012 2:44 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "6/13/2012 11:28 AM"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll" "4/23/2010 12:37 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "12/14/2012 1:52 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "3/28/2013 12:24 AM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll" "7/30/2012 2:43 PM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll" "5/4/2012 2:47 PM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll" "5/4/2012 2:49 PM"
+ "Search Helper" "Microsoft Search Helper Extention" "Microsoft Corp." "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll" "11/17/2008 6:40 PM"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "1/22/2009 4:42 PM"
+ "Windows Live Toolbar Helper" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files\windows live\toolbar\wltcore.dll" "2/6/2009 6:33 PM"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "3/26/2013 2:22 PM"
+ "&Windows Live Toolbar" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files\windows live\toolbar\wltcore.dll" "2/6/2009 6:33 PM"
"Task Scheduler" "" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "2/28/2013 7:40 PM"
+ "\GoogleUpdateTaskUserS-1-5-21-1573541877-1875989967-4547331-1003Core" "Google Installer" "Google Inc." "c:\users\michelle.web\appdata\local\google\update\googleupdate.exe" "3/8/2010 11:10 PM"
+ "\GoogleUpdateTaskUserS-1-5-21-1573541877-1875989967-4547331-1003UA" "Google Installer" "Google Inc." "c:\users\michelle.web\appdata\local\google\update\googleupdate.exe" "3/8/2010 11:10 PM"
+ "\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp support framework\resources\hpsfmessenger\hpsfmsgr.exe" "9/9/2011 10:02 AM"
+ "\Hewlett-Packard\HP Support Assistant\PC Health Analysis" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp support framework\hpsf.exe" "9/9/2011 10:09 AM"
+ "\Hewlett-Packard\HP Support Assistant\PC Tuneup" "HP Support Assistant" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp support framework\hpsf.exe" "9/9/2011 10:09 AM"
+ "\Hewlett-Packard\HP Support Assistant\Update Check" "HP Support Assistant Updater" "Hewlett-Packard" "c:\programdata\hewlett-packard\hp support framework\resources\updater\hpsfupdater.exe" "2/19/2013 3:33 PM"
+ "\HPCeeScheduleForMichelle" "HP Ceement" "Hewlett-Packard" "c:\program files\hewlett-packard\hp ceement\hpcee.exe" "9/13/2010 10:11 PM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "6/10/2009 2:19 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/13/2009 5:09 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "3/26/2013 1:46 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "2/28/2013 7:40 PM"
+ "atashost" "WebEx Support Center." "Cisco WebEx LLC" "c:\windows\system32\atashost.exe" "10/29/2012 3:22 AM"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe" "1/25/2010 12:49 PM"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe" "1/25/2010 12:49 PM"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp support framework\hpsa_service.exe" "9/9/2011 10:09 AM"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files\hewlett-packard\shared\hpdrvmntsvc.exe" "3/28/2011 2:59 PM"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Company" "c:\program files\hewlett-packard\shared\hpqwmiex.exe" "3/28/2011 2:55 PM"
+ "IviRegMgr" "InterVideo Register Manager" "InterVideo" "c:\program files\common files\intervideo\regmgr\iviregmgr.exe" "1/4/2007 3:21 AM"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_3.exe" "2/17/2010 11:49 AM"
+ "LMS" "Intel® Management and Security Application Local Management Service - Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files\intel\amt\lms.exe" "7/16/2009 9:28 AM"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe" "10/24/2008 10:09 PM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe" "10/26/2006 2:00 PM"
+ "pdfcDispatcher" "Manages the PDF document production process.  A primary task is to enable the routing of documents from the print spooler to the user.  If this service is stopped, PDF documents will be unavailable." "PDF Complete Inc" "c:\program files\pdf complete\pdfsvc.exe" "6/19/1992 3:22 PM"
+ "PSI_SVC_2" "This service provides Protexis licensing functionalty." "Protexis Inc." "c:\program files\common files\protexis\license service\psiservice_2.exe" "7/24/2007 11:15 AM"
+ "Sage.LS1.ServiceHost.1.1" "Provides local hosting for Sage Services." "Sage Software, Inc." "c:\program files\common files\sage\ls1\servicehost\1.1\sage.ls1.servicehost.exe" "12/16/2008 10:41 AM"
+ "Sage.SMB.HostingFramework.Service.1.0" "Provides a framework for hosting Sage 100 Contractor service-oriented components." "Sage Software, Inc." "c:\mb7\programs\sage.cre.hostingframework.service.exe" "3/27/2012 4:02 PM"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corp." "c:\program files\microsoft\search enhancement pack\seaport\seaport.exe" "1/14/2009 6:55 PM"
+ "SmcService" "Provides communication with the Symantec Endpoint Protection Manager. It also provides network threat protection and application and device control for the client." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\smc.exe" "4/16/2010 8:17 PM"
+ "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\rtvscan.exe" "4/22/2010 11:39 PM"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files\common files\intel\privacy icon\uns\uns.exe" "7/16/2009 9:29 AM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "11/20/2010 3:36 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "3/26/2013 1:46 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "12/5/2008 4:59 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "5/1/2007 10:29 AM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "2/27/2007 5:03 PM"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys" "4/11/2006 5:20 PM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "7/13/2009 4:11 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "3/18/2010 6:08 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "3/20/2009 11:35 AM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "3/19/2010 9:19 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "5/24/2007 2:31 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "1/14/2009 12:26 PM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys" "2/13/2009 3:10 PM"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys" "4/26/2009 4:15 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/6/2006 2:33 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/6/2006 2:33 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "8/6/2006 2:33 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "8/6/2006 2:33 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "8/6/2006 2:33 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 5:02 AM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "7/13/2009 4:11 PM"
+ "e1kexpress" "Intel® Gigabit Adapter NDIS 6.x driver" "Intel Corporation" "c:\windows\system32\drivers\e1k6232.sys" "12/10/2009 10:36 AM"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys" "12/31/2008 9:06 AM"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys" "7/31/2012 4:33 PM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "2/3/2009 3:09 PM"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys" "7/31/2012 4:33 PM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 12:22 AM"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys" "6/23/2009 1:28 PM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "5/18/2009 4:42 PM"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "6/4/2009 6:42 PM"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "6/10/2010 5:45 PM"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys" "8/25/2010 12:31 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "12/13/2005 2:48 PM"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys" "7/2/2009 2:28 AM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "12/9/2008 3:28 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "5/18/2009 5:19 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "5/18/2009 5:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "4/16/2009 3:14 PM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "5/18/2009 6:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "5/18/2009 6:25 PM"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20130327.018\naveng.sys" "12/20/2012 1:39 AM"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20130327.018\navex15.sys" "12/20/2012 1:37 AM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "6/6/2006 2:12 PM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "3/19/2010 2:00 PM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "3/19/2010 1:51 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "1/22/2009 4:28 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "5/18/2009 6:17 PM"
+ "regi" "regi driver" "InterVideo" "c:\windows\system32\drivers\regi.sys" "4/16/2007 8:19 AM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 6:18 AM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 11:19 AM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 2:52 PM"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys" "12/14/2009 9:39 PM"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp.sys" "3/4/2010 8:15 PM"
+ "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl.sys" "3/4/2010 8:15 PM"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx.sys" "3/4/2010 8:15 PM"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "2/17/2009 4:03 PM"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys" "6/24/2009 1:14 PM"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys" "6/17/2009 2:11 PM"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys" "6/17/2009 2:11 PM"
+ "Teefer2" "Symantec CMC Firewall Teefer2" "Symantec Corporation" "c:\windows\system32\drivers\teefer2.sys" "12/28/2009 12:42 PM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "7/13/2009 4:11 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "1/30/2009 6:13 PM"
+ "WPS" "Symantec CMC Firewall WPS" "Symantec Corporation" "c:\windows\system32\drivers\wpsdrvnt.sys" "4/16/2010 8:11 PM"
+ "WpsHelper" "Symantec Intrusion Detection - WpsHelper" "Symantec Corporation" "c:\windows\system32\drivers\wpshelper.sys" "9/19/2012 2:45 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "2/13/2013 4:10 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/13/2009 6:06 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "11/20/2010 4:59 AM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/13/2009 9:41 PM"
+ "InterVideo Audio Decoder" "IVIAUDIO LOGID.82849" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax" "7/9/2009 3:32 AM"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.82849" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax" "7/9/2009 3:39 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "3/28/2013 12:22 AM"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll" "8/25/2010 11:59 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "3/28/2013 12:22 AM"
+ "Brother PT-2730 Monitor" "Brother Language Monitor" "Brother Industries, Ltd." "c:\windows\system32\bsp273l.dll" "2/4/2010 4:53 PM"
+ "PDFC" "PDF Complete Print Monitor" "PDF Complete, Inc." "c:\windows\system32\pdfc_port.dll" "6/18/2009 7:28 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "7/13/2009 9:37 PM"
+ "SnacNp" "Symantec SNAC Network Provider" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\snacnp.dll" "4/1/2010 8:46 PM"
 



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:21 PM

Posted 28 March 2013 - 05:02 AM

Download Services repair tool from here

ServicesRepair

  • Double-click ServicesRepair.exe
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool is finished you will be prompted to restart your computer. Click Yes to restart.

Run Farbar service scanner again and post the new log



#9 aaugustwe

aaugustwe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 28 March 2013 - 10:59 AM

Farbar Service Scanner Version: 03-03-2013
Ran by Michelle (administrator) on 28-03-2013 at 08:57:00
Running from "C:\Users\michelle.WEB\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-12 14:12] - [2013-01-02 22:05] - 1293672 ____A (Microsoft Corporation) 7C0507D2391AF5933600CBCED799F277

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:21 PM

Posted 28 March 2013 - 11:08 AM

That looks good

Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)



#11 aaugustwe

aaugustwe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 29 March 2013 - 05:29 AM

Java and Flash updates installed successfully.

 

System Restore Point Failed. Transient Error 0x800423F3

 

Did some research and went through some troubleshooting to no avail.

 

Ran WMIDiag Script from Microsoft:

 

.1893 02:26:27 (0) ** WMIDiag v2.1 started on Friday, March 29, 2013 at 02:25.
.1894 02:26:27 (0) **
.1895 02:26:27 (0) ** Copyright © Microsoft Corporation. All rights reserved - July 2007.
.1896 02:26:27 (0) **
.1897 02:26:27 (0) ** This script is not supported under any Microsoft standard support program or service.
.1898 02:26:27 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
.1899 02:26:27 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
.1900 02:26:27 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
.1901 02:26:27 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
.1902 02:26:27 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
.1903 02:26:27 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
.1904 02:26:27 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
.1905 02:26:27 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
.1906 02:26:27 (0) ** of the possibility of such damages.
.1907 02:26:27 (0) **
.1908 02:26:27 (0) **
.1909 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1910 02:26:27 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
.1911 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1912 02:26:27 (0) **
.1913 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1914 02:26:27 (0) ** Windows 7 - Service Pack 1 - 32-bit (7601) - User 'WEB\MICHELLE' on computer 'MICHELLE_60B1Z'.
.1915 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1916 02:26:27 (0) ** Environment: ........................................................................................................ OK.
.1917 02:26:27 (0) ** There are no missing WMI system files: .............................................................................. OK.
.1918 02:26:27 (0) ** There are no missing WMI repository files: .......................................................................... OK.
.1919 02:26:27 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
.1920 02:26:27 (0) ** AFTER running WMIDiag:
.1921 02:26:27 (0) ** The WMI repository has a size of: ................................................................................... 19 MB.
.1922 02:26:27 (0) ** - Disk free space on 'C:': .......................................................................................... 197402 MB.
.1923 02:26:27 (0) **   - INDEX.BTR,                     4554752 bytes,      3/26/2013 10:50:18 AM
.1924 02:26:27 (0) **   - MAPPING1.MAP,                  50788 bytes,        3/26/2013 9:24:18 AM
.1925 02:26:27 (0) **   - MAPPING2.MAP,                  50788 bytes,        3/29/2013 2:14:52 AM
.1926 02:26:27 (0) **   - OBJECTS.DATA,                  15556608 bytes,     3/26/2013 10:50:18 AM
.1927 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1928 02:26:27 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
.1929 02:26:27 (0) ** Windows Firewall Profile: ........................................................................................... DOMAIN.
.1930 02:26:27 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
.1931 02:26:27 (0) ** => This will prevent any WMI remote connectivity to this computer except
.1932 02:26:27 (0) **    if the following three inbound rules are ENABLED and non-BLOCKING:
.1933 02:26:27 (0) **    - 'Windows Management Instrumentation (DCOM-In)'
.1934 02:26:27 (0) **    - 'Windows Management Instrumentation (WMI-In)'
.1935 02:26:27 (0) **    - 'Windows Management Instrumentation (ASync-In)'
.1936 02:26:27 (0) **    Verify the reported status for each of these three inbound rules below.
.1937 02:26:27 (0) **
.1938 02:26:27 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
.1939 02:26:27 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
.1940 02:26:27 (0) **    - You can adjust the configuration by executing the following command:
.1941 02:26:27 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
.1942 02:26:27 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
.1943 02:26:27 (0) **       You can also enable each individual rule instead of activating the group rule.
.1944 02:26:27 (0) **
.1945 02:26:27 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
.1946 02:26:27 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
.1947 02:26:27 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
.1948 02:26:27 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1949 02:26:27 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
.1950 02:26:27 (0) **
.1951 02:26:27 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
.1952 02:26:27 (0) ** => This will prevent any WMI inbound connectivity to this machine.
.1953 02:26:27 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
.1954 02:26:27 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1955 02:26:27 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
.1956 02:26:27 (0) **
.1957 02:26:27 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED.
.1958 02:26:27 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine.
.1959 02:26:27 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1960 02:26:27 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES'
.1961 02:26:27 (0) **
.1962 02:26:27 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
.1963 02:26:27 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
.1964 02:26:27 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1965 02:26:27 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
.1966 02:26:27 (0) **
.1967 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1968 02:26:27 (0) ** DCOM Status: ........................................................................................................ OK.
.1969 02:26:27 (0) ** WMI registry setup: ................................................................................................. OK.
.1970 02:26:27 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
.1971 02:26:27 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
.1972 02:26:27 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled')
.1973 02:26:27 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
.1974 02:26:27 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
.1975 02:26:27 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
.1976 02:26:27 (0) **          this can prevent the service/application to work as expected.
.1977 02:26:27 (0) **
.1978 02:26:27 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
.1979 02:26:27 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
.1980 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1981 02:26:27 (0) ** WMI service DCOM setup: ............................................................................................. OK.
.1982 02:26:27 (0) ** WMI components DCOM registrations: .................................................................................. OK.
.1983 02:26:27 (0) ** WMI ProgID registrations: ........................................................................................... OK.
.1984 02:26:27 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
.1985 02:26:27 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
.1986 02:26:27 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
.1987 02:26:27 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
.1988 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1989 02:26:27 (0) ** INFO: User Account Control (UAC): ................................................................................... DISABLED.
.1990 02:26:27 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
.1991 02:26:27 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
.1992 02:26:27 (0) **    privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
.1993 02:26:27 (0) **    to ensure that administrative privileges are granted. If a Local User account is used for remote
.1994 02:26:27 (0) **    accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
.1995 02:26:27 (0) **
.1996 02:26:27 (0) ** Overall DCOM security status: ....................................................................................... OK.
.1997 02:26:27 (0) ** Overall WMI security status: ........................................................................................ OK.
.1998 02:26:27 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
.1999 02:26:27 (0) ** WMI permanent SUBSCRIPTION(S): ...................................................................................... NONE.
.2000 02:26:27 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
.2001 02:26:27 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!
.2002 02:26:27 (0) ** - Root, 0x1AE - Class doesn't support Automation.
.2003 02:26:27 (0) **
.2004 02:26:27 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 16 ERROR(S)!
.2005 02:26:27 (0) ** - Root, 0x80004002 - No such interface supported.
.2006 02:26:27 (0) ** - Root, 0x80004002 - No such interface supported.
.2007 02:26:27 (0) ** - Root/subscription, 0x80004002 - No such interface supported.
.2008 02:26:27 (0) ** - Root/DEFAULT, 0x80004002 - No such interface supported.
.2009 02:26:27 (0) ** - Root/CIMV2, 0x80004002 - No such interface supported.
.2010 02:26:27 (0) ** - Root/CIMV2/Security, 0x80004002 - No such interface supported.
.2011 02:26:27 (0) ** - Root/CIMV2/Applications, 0x80004002 - No such interface supported.
.2012 02:26:27 (0) ** - Root/nap, 0x80004002 - No such interface supported.
.2013 02:26:27 (0) ** - Root/SECURITY, 0x80004002 - No such interface supported.
.2014 02:26:27 (0) ** - Root/WMI, 0x80004002 - No such interface supported.
.2015 02:26:27 (0) ** - Root/directory, 0x80004002 - No such interface supported.
.2016 02:26:27 (0) ** - Root/directory/LDAP, 0x80004002 - No such interface supported.
.2017 02:26:27 (0) ** - Root/SecurityCenter, 0x80004002 - No such interface supported.
.2018 02:26:27 (0) ** - Root/Microsoft, 0x80004002 - No such interface supported.
.2019 02:26:27 (0) ** - Root/Microsoft/HomeNet, 0x80004002 - No such interface supported.
.2020 02:26:27 (0) ** - Root/aspnet, 0x80004002 - No such interface supported.
.2021 02:26:27 (0) **
.2022 02:26:27 (0) ** WMI GET operations: ................................................................................................. OK.
.2023 02:26:27 (0) ** WMI MOF representations: ............................................................................................ OK.
.2024 02:26:27 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
.2025 02:26:27 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
.2026 02:26:27 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
.2027 02:26:27 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
.2028 02:26:27 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
.2029 02:26:27 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
.2030 02:26:27 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
.2031 02:26:27 (0) ** WMI static instances retrieved: ..................................................................................... 0.
.2032 02:26:27 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
.2033 02:26:27 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
.2034 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2035 02:26:27 (0) **
.2036 02:26:27 (0) ** 1 error(s) 0x1AE - (WBEM_UNKNOWN) This error code is external to WMI.
.2037 02:26:27 (0) **
.2038 02:26:27 (0) ** 16 error(s) 0x80004002 - (WBEM_UNKNOWN) This error code is external to WMI.
.2039 02:26:27 (0) ** => This error is not a WMI error. It is a DCOM error due to the following reasons:
.2040 02:26:27 (0) **    - An application has changed the COM/DCOM settings of OLE32.DLL and/or OLEAUT32.DLL.
.2041 02:26:27 (0) **    - The registry settings of COM/DCOM has been damage or wrongly modified.
.2042 02:26:27 (0) ** => To correct this situation, you must re-register the original COM/DCOM DLLs with REGSVR32.EXE
.2043 02:26:27 (0) **    i.e. 'REGSVR32.EXE OLE32.DLL'
.2044 02:26:27 (0) **    i.e. 'REGSVR32.EXE OLEAUT32.DLL'
.2045 02:26:27 (0) **
.2046 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2047 02:26:27 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
.2048 02:26:27 (0) ** INFO: Unexpected registry key value:
.2049 02:26:27 (0) **   - Current:  HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0
.2050 02:26:27 (0) **   - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1
.2051 02:26:27 (0) **     From the command line, the registry configuration can be corrected with the following command:
.2052 02:26:27 (0) **     i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f'
.2053 02:26:27 (0) **
.2054 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2055 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2056 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2057 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2058 02:26:27 (0) **
.2059 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2060 02:26:27 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
.2061 02:26:27 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2062 02:26:27 (0) **
.2063 02:26:27 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\USERS\MICHELLE.WEB\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_WIN7_.CLI.SP1.32_MICHELLE_60B1Z_2013.03.29_02.25.17.LOG' for details.
.2064 02:26:27 (0) **
.2065 02:26:27 (0) ** WMIDiag v2.1 ended on Friday, March 29, 2013 at 02:26 (W:33 E:22 S:1).
 



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:21 PM

Posted 29 March 2013 - 05:47 AM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Remove Policies Set By Infections
Repair Winsock & DNS Cache

  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair

Try to create restore point now.


Edited by narenxp, 29 March 2013 - 05:48 AM.


#13 aaugustwe

aaugustwe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 29 March 2013 - 04:06 PM

Same Error.



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:21 PM

Posted 29 March 2013 - 05:17 PM

What is status of WMI now?



#15 aaugustwe

aaugustwe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 29 March 2013 - 06:40 PM

.1895 16:36:20 (0) ** WMIDiag v2.1 started on Friday, March 29, 2013 at 16:35.
.1896 16:36:20 (0) **
.1897 16:36:20 (0) ** Copyright © Microsoft Corporation. All rights reserved - July 2007.
.1898 16:36:20 (0) **
.1899 16:36:20 (0) ** This script is not supported under any Microsoft standard support program or service.
.1900 16:36:20 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
.1901 16:36:20 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
.1902 16:36:20 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
.1903 16:36:20 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
.1904 16:36:20 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
.1905 16:36:20 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
.1906 16:36:20 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
.1907 16:36:20 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
.1908 16:36:20 (0) ** of the possibility of such damages.
.1909 16:36:20 (0) **
.1910 16:36:20 (0) **
.1911 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1912 16:36:20 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
.1913 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1914 16:36:20 (0) **
.1915 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1916 16:36:20 (0) ** Windows 7 - Service Pack 1 - 32-bit (7601) - User 'WEB\MICHELLE' on computer 'MICHELLE_60B1Z'.
.1917 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1918 16:36:20 (0) ** Environment: ........................................................................................................ OK.
.1919 16:36:20 (0) ** There are no missing WMI system files: .............................................................................. OK.
.1920 16:36:20 (0) ** There are no missing WMI repository files: .......................................................................... OK.
.1921 16:36:20 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
.1922 16:36:20 (0) ** AFTER running WMIDiag:
.1923 16:36:20 (0) ** The WMI repository has a size of: ................................................................................... 14 MB.
.1924 16:36:20 (0) ** - Disk free space on 'C:': .......................................................................................... 196206 MB.
.1925 16:36:20 (0) **   - INDEX.BTR,                     2367488 bytes,      3/29/2013 1:57:59 PM
.1926 16:36:20 (0) **   - MAPPING1.MAP,                  40208 bytes,        3/29/2013 1:57:59 PM
.1927 16:36:20 (0) **   - MAPPING2.MAP,                  40228 bytes,        3/29/2013 1:57:59 PM
.1928 16:36:20 (0) **   - OBJECTS.DATA,                  12664832 bytes,     3/29/2013 1:57:59 PM
.1929 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1930 16:36:20 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
.1931 16:36:20 (0) ** Windows Firewall Profile: ........................................................................................... DOMAIN.
.1932 16:36:20 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
.1933 16:36:20 (0) ** => This will prevent any WMI remote connectivity to this computer except
.1934 16:36:20 (0) **    if the following three inbound rules are ENABLED and non-BLOCKING:
.1935 16:36:20 (0) **    - 'Windows Management Instrumentation (DCOM-In)'
.1936 16:36:20 (0) **    - 'Windows Management Instrumentation (WMI-In)'
.1937 16:36:20 (0) **    - 'Windows Management Instrumentation (ASync-In)'
.1938 16:36:20 (0) **    Verify the reported status for each of these three inbound rules below.
.1939 16:36:20 (0) **
.1940 16:36:20 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
.1941 16:36:20 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
.1942 16:36:20 (0) **    - You can adjust the configuration by executing the following command:
.1943 16:36:20 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
.1944 16:36:20 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
.1945 16:36:20 (0) **       You can also enable each individual rule instead of activating the group rule.
.1946 16:36:20 (0) **
.1947 16:36:20 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
.1948 16:36:20 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
.1949 16:36:20 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
.1950 16:36:20 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1951 16:36:20 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
.1952 16:36:20 (0) **
.1953 16:36:20 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
.1954 16:36:20 (0) ** => This will prevent any WMI inbound connectivity to this machine.
.1955 16:36:20 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
.1956 16:36:20 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1957 16:36:20 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
.1958 16:36:20 (0) **
.1959 16:36:20 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED.
.1960 16:36:20 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine.
.1961 16:36:20 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1962 16:36:20 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES'
.1963 16:36:20 (0) **
.1964 16:36:20 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
.1965 16:36:20 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
.1966 16:36:20 (0) **    - You can adjust the configuration of this rule by executing the following command:
.1967 16:36:20 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
.1968 16:36:20 (0) **
.1969 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1970 16:36:20 (0) ** DCOM Status: ........................................................................................................ OK.
.1971 16:36:20 (0) ** WMI registry setup: ................................................................................................. OK.
.1972 16:36:20 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
.1973 16:36:20 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
.1974 16:36:20 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled')
.1975 16:36:20 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
.1976 16:36:20 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
.1977 16:36:20 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
.1978 16:36:20 (0) **          this can prevent the service/application to work as expected.
.1979 16:36:20 (0) **
.1980 16:36:20 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
.1981 16:36:20 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
.1982 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1983 16:36:20 (0) ** WMI service DCOM setup: ............................................................................................. OK.
.1984 16:36:20 (0) ** WMI components DCOM registrations: .................................................................................. OK.
.1985 16:36:20 (0) ** WMI ProgID registrations: ........................................................................................... OK.
.1986 16:36:20 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
.1987 16:36:20 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
.1988 16:36:20 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
.1989 16:36:20 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
.1990 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1991 16:36:20 (0) ** INFO: User Account Control (UAC): ................................................................................... DISABLED.
.1992 16:36:20 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
.1993 16:36:20 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
.1994 16:36:20 (0) **    privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
.1995 16:36:20 (0) **    to ensure that administrative privileges are granted. If a Local User account is used for remote
.1996 16:36:20 (0) **    accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
.1997 16:36:20 (0) **
.1998 16:36:20 (0) ** Overall DCOM security status: ....................................................................................... OK.
.1999 16:36:20 (0) ** Overall WMI security status: ........................................................................................ OK.
.2000 16:36:20 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
.2001 16:36:20 (0) ** WMI permanent SUBSCRIPTION(S): ...................................................................................... NONE.
.2002 16:36:20 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
.2003 16:36:20 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!
.2004 16:36:20 (0) ** - Root, 0x1AE - Class doesn't support Automation.
.2005 16:36:20 (0) **
.2006 16:36:20 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 16 ERROR(S)!
.2007 16:36:20 (0) ** - Root, 0x80004002 - No such interface supported.
.2008 16:36:20 (0) ** - Root, 0x80004002 - No such interface supported.
.2009 16:36:20 (0) ** - Root/subscription, 0x80004002 - No such interface supported.
.2010 16:36:20 (0) ** - Root/DEFAULT, 0x80004002 - No such interface supported.
.2011 16:36:20 (0) ** - Root/CIMV2, 0x80004002 - No such interface supported.
.2012 16:36:20 (0) ** - Root/CIMV2/Security, 0x80004002 - No such interface supported.
.2013 16:36:20 (0) ** - Root/CIMV2/Applications, 0x80004002 - No such interface supported.
.2014 16:36:20 (0) ** - Root/nap, 0x80004002 - No such interface supported.
.2015 16:36:20 (0) ** - Root/SECURITY, 0x80004002 - No such interface supported.
.2016 16:36:20 (0) ** - Root/WMI, 0x80004002 - No such interface supported.
.2017 16:36:20 (0) ** - Root/directory, 0x80004002 - No such interface supported.
.2018 16:36:20 (0) ** - Root/directory/LDAP, 0x80004002 - No such interface supported.
.2019 16:36:20 (0) ** - Root/SecurityCenter, 0x80004002 - No such interface supported.
.2020 16:36:20 (0) ** - Root/Microsoft, 0x80004002 - No such interface supported.
.2021 16:36:20 (0) ** - Root/Microsoft/HomeNet, 0x80004002 - No such interface supported.
.2022 16:36:20 (0) ** - Root/aspnet, 0x80004002 - No such interface supported.
.2023 16:36:20 (0) **
.2024 16:36:20 (0) ** WMI GET operations: ................................................................................................. OK.
.2025 16:36:20 (0) ** WMI MOF representations: ............................................................................................ OK.
.2026 16:36:20 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
.2027 16:36:20 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
.2028 16:36:20 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
.2029 16:36:20 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
.2030 16:36:20 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
.2031 16:36:20 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
.2032 16:36:20 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
.2033 16:36:20 (0) ** WMI static instances retrieved: ..................................................................................... 0.
.2034 16:36:20 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
.2035 16:36:20 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
.2036 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2037 16:36:20 (0) **
.2038 16:36:20 (0) ** 1 error(s) 0x1AE - (WBEM_UNKNOWN) This error code is external to WMI.
.2039 16:36:20 (0) **
.2040 16:36:20 (0) ** 16 error(s) 0x80004002 - (WBEM_UNKNOWN) This error code is external to WMI.
.2041 16:36:20 (0) ** => This error is not a WMI error. It is a DCOM error due to the following reasons:
.2042 16:36:20 (0) **    - An application has changed the COM/DCOM settings of OLE32.DLL and/or OLEAUT32.DLL.
.2043 16:36:20 (0) **    - The registry settings of COM/DCOM has been damage or wrongly modified.
.2044 16:36:20 (0) ** => To correct this situation, you must re-register the original COM/DCOM DLLs with REGSVR32.EXE
.2045 16:36:20 (0) **    i.e. 'REGSVR32.EXE OLE32.DLL'
.2046 16:36:20 (0) **    i.e. 'REGSVR32.EXE OLEAUT32.DLL'
.2047 16:36:20 (0) **
.2048 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2049 16:36:20 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
.2050 16:36:20 (0) ** INFO: Unexpected registry key value:
.2051 16:36:20 (0) **   - Current:  HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0
.2052 16:36:20 (0) **   - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1
.2053 16:36:20 (0) **     From the command line, the registry configuration can be corrected with the following command:
.2054 16:36:20 (0) **     i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f'
.2055 16:36:20 (0) **
.2056 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2057 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2058 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2059 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2060 16:36:20 (0) **
.2061 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2062 16:36:20 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
.2063 16:36:20 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.2064 16:36:20 (0) **
.2065 16:36:20 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\USERS\MICHELLE.WEB\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_WIN7_.CLI.SP1.32_MICHELLE_60B1Z_2013.03.29_16.35.47.LOG' for details.
.2066 16:36:20 (0) **
.2067 16:36:20 (0) ** WMIDiag v2.1 ended on Friday, March 29, 2013 at 16:36 (W:34 E:22 S:1).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users