Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified Network


  • Please log in to reply
6 replies to this topic

#1 AndreasKats

AndreasKats

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 17 January 2016 - 07:34 AM

Hi 

 

I am having significant issues with my business network.  

Randomly during the course of the day - the network will become "unidentified" on all connected pc's.

 

There are 4 pc's connected to an unmanaged switch, as well as a dsl router.

1 of the 4 pc's is the "server" pc that has the POS software and sql database installed on, from which the other 3 pc's  have mapped drives to the folder containing the POS software. (This setup is as described by our POS software company, and has been functioning as such with no problems) 

 

Ip4 configs are static on all pc's and thermal printers.

 

I have noticed that svchost.exe  memory consumption is extremely high and looks to be the windows update causing this problem. I am not sure if the two problems are related. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by OB THE GROVE (administrator) on MC1 (17-01-2016 13:41:26)
Running from B:\DOWNLOADS\VIRUS REMOVAL
Loaded Profiles: OB THE GROVE (Available Profiles: OB THE GROVE & ANDREAS)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(SEIKO EPSON Corp.) C:\Windows\System32\ESDUSBMon.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
() C:\Program Files\No-IP\DUC30.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-02-09] ()
HKLM\...\Run: [ESDUSBMon.exe] => C:\Windows\system32\ESDUSBMon.exe [188416 2005-05-26] (SEIKO EPSON Corp.)
HKLM\...\Run: [4623FW Scan2PC] => C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe [1982464 2010-02-11] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2011-04-24] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\...\MountPoints2: {a8f7edc2-7394-11e1-b2b8-6c626d7dad37} - F:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GO36F4~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2012-01-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2014-10-30]
ShortcutTarget: Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SQL Server.lnk [2014-10-31]
ShortcutTarget: SQL Server.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe (Microsoft Corporation)
Startup: C:\Users\OB THE GROVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-11-02] ()
Startup: C:\Users\OB THE GROVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk [2016-01-12]
ShortcutTarget: No-IP DUC.lnk -> C:\Program Files\No-IP\DUC30.exe ()
Startup: C:\Users\OB THE GROVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UniFi.lnk [2015-12-15]
ShortcutTarget: UniFi.lnk -> C:\Program Files\Java\jre8\bin\javaw.exe (Oracle Corporation)
GroupPolicyUsers\S-1-5-21-1855046274-2080698468-1617260280-1000\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{9206AC61-B242-4150-B1BE-47D355DC6851}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A9CBBBCC-57F4-4357-91D0-21557A337D32}: [NameServer] 192.168.0.254
Tcpip\..\Interfaces\{B367DA87-0DCA-4DB7-8773-42ABB1D5186D}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D8FB4437-57A2-4CD2-9FD1-C639AA531222}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.fnb.co.za/
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.co.za/
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1855046274-2080698468-1617260280-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\ADOBE CREATIVE SUITE\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-29] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-29] (Oracle Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24] (Kaspersky Lab ZAO)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\ADOBE CREATIVE SUITE\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1855046274-2080698468-1617260280-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\OB THE GROVE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1855046274-2080698468-1617260280-1000: @talk.google.com/O1DPlugin -> C:\Users\OB THE GROVE\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1855046274-2080698468-1617260280-1000: @tools.google.com/Google Update;version=3 -> C:\Users\OB THE GROVE\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1855046274-2080698468-1617260280-1000: @tools.google.com/Google Update;version=9 -> C:\Users\OB THE GROVE\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\OB THE GROVE\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\OB THE GROVE\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\ADOBE CREATIVE SUITE\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\ADOBE CREATIVE SUITE\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-01-23] [not signed]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-10-31] [not signed]
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-10-31] [not signed]
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-10-31] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en","hxxp://www.google.co.za/ig"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll => No File
CHR Profile: C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-15]
CHR Extension: (Google Drive) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Google Groups) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2015-02-11]
CHR Extension: (Zoho Assist - Free Remote Access Software) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgikopmemebmoikndmhapkhaaboapige [2015-06-11]
CHR Extension: (YouTube) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-05-07]
CHR Extension: (ZA Weather) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddabicajdfmljicbmmignckalepjhcni [2012-10-14]
CHR Extension: (Producteev) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\effanfjandoefieknkdjjbfpmhdndfnf [2012-10-14]
CHR Extension: (AT_ChuckAnderson) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2011-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (BookedIN - Appointment Booking and Scheduling) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheobladblmphoggmehhahdfikpbilnj [2015-03-13]
CHR Extension: (The Tanks) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\imiagbbpcdaikfajfdpfemgmngigphfl [2015-04-22]
CHR Extension: (Virtual Keyboard) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-05-07]
CHR Extension: (CDG - Enterprise Cloud Database) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgjmengbcjjegcckceljibpkohileg [2014-06-04]
CHR Extension: (WORKetc CRM + Projects) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlahiphbfdglckbfaclomhiohkmjgci [2012-10-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
CHR Extension: (WhenToManage Restaurant Solutions) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmedgheicheaeojiimffcopaifphfekn [2013-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Anti-Banner) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2011-09-02]
CHR Profile: C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-22]
CHR Extension: (Google Drive) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-22]
CHR Extension: (YouTube) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
CHR Extension: (Google Search) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-02-21]
CHR Extension: (Virtual Keyboard) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-02-21]
CHR Extension: (Gmail) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
CHR Extension: (Anti-Banner) - C:\Users\OB THE GROVE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-02-21]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2012-05-04]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2012-05-04]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-26]
CHR HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\OBTHEG~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-26]
CHR HKU\S-1-5-21-1855046274-2080698468-1617260280-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S4 DpHost; C:\Program Files\DigitalPersona\Bin\DpHost.exe [286720 2007-05-11] (DigitalPersona, Inc.) [File not signed]
S4 EPSON ESCPOS Status Service; C:\Windows\system32\EpStsSrv.exe [77824 2006-05-17] (SEIKO EPSON Corp.) [File not signed]
S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2012-01-04] (Google) [File not signed]
S4 KingPOS WebOrder Server; c:\Program Files\KingPOS\kingposweborderserver.exe [81920 2015-12-07] ( ) [File not signed]
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [84624 2013-06-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S4 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 PDQDeploy; C:\Program Files\Admin Arsenal\PDQ Deploy\PDQDeployService.exe [538032 2015-12-03] (Admin Arsenal)
S4 Rtc_HostService; C:\Program Files\GAAP\Portal Host\PortalHost.exe [2236416 2014-10-24] (Nexus Database Systems) [File not signed]
S4 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2009-12-02] (Samsung Software Center, Moscow) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 UniFi; "C:\Users\OB THE GROVE\Ubiquiti UniFi\bin\UniFi" //RS//UniFi [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5340160 2010-03-03] (ATI Technologies Inc.)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-05] (DemoForge, LLC)
S3 dpK00701; C:\Windows\System32\DRIVERS\dpK00701.sys [46592 2007-01-29] (DigitalPersona, Inc.)
R2 Esdpdx01; C:\Windows\system32\Drivers\ESDPDX01.SYS [95485 2003-12-25] (MK Systems CO., LTD.) [File not signed]
S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [13112 2010-06-03] (Windows ® Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R3 MonitorFunction; C:\Windows\System32\DRIVERS\TVMonitor.sys [13304 2011-01-12] (TeamViewer GmbH)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18944 2013-07-25] (Apple Inc.) [File not signed]
R1 nm3; C:\Windows\System32\DRIVERS\nm3.sys [39736 2010-06-09] (Microsoft Corporation)
R1 pxrts; C:\Windows\System32\drivers\pxrts.sys [76696 2011-09-02] (Prevx)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14848 2007-03-01] (Silicon Laboratories)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-10-22] (Samsung Electronics) [File not signed]
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (TeamViewer GmbH)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-08-15] (Apple, Inc.) [File not signed]
S3 UsbdpFP; C:\Windows\System32\DRIVERS\UsbdpFP.sys [47104 2007-01-29] (DigitalPersona, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-06-11] (Webroot)
S4 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S4 EPSON TM Parallel Port Driver; \??\C:\Windows\system32\drivers\tmlpt.sys [X]
S4 EPSON_PCS_Parallel_Port_Driver; \??\C:\Windows\system32\DRIVERS\pcslpt.sys [X]
S4 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [47616 2007-01-19] (SEIKO EPSON Corp.)
S4 tsusbhub; system32\drivers\tsusbhub.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
S4 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S4 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 13:41 - 2016-01-17 13:41 - 00000000 ____D C:\FRST
2016-01-17 13:40 - 2016-01-17 13:40 - 00000000 ____D C:\Users\OB THE GROVE\AppData\Roaming\EPSON
2016-01-17 13:19 - 2016-01-17 13:23 - 00000000 ____D C:\AdwCleaner
2016-01-16 21:29 - 2016-01-16 21:29 - 00000000 ____D C:\Users\OB THE GROVE\Downloads\0013-Install_Win7_7097_12232015
2016-01-16 21:28 - 2016-01-16 21:28 - 09871455 _____ C:\Users\OB THE GROVE\Downloads\0013-Install_Win7_7097_12232015.zip
2016-01-16 17:47 - 2016-01-16 17:47 - 00000000 ____D C:\Users\OB THE GROVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GAAP Portal Host
2016-01-14 12:57 - 2016-01-14 12:57 - 00051256 _____ C:\Users\OB THE GROVE\Documents\KingPos Test.pdf
2016-01-14 11:50 - 2016-01-14 11:50 - 00000000 ____D C:\Users\OB THE GROVE\AppData\Local\PDF Repair Toolbox
2016-01-14 11:50 - 2016-01-14 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Repair Toolbox
2016-01-14 11:50 - 2016-01-14 11:50 - 00000000 ____D C:\Program Files\PDF Repair Toolbox
2016-01-14 11:44 - 2016-01-14 12:56 - 00034949 _____ C:\Users\OB THE GROVE\Documents\test.pdf
2016-01-14 11:29 - 2016-01-14 11:29 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-01-14 11:28 - 2016-01-14 11:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2016-01-14 11:28 - 2016-01-14 11:28 - 00001950 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2016-01-14 11:22 - 2016-01-14 11:22 - 00000945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2016-01-14 11:22 - 2016-01-14 11:22 - 00000933 _____ C:\Users\Public\Desktop\Acrobat.com.lnk
2015-12-20 14:13 - 2015-12-20 14:13 - 00000000 ____D C:\ProgramData\PrevxCSI
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 13:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows
2016-01-17 13:37 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-17 13:37 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-17 13:36 - 2015-09-11 16:27 - 00000000 ____D C:\Users\OB THE GROVE\Ubiquiti UniFi
2016-01-17 13:35 - 2011-09-02 17:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-17 13:35 - 2011-01-23 15:56 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-17 13:30 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-17 13:28 - 2014-11-01 20:15 - 00007640 _____ C:\Users\OB THE GROVE\AppData\Local\Resmon.ResmonCfg
2016-01-17 13:27 - 2012-04-12 23:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-17 13:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2016-01-17 13:05 - 2011-01-23 15:56 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-17 10:52 - 2013-12-20 21:04 - 00000000 ____D C:\Windows\system32\WebClientActiveX
2016-01-17 10:52 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-17 10:43 - 2011-01-28 22:14 - 00000000 ____D C:\Users\OB THE GROVE\AppData\Local\ElevatedDiagnostics
2016-01-17 10:43 - 2011-01-23 03:20 - 00000000 ____D C:\Windows\softwaredistribution.bak
2016-01-17 10:23 - 2014-10-03 09:40 - 00000038 _____ C:\Portal.txt
2016-01-17 10:23 - 2011-04-20 12:21 - 00000000 ____D C:\Users\OB THE GROVE\AppData\Local\ApplicationHistory
2016-01-17 09:42 - 2013-01-07 16:24 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1855046274-2080698468-1617260280-1000Core.job
2016-01-16 23:18 - 2014-11-01 09:54 - 31716864 _____ C:\Windows\system32\King-POS_Archive_Backup_[Saturday]
2016-01-16 23:18 - 2014-11-01 09:53 - 747523584 _____ C:\Windows\system32\King-POS_Backup_[Saturday]
2016-01-16 21:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-01-16 21:00 - 2014-10-30 09:48 - 00000000 ____D C:\Program Files\KingPOS
2016-01-16 20:40 - 2011-02-28 09:54 - 00000000 ____D C:\Program Files\TeamViewer
2016-01-16 17:12 - 2015-11-16 13:38 - 00000000 ___HD C:\Program Files\InstallJammer Registry
2016-01-16 17:06 - 2011-06-16 16:30 - 00000000 ____D C:\ProgramData\Apple
2016-01-16 17:06 - 2011-06-16 16:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-16 16:54 - 2012-10-12 21:15 - 00000000 ____D C:\Users\ANDREAS
2016-01-16 16:21 - 2012-02-28 17:57 - 00346016 _____ C:\Windows\ntbtlog.txt
2016-01-16 13:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2016-01-14 22:07 - 2014-10-30 23:15 - 27252224 _____ C:\Windows\system32\King-POS_Archive_Backup_[Thursday]
2016-01-14 22:07 - 2014-10-30 23:14 - 740772352 _____ C:\Windows\system32\King-POS_Backup_[Thursday]
2016-01-14 19:15 - 2011-01-23 15:54 - 00000000 ____D C:\Users\OB THE GROVE\AppData\Local\CrashDumps
2016-01-14 12:59 - 2011-01-23 11:28 - 00000000 ____D C:\Users\OB THE GROVE\AppData\Local\Adobe
2016-01-14 11:28 - 2011-01-23 14:17 - 00000000 ____D C:\ProgramData\Adobe
2016-01-14 11:28 - 2011-01-23 14:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-14 11:26 - 2011-01-23 14:18 - 00000000 ____D C:\Program Files\Adobe
2016-01-14 11:24 - 2011-01-23 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-01-13 21:54 - 2014-11-05 23:23 - 26007040 _____ C:\Windows\system32\King-POS_Archive_Backup_[Wednesday]
2016-01-13 21:54 - 2014-11-05 23:22 - 742280704 _____ C:\Windows\system32\King-POS_Backup_[Wednesday]
2016-01-12 21:57 - 2014-11-04 22:34 - 739265024 _____ C:\Windows\system32\King-POS_Backup_[Tuesday]
2016-01-12 21:57 - 2014-11-04 22:34 - 24823296 _____ C:\Windows\system32\King-POS_Archive_Backup_[Tuesday]
2016-01-12 15:01 - 2011-01-22 17:32 - 00888804 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-11 22:17 - 2014-11-03 11:27 - 740576768 _____ C:\Windows\system32\King-POS_Backup_[Monday]
2016-01-11 22:17 - 2014-11-03 11:27 - 23119360 _____ C:\Windows\system32\King-POS_Archive_Backup_[Monday]
2016-01-10 22:12 - 2014-11-16 10:10 - 21870080 _____ C:\Windows\system32\King-POS_Archive_Backup_[Sunday]
2016-01-10 22:12 - 2014-11-16 10:09 - 740576768 _____ C:\Windows\system32\King-POS_Backup_[Sunday]
2016-01-10 12:43 - 2015-10-30 18:35 - 00000600 _____ C:\Users\OB THE GROVE\AppData\Local\PUTTY.RND
2016-01-08 23:33 - 2014-11-14 23:48 - 17536512 _____ C:\Windows\system32\King-POS_Archive_Backup_[Friday]
2016-01-08 23:33 - 2014-11-14 23:47 - 736446976 _____ C:\Windows\system32\King-POS_Backup_[Friday]
2015-12-27 23:02 - 2009-07-14 06:53 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-27 22:50 - 2015-11-11 23:13 - 00000000 ____D C:\Users\OB THE GROVE\Documents\SQL Server Management Studio Express
2015-12-24 15:26 - 2013-10-27 15:58 - 00001246 __RSH C:\Users\OB THE GROVE\ntuser.pol
2015-12-24 15:26 - 2011-01-22 17:26 - 00000000 ____D C:\Users\OB THE GROVE
2015-12-22 16:58 - 2012-07-21 08:15 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-21 12:21 - 2015-12-04 15:02 - 00000895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-20 14:13 - 2011-09-02 17:23 - 00000053 _____ C:\Windows\wininit.ini
 
==================== Files in the root of some directories =======
 
2004-12-21 18:34 - 2004-12-21 18:34 - 0025214 _____ () C:\Program Files\dplogo32.ico
2012-04-20 19:31 - 2013-11-23 20:45 - 0000132 _____ () C:\Users\OB THE GROVE\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-02-28 13:37 - 2014-03-22 17:14 - 0001456 _____ () C:\Users\OB THE GROVE\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-04-13 20:55 - 2015-04-13 20:55 - 0003584 _____ () C:\Users\OB THE GROVE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-20 12:21 - 2011-04-20 12:21 - 0000100 _____ () C:\Users\OB THE GROVE\AppData\Local\fusioncache.dat
2015-10-30 18:35 - 2016-01-10 12:43 - 0000600 _____ () C:\Users\OB THE GROVE\AppData\Local\PUTTY.RND
2014-11-01 20:15 - 2016-01-17 13:28 - 0007640 _____ () C:\Users\OB THE GROVE\AppData\Local\Resmon.ResmonCfg
2011-09-02 17:16 - 2011-09-02 17:16 - 0017408 _____ () C:\Users\OB THE GROVE\AppData\Local\WebpageIcons.db
2011-06-13 21:58 - 2011-06-30 09:37 - 0001940 _____ () C:\Users\OB THE GROVE\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2012-08-30 17:01 - 2015-10-31 18:30 - 0000000 _____ () C:\ProgramData\Spooler opens temp file
 
Some files in TEMP:
====================
C:\Users\OB THE GROVE\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 00:57
 
==================== End of FRST.txt ============================
 
MiniToolBox by Farbar  Version: 02-11-2015
Ran by OB THE GROVE (administrator) on 17-01-2016 at 14:03:57
Running from "B:\DOWNLOADS\VIRUS REMOVAL"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: ESPRIMO P1510 Manufacturer: FUJITSU
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 activate.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 hh-software.com
127.0.0.1 www.hh-software.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 wip3.adobe.de
 
There are 18 entries.
 
========================= IP Configuration: ================================
 
Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
TeamViewer VPN Adapter = Local Area Connection 5 (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled dhcpmediasense=disabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.0.254 publish=Yes
add address name="ethernet_19" address=192.168.42.1 mask=255.255.255.0
add address name="Local Area Connection" address=192.168.0.189 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : MC1
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 6C-62-6D-7D-AD-37
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.189(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.254
   DNS Servers . . . . . . . . . . . : 192.168.0.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{A9CBBBCC-57F4-4357-91D0-21557A337D32}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{80E6C910-B807-49DB-9D59-81B69FE7D5E1}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  e.home
Address:  192.168.0.254
 
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Address:  2c0f:fb50:4002:802::200e
 
 
Pinging google.com [41.21.236.121] with 32 bytes of data:
Reply from 41.21.236.121: bytes=32 time=36ms TTL=54
Reply from 41.21.236.121: bytes=32 time=76ms TTL=54
 
Ping statistics for 41.21.236.121:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 76ms, Average = 56ms
Server:  e.home
Address:  192.168.0.254
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=287ms TTL=44
Reply from 98.139.183.24: bytes=32 time=296ms TTL=44
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 287ms, Maximum = 296ms, Average = 291ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...6c 62 6d 7d ad 37 ......Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.0.254    192.168.0.189    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.189    266
    192.168.0.189  255.255.255.255         On-link     192.168.0.189    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.189    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.189    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.189    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    192.168.0.254  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/17/2016 01:30:50 PM) (Source: MSSQLServer) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
Error: (01/17/2016 09:54:40 AM) (Source: MSSQLServer) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
Error: (01/17/2016 12:34:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/17/2016 12:33:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (01/16/2016 05:06:29 PM) (Source: Microsoft-Windows-RestartManager) (User: MC1)
Description: Application or service 'Apple Mobile Device' could not be restarted.
 
Error: (01/16/2016 04:54:29 PM) (Source: MSSQLServer) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
Error: (01/16/2016 04:17:18 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b50
 
Start Time: 01d14fd4e71e2eff
 
Termination Time: 60000
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 7e52c397-bc5b-11e5-9fac-6c626d7dad37
 
Error: (01/16/2016 12:43:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/16/2016 12:41:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (01/15/2016 10:40:15 PM) (Source: MSSQLServer) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
 
System errors:
=============
Error: (01/17/2016 01:30:45 PM) (Source: Service Control Manager) (User: )
Description: The UniFi Controller service terminated with service-specific error %%1.
 
Error: (01/17/2016 01:23:57 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the PDQ Deploy service, but this action failed with the following error: 
%%1058
 
Error: (01/17/2016 01:23:28 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (01/17/2016 01:23:01 PM) (Source: Service Control Manager) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/17/2016 01:23:01 PM) (Source: Service Control Manager) (User: )
Description: The Distributed Transaction Coordinator service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/17/2016 01:23:01 PM) (Source: Service Control Manager) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/17/2016 01:23:01 PM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/17/2016 01:23:00 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/17/2016 01:22:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/17/2016 01:22:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2016 01:30:50 PM) (Source: MSSQLServer)(User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
Error: (01/17/2016 09:54:40 AM) (Source: MSSQLServer)(User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
Error: (01/17/2016 12:34:31 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe
 
Error: (01/17/2016 12:33:28 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (01/16/2016 05:06:29 PM) (Source: Microsoft-Windows-RestartManager)(User: MC1)
Description: 0AppleMobileDeviceService.exeApple Mobile Device03026217818760
 
Error: (01/16/2016 04:54:29 PM) (Source: MSSQLServer)(User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
Error: (01/16/2016 04:17:18 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567b5001d14fd4e71e2eff60000C:\Windows\Explorer.EXE7e52c397-bc5b-11e5-9fac-6c626d7dad37
 
Error: (01/16/2016 12:43:16 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe
 
Error: (01/16/2016 12:41:45 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (01/15/2016 10:40:15 PM) (Source: MSSQLServer)(User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
 
========================= Devices: ================================
 
Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Device ID: ROOT\NET\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
**** End of log ****
 

 



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 17 January 2016 - 11:39 AM

During this unidentified time can you ping google.com?

 

How about next time this happens do a tracert yahoo.com and post the results for review.



#3 AndreasKats

AndreasKats
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 18 January 2016 - 10:52 AM

Hi Wand3r3r, 

 

I can't ping other pc's on the network. If I can remember correctly, there is no internet connection either. 

 

My concern is not really the internet connection, but more for the network basically disappearing randomly during the day. 



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:04:53 AM

Posted 18 January 2016 - 02:18 PM

If you can't ping other pcs on the lan odds are its the switch that is going bad. Now if you could ping between pcs but no internet you would replace the failing router.



#5 AndreasKats

AndreasKats
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 06:53 AM

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Users\OB THE GROVE>tracert yahoo.com
 
Tracing route to yahoo.com [98.139.183.24]
over a maximum of 30 hops:
 
  1    <1 ms     4 ms     4 ms  e.home [192.168.0.254]
  2    35 ms    39 ms    38 ms  10.17.16.12
  3    43 ms    35 ms    43 ms  192.168.117.213
  4    39 ms    47 ms    48 ms  192.168.117.194
  5    52 ms    31 ms    39 ms  10.242.233.14
  6    37 ms    41 ms    57 ms  10.113.228.65
  7    47 ms    51 ms    37 ms  vc-196-207-33-2.3g.vodacom.co.za [196.207.33.2]
 
  8    32 ms    39 ms    39 ms  10.113.213.82
  9    42 ms    51 ms    37 ms  41.21.235.10
 10   209 ms   199 ms   209 ms  10.118.46.46
 11   203 ms   209 ms   220 ms  ae26-100-xcr1.lns.cw.net [195.59.222.29]
 12   209 ms   207 ms   209 ms  ae14-xcr1.lnd.cw.net [195.2.30.113]
 13   294 ms   268 ms   270 ms  ae6-xcr2.nyk.cw.net [195.2.25.197]
 14   273 ms   279 ms   267 ms  pat1.nyc.yahoo.com [198.32.118.24]
 15   283 ms   290 ms   287 ms  ae-5.pat2.bfz.yahoo.com [216.115.96.67]
 16   293 ms   279 ms   300 ms  et-19-1-1.msr2.bf1.yahoo.com [74.6.227.143]
 17   288 ms   288 ms   288 ms  et-19-0-1.clr1-a-gdc.bf1.yahoo.com [74.6.122.35]
 
 18   293 ms   288 ms   288 ms  po7.fab1-1-gdc.bf1.yahoo.com [72.30.22.1]
 19   307 ms   296 ms   288 ms  po-9.bas1-7-prd.bf1.yahoo.com [98.139.129.145]
 20   301 ms   287 ms   298 ms  ir2.fp.vip.bf1.yahoo.com [98.139.183.24]
 
Trace complete.
 
C:\Users\OB THE GROVE>


#6 AndreasKats

AndreasKats
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 06:54 AM

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Users\OB THE GROVE>netstat -an
 
Active Connections
 
  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1433           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5938           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49157          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:5939         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:5939         127.0.0.1:49177        ESTABLISHED
  TCP    127.0.0.1:5939         127.0.0.1:53776        ESTABLISHED
  TCP    127.0.0.1:43227        0.0.0.0:0              LISTENING
  TCP    127.0.0.1:49177        127.0.0.1:5939         ESTABLISHED
  TCP    127.0.0.1:53740        127.0.0.1:53741        ESTABLISHED
  TCP    127.0.0.1:53741        127.0.0.1:53740        ESTABLISHED
  TCP    127.0.0.1:53776        127.0.0.1:5939         ESTABLISHED
  TCP    169.254.30.107:139     0.0.0.0:0              LISTENING
  TCP    192.168.0.189:139      0.0.0.0:0              LISTENING
  TCP    192.168.0.189:445      192.168.0.40:49168     ESTABLISHED
  TCP    192.168.0.189:445      192.168.0.55:49453     ESTABLISHED
  TCP    192.168.0.189:445      192.168.0.55:49509     ESTABLISHED
  TCP    192.168.0.189:53747    37.252.227.51:80       CLOSE_WAIT
  TCP    192.168.0.189:53756    37.252.230.26:5938     ESTABLISHED
  TCP    192.168.0.189:53774    188.172.217.45:5938    ESTABLISHED
  TCP    192.168.0.189:54526    41.21.236.106:443      ESTABLISHED
  TCP    192.168.0.189:54749    38.124.168.125:80      TIME_WAIT
  TCP    192.168.0.189:54750    41.21.236.109:443      ESTABLISHED
  TCP    192.168.0.189:54752    38.117.98.253:80       TIME_WAIT
  TCP    [::]:80                [::]:0                 LISTENING
  TCP    [::]:135               [::]:0                 LISTENING
  TCP    [::]:445               [::]:0                 LISTENING
  TCP    [::]:5938              [::]:0                 LISTENING
  TCP    [::]:49152             [::]:0                 LISTENING
  TCP    [::]:49153             [::]:0                 LISTENING
  TCP    [::]:49154             [::]:0                 LISTENING
  TCP    [::]:49156             [::]:0                 LISTENING
  TCP    [::]:49157             [::]:0                 LISTENING
  TCP    [::1]:445              [::1]:50817            ESTABLISHED
  TCP    [::1]:50817            [::1]:445              ESTABLISHED
  UDP    0.0.0.0:68             *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1434           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:3702           *:*
  UDP    0.0.0.0:4500           *:*
  UDP    0.0.0.0:5355           *:*
  UDP    0.0.0.0:49440          *:*
  UDP    0.0.0.0:62046          *:*
  UDP    0.0.0.0:63313          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    127.0.0.1:62045        *:*
  UDP    169.254.30.107:137     *:*
  UDP    169.254.30.107:138     *:*
  UDP    192.168.0.189:137      *:*
  UDP    192.168.0.189:138      *:*
  UDP    192.168.0.189:1900     *:*
  UDP    192.168.0.189:5353     *:*
  UDP    192.168.0.189:59138    *:*
  UDP    192.168.0.189:62044    *:*
  UDP    [::]:500               *:*
  UDP    [::]:3702              *:*
  UDP    [::]:3702              *:*
  UDP    [::]:4500              *:*
  UDP    [::]:49441             *:*
  UDP    [::]:62047             *:*
  UDP    [::1]:1900             *:*
  UDP    [::1]:5353             *:*
  UDP    [::1]:62043            *:*
 
C:\Users\OB THE GROVE>


#7 AndreasKats

AndreasKats
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 20 January 2016 - 07:16 AM

HI Wan3r3r,

 

above just pasted tracert / netstat results 

 

the network hit a problem for 10 minutes.

when i did the netstat command, there were a lot more connections, possibly triple the amount ... 

 

The network became slow, and this is when the other pc's couldnt see my server pc.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users