Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Home Desktop - Firefox - Server Not Found - Virus? [Closed]

Started by Daniel Christmas Lee , Mar 29 2012 12:19 AM

  • Please log in to reply

#91
Daniel Christmas Lee
Posted 05 July 2012 - 06:40 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
System Investigator by Olrik
Log Created On: 1738_05-07-2012
SINO Version: 3.1.0.0

Total RAM: 3063 MB | Free RAM: 2130 MB | Pagefile Size: 3063 MB
C: | 232114 MB out of 304445 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
E: | None | CD-ROM Disc
G: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: DOLICA
Username: DLee
Language Setting: ENU
Windows Directory: C:\Windows
Windows Version: Windows 7 Service Pack 1
UAC Status: Off
Windows Mode: Normal

<<<< Startup Items >>>>

[googletalk] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - C:\Program Files\Google\Google Talk\googletalk.exe /autostart
[MSC] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
[SunJavaUpdateSched] - <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[Google Update] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe" /c

<<<< MS Services >>>>

Application Experience (AeLookupSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Audio Endpoint Builder (AudioEndpointBuilder) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Audio (Audiosrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Base Filtering Engine (BFE) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Background Intelligent Transfer Service (BITS) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Computer Browser (Browser) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Offline Files (CscService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Diagnostic Policy Service (DPS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Extensible Authentication Protocol (EapHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Encrypting File System (EFS) (EFS) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\lsass.exe
Windows Event Log (eventlog) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
COM+ Event System (EventSystem) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Provider Host (fdPHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Font Cache Service (FontCache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Group Policy Client (gpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Human Interface Device Access (hidserv) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
IKE and AuthIP IPsec Keying Modules (IKEEXT) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
IP Helper (iphlpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetSvcs
CNG Key Isolation (KeyIso) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Workstation (LanmanWorkstation) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
TCP/IP NetBIOS Helper (lmhosts) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Windows Firewall (MpsSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Microsoft Antimalware Service (MsMpSvc) - Running [Auto | Stoppable | Not_Pausable] - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Network List Service (netprofm) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Network Location Awareness (NlaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Network Store Interface Service (nsi) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Program Compatibility Assistant Service (PcaSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
IPsec Policy Agent (PolicyAgent) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Power (Power) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
User Profile Service (ProfSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
RPC Endpoint Mapper (RpcEptMapper) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k RPCSS
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
System Event Notification Service (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\spoolsv.exe
SQL Server VSS Writer (SQLWriter) - Running [Auto | Stoppable | Not_Pausable] - "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
SSDP Discovery (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Secure Socket Tunneling Protocol Service (SstpSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (StiSvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k imgsvc
Superfetch (SysMain) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Desktop Window Manager Session Manager (UxSms) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Connect Now - Config Registrar (wcncsvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Diagnostic Service Host (WdiServiceHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Error Reporting Service (WerSvc) - Running [Manual | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k WerSvcGroup
Windows Management Instrumentation (Winmgmt) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
WLAN AutoConfig (Wlansvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows Search (WSearch) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SearchIndexer.exe /Embedding
Windows Update (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Application Layer Gateway Service (ALG) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\alg.exe
Application Identity (AppIDSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Application Information (Appinfo) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
ActiveX Installer (AxInstSV) (AxInstSV) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k AxInstSVGroup
BitLocker Drive Encryption Service (BDESVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Bluetooth Support Service (bthserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k bthsvcs
Certificate Propagation (CertPropSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Disk Defragmenter (defragsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k defragsvc
Wired AutoConfig (dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Media Center Receiver Service (ehRecvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehRecvr.exe
Windows Media Center Scheduler Service (ehSched) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehsched.exe
Fax (Fax) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\fxssvc.exe
Function Discovery Resource Publication (FDResPub) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Health Key and Certificate Management (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
HomeGroup Listener (HomeGroupListener) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
HomeGroup Provider (HomeGroupProvider) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
PnP-X IP Bus Enumerator (IPBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
KtmRm for Distributed Transaction Coordinator (KtmRm) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Link-Layer Topology Discovery Mapper (lltdsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Media Center Extender Service (Mcx2Svc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Multimedia Class Scheduler (MMCSS) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\msdtc.exe
Microsoft iSCSI Initiator Service (MSiSCSI) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Installer (msiserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Netlogon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Peer Networking Identity Manager (p2pimsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Peer Networking Grouping (p2psvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
BranchCache (PeerDistSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k PeerDist
Performance Logs & Alerts (pla) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
PNRP Machine Name Publication Service (PNRPAutoReg) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Peer Name Resolution Protocol (PNRPsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Protected Storage (ProtectedStorage) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Quality Windows Audio Video Experience (QWAVE) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k regsvc
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\locator.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Smart Card Removal Policy (SCPolicySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Backup (SDRSVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k SDRSVC
Adaptive Brightness (SensrSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Desktop Configuration (SessionEnv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Internet Connection Sharing (ICS) (SharedAccess) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
SNMP Trap (SNMPTRAP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\snmptrap.exe
Software Protection (sppsvc) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\sppsvc.exe
SPP Notification Service (sppuinotify) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
SQL Server Browser (SQLBrowser) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
Storage Service (StorSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Microsoft Software Shadow Copy Provider (swprv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k swprv
Tablet PC Input Service (TabletInputService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
TPM Base Services (TBS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Desktop Services (TermService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Thread Ordering Server (THREADORDER) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Modules Installer (TrustedInstaller) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\servicing\TrustedInstaller.exe
Interactive Services Detection (UI0Detect) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\UI0Detect.exe
Remote Desktop Services UserMode Port Redirector (UmRdpService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
UPnP Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Credential Manager (VaultSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Virtual Disk (vds) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\vds.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\vssvc.exe
Windows Time (W32Time) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Block Level Backup Engine Service (wbengine) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\system32\wbengine.exe"
Windows Biometric Service (WbioSrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k WbioSvcGroup
Windows Color System (WcsPlugInService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k wcssvc
Diagnostic System Host (WdiSystemHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
WebClient (WebClient) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Event Collector (Wecsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Problem Reports and Solutions Control Panel Support (wercplsupport) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Defender (WinDefend) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k secsvcs
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
WMI Performance Adapter (wmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\wbem\WmiApSrv.exe
Parental Controls (WPCSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Portable Device Enumerator Service (WPDBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
WWAN AutoConfig (WwanSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

<<<< Non-MS Services >>>>

SQL Server (ADCENTERDESKTOP) (MSSQL$ADCENTERDESKTOP) - Running [Auto | Stoppable | Pausable] - "c:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe" -sADCENTERDESKTOP
NVIDIA Display Driver Service (nvsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\nvvsvc.exe
Office Software Protection Platform (osppsvc) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
ElephantDrive-MappedDrive (ElephantDrive-MappedDrive.exe) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-MappedDrive.exe"
ElephantDrive-Service (ElephantDrive-Service.exe) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-Service.exe"
Google Update Service (gupdate) (gupdate) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
Google Update Service (gupdatem) (gupdatem) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
Logitech Bluetooth Service (LBTServ) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SQL Active Directory Helper Service (MSSQLServerADHelper100) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE"
Microsoft Network Inspection (NisSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
SQL Server Agent (ADCENTERDESKTOP) (SQLAgent$ADCENTERDESKTOP) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\Program Files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE" -i ADCENTERDESKTOP
Adobe SwitchBoard (SwitchBoard) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
Windows Activation Technologies Service (WatAdminSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\Wat\WatAdminSvc.exe

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: Dolica | ID: 1000 | Source: Application Error | Type: Error | Date: 3-7-12 14:4:59 | Log: Application
Message: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60

Exception code: 0xc0000005

Fault offset: 0x0003224d

Faulting process id: 0x72c

Faulting application start time: 0x01cd592e27edddd1

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: bf542968-c552-11e1-8140-a4badbfe1b68


Computer Name: Dolica | ID: 1000 | Source: Application Error | Type: Error | Date: 3-7-12 14:1:35 | Log: Application
Message: Faulting application name: EXCEL.EXE, version: 14.0.6117.5003, time stamp: 0x4f622ef8

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60

Exception code: 0xc0000005

Fault offset: 0x0003224d

Faulting process id: 0x1b24

Faulting application start time: 0x01cd595afb2c55be

Faulting application path: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 4564b137-c552-11e1-8140-a4badbfe1b68


Computer Name: Dolica | ID: 1530 | Source: Microsoft-Windows-User Profiles Service | Type: Warning | Date: 2-7-12 16:18:37 | Log: Application
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.



DETAIL -

15 user registry handles leaked from \Registry\User\S-1-5-21-3568101592-3335626919-1504947496-1000:
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\My
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\CA
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\Root
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\trust
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\SmartCardRoot



Computer Name: Dolica | ID: 1000 | Source: Application Error | Type: Error | Date: 2-7-12 14:53:24 | Log: Application
Message: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60

Exception code: 0xc0000005

Fault offset: 0x0003224d

Faulting process id: 0xeb4

Faulting application start time: 0x01cd587f3889f71d

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 58762dfe-c490-11e1-9561-a4badbfe1b68


Computer Name: Dolica | ID: 1000 | Source: Application Error | Type: Error | Date: 2-7-12 11:19:24 | Log: Application
Message: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60

Exception code: 0xc0000005

Fault offset: 0x0003224d

Faulting process id: 0x6d4

Faulting application start time: 0x01cd58764f416898

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 73379e4b-c472-11e1-9561-a4badbfe1b68


<<<< Last 5 System Errors or Warnings >>>>

Computer Name: Dolica | ID: 4001 | Source: Microsoft-Windows-WLAN-AutoConfig | Type: Warning | Date: 3-7-12 16:11:35 | Log: System
Message: WLAN AutoConfig service has successfully stopped.




Computer Name: Dolica | ID: 1014 | Source: Microsoft-Windows-DNS-Client | Type: Warning | Date: 3-7-12 10:11:11 | Log: System
Message: Name resolution for the name static.googleusercontent.com timed out after none of the configured DNS servers responded.


Computer Name: Dolica | ID: 4001 | Source: Microsoft-Windows-WLAN-AutoConfig | Type: Warning | Date: 2-7-12 16:18:48 | Log: System
Message: WLAN AutoConfig service has successfully stopped.




Computer Name: Dolica | ID: 4001 | Source: Microsoft-Windows-WLAN-AutoConfig | Type: Warning | Date: 2-7-12 10:14:54 | Log: System
Message: WLAN AutoConfig service has successfully stopped.




Computer Name: Dolica | ID: 4001 | Source: Microsoft-Windows-WLAN-AutoConfig | Type: Warning | Date: 2-7-12 10:7:16 | Log: System
Message: WLAN AutoConfig service has successfully stopped.




<<<< Special Events >>>>

There were no special events found

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dolica
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASUS 802.11n Network Adapter
Physical Address. . . . . . . . . : 20-CF-30-A1-F4-66
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : A4-BA-DB-FE-1B-68
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d81c:bd8f:99ea:1ce4%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 05, 2012 10:58:24 AM
Lease Expires . . . . . . . . . . : Friday, July 06, 2012 10:58:23 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-7A-DD-52-A4-BA-DB-FE-1B-68
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{8CFE3109-674F-420F-AF17-373785DBD5EF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2027:2e3f:3f57:fef9(Preferred)
Link-local IPv6 Address . . . . . : fe80::2027:2e3f:3f57:fef9%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{E2C9A0A7-725E-47C3-BF0C-93259201E5BE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


<<<< Pinging >>>>

OpenDNS Domain Test
Pinging to www.opendns.com [67.215.92.210]:
Response - 75ms
Response - 21ms
Response - 23ms
Response - 22msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 21ms - Maximum = 75ms

OpenDNS IP Test
Pinging to 208.69.38.150 [208.69.38.150]:
Response - 39ms
Response - 20ms
Response - 20ms
Response - 18msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 18ms - Maximum = 39ms

Kaspersky Domain Test
Pinging to www.kaspersky.com [195.27.252.18]:
Response - 180ms
Response - 180ms
Response - 182ms
Response - 177msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 177ms - Maximum = 182ms

Kaspersky IP Test
Pinging to 195.27.181.10 [195.27.181.10]:
Response - 185ms
Response - 181ms
Response - 180ms
Response - 178msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 178ms - Maximum = 185ms

YouTube Domain Test
Pinging to www.youtube.com [74.125.224.102]:
Response - 23ms
Response - 20ms
Response - 20ms
Response - 18msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 18ms - Maximum = 23ms

YouTube IP Test
Pinging to 66.102.9.136 [66.102.9.136]:
Response - None
Response - None
Response - None
Response - NonePackets: Sent = 4, Received = 0, Lost = 4
Minimum = 0ms - Maximum = 0ms

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:
Response - 0ms
Response - 0ms
Response - 0ms
Response - 0msPackets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Routing Table >>>>

===========================================================================
Interface List
14...20 cf 30 a1 f4 66 ......ASUS 802.11n Network Adapter
10...a4 ba db fe 1b 68 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 266
192.168.1.6 255.255.255.255 On-link 192.168.1.6 266
192.168.1.255 255.255.255.255 On-link 192.168.1.6 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:2027:2e3f:3f57:fef9/128
On-link
10 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2027:2e3f:3f57:fef9/128
On-link
10 266 fe80::d81c:bd8f:99ea:1ce4/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

<<<< Hosts File >>>>

The HOSTS file is 442125 Bytes in size.

There were 0 lines which refer to an external IP address.



------ End of File ------
  • 0

Advertisements

#92
Artellos
Posted 05 July 2012 - 07:10 PM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Hello Daniel,

It looks like one of the vital files of windows is not functioning properly.

Do you have a Windows 7 installation disk? If so, please insert the Win7 disk and follow the instructions below.
Lets see if the following will do any good;

  • Open Start and type cmd
  • Right click on the cmd icon that appears and select Run as Administrator
  • In the black box type; SFC /scannow (note the space) (Let this run undisturbed until the window with the blue progress bar goes away)

Let me know how that goes. If you see any improvement.

Regards,
Olrik
  • 0

#93
Daniel Christmas Lee
Posted 10 July 2012 - 09:44 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Ok looks like you guys are back online.

I still havent ran the last instructions, but will do by end of day.
  • 0

#94
Artellos
Posted 10 July 2012 - 09:45 AM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Don't worry! We'll be here :thumbsup:

Regards,
Olrik
  • 0

#95
Daniel Christmas Lee
Posted 11 July 2012 - 10:09 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
So I ran SFC /scannow via cmd.

I haven't tested my browser for response, but will update shortly.
  • 0

#96
Daniel Christmas Lee
Posted 11 July 2012 - 04:19 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
So FF seems to be working fine. But today was a weird day so I didnt really get a chance to upload download as many files as I could... I just did a quick test... downloading three attachments... this usually screws FF but everything is fine.

Shall we run some final diagnostics to see if everything is ok? Then again Godawgs did check me out for malware/etc..
  • 0

#97
Artellos
Posted 11 July 2012 - 05:46 PM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Hello Daniel,

godawgs has told me that he had posted his final instructions on beating the malware :thumbsup:

Please keep a close eye on your browsers and keep trying the uploading/downloading for a couple of days to make sure the problem is gone :ph34r:

The only real diagnostics we can do at this point is letting you loose on it :happy:

Please check back in a day or two (or sooner if things mess up of course). Then we can 'close the book' on this one. :)

Regards,
Olrik
  • 0

#98
Daniel Christmas Lee
Posted 12 July 2012 - 02:04 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
So Ive been working as usual and there seems to be no problems with FF or Chrome... and no problems regarding the interaction between the two.

However, Safari is acting up... after a few uploads (videos) through Safari... the connection will be lost. Basically the same thing that happened to FF but to Safari this time.

I use Safari the least compared to FF and Chrome, however, that doesnt mean I dont use it often.

Can we diagnose?
  • 0

#99
Artellos
Posted 12 July 2012 - 03:17 PM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Hello Daniel,

Sure we can diagnose :) At least we can try :thumbsup:

Quick question; Have you completely re-installed Safari, too?

Also please download SINO by Artellos.

  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:
    System Info
Event Log
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.

Please let me know how that went :)

Regards,
Olrik
  • 0

#100
Daniel Christmas Lee
Posted 13 July 2012 - 10:14 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
I just want to throw this out there... I'm on my Home Computer right now and I realized at the beginning of this whole conversation regarding my Work Desktop... I also mentioned that my Home Desktop is acting funny too, and we prioritized my Work to be first...

This is very silly... but my home desktop keeps having to restart windows explorer every time I open the my Documents folder... which I renamed DLee.

It's getting to the point where it's very annoying.

Anyway, I will run SINO on my work station on Monday.

Thank you Artellos, and if you can ask Godawgs if he remembers the conversation and if he could still help me? I'd appreciate it. Thanks!
  • 0

Advertisements

#101
Artellos
Posted 16 July 2012 - 05:37 PM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Hey Daniel,

godawgs will have a look at your home PC once we're done with the work PC. :)

Regards,
Olrik
  • 0

#102
Daniel Christmas Lee
Posted 16 July 2012 - 05:39 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
I ran SINO! Here's the log:

System Investigator by Olrik
Log Created On: 1638_16-07-2012
SINO Version: 3.1.0.0

Total RAM: 3063 MB | Free RAM: 1461 MB | Pagefile Size: 3063 MB
C: | 225501 MB out of 304445 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
E: | None | CD-ROM Disc
G: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: DOLICA
Username: DLee
Language Setting: ENU
Windows Directory: C:\Windows
Windows Version: Windows 7 Service Pack 1
UAC Status: Off
Windows Mode: Normal

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: Dolica | ID: 1530 | Source: Microsoft-Windows-User Profiles Service | Type: Warning | Date: 12-7-12 15:38:23 | Log: Application
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.



DETAIL -

6 user registry handles leaked from \Registry\User\S-1-5-21-3568101592-3335626919-1504947496-1000:
Process 1152 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1152 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\Internet Explorer\Main
Process 1152 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1152 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1152 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies
Process 1152 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software



Computer Name: Dolica | ID: 1530 | Source: Microsoft-Windows-User Profiles Service | Type: Warning | Date: 11-7-12 3:17:29 | Log: Application
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.



DETAIL -

15 user registry handles leaked from \Registry\User\S-1-5-21-3568101592-3335626919-1504947496-1000:
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\My
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\CA
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\Root
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\trust
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 532 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\SmartCardRoot



Computer Name: Dolica | ID: 1530 | Source: Microsoft-Windows-User Profiles Service | Type: Warning | Date: 6-7-12 16:44:44 | Log: Application
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.



DETAIL -

5 user registry handles leaked from \Registry\User\S-1-5-21-3568101592-3335626919-1504947496-1000:
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\Root
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\trust
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Policies\Microsoft\SystemCertificates
Process 528 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3568101592-3335626919-1504947496-1000\Software\Microsoft\SystemCertificates\SmartCardRoot



Computer Name: Dolica | ID: 1000 | Source: Application Error | Type: Error | Date: 3-7-12 14:4:59 | Log: Application
Message: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60

Exception code: 0xc0000005

Fault offset: 0x0003224d

Faulting process id: 0x72c

Faulting application start time: 0x01cd592e27edddd1

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: bf542968-c552-11e1-8140-a4badbfe1b68


Computer Name: Dolica | ID: 1000 | Source: Application Error | Type: Error | Date: 3-7-12 14:1:35 | Log: Application
Message: Faulting application name: EXCEL.EXE, version: 14.0.6117.5003, time stamp: 0x4f622ef8

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60

Exception code: 0xc0000005

Fault offset: 0x0003224d

Faulting process id: 0x1b24

Faulting application start time: 0x01cd595afb2c55be

Faulting application path: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 4564b137-c552-11e1-8140-a4badbfe1b68


<<<< Last 5 System Errors or Warnings >>>>

Computer Name: Dolica | ID: 4001 | Source: Microsoft-Windows-WLAN-AutoConfig | Type: Warning | Date: 12-7-12 15:38:30 | Log: System
Message: WLAN AutoConfig service has successfully stopped.




Computer Name: Dolica | ID: 51 | Source: Disk | Type: Warning | Date: 12-7-12 11:18:44 | Log: System
Message: An error was detected on device \Device\Harddisk2\DR8 during a paging operation.


Computer Name: Dolica | ID: 4001 | Source: Microsoft-Windows-WLAN-AutoConfig | Type: Warning | Date: 11-7-12 15:22:26 | Log: System
Message: WLAN AutoConfig service has successfully stopped.




Computer Name: Dolica | ID: 7000 | Source: Service Control Manager | Type: Error | Date: 11-7-12 15:22:24 | Log: System
Message: The UPnP Device Host service failed to start due to the following error:

%%1069


Computer Name: Dolica | ID: 7038 | Source: Service Control Manager | Type: Error | Date: 11-7-12 15:22:24 | Log: System
Message: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:

%%1352



To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


<<<< Special Events >>>>

There were no special events found



------ End of File ------

And yes I've tried uninstalling and reinstalling Safari! I think? I'll do it again!
  • 0

#103
Artellos
Posted 16 July 2012 - 05:55 PM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Hey Daniel,

I think your user account might be corrupt.

I would like to suggest to create a new user account and use that for now until we can determine if that is really the issue.

Take a look at this Microsoft article on how to create a new user account.

Regards,
Olrik
  • 0

#104
Daniel Christmas Lee
Posted 17 July 2012 - 10:49 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Ok what is the next step?

Using a new account would take some time in that I have to "do something" to make all my Working files available on my new user account... then customize the look and feel.

Either way, what am I suppose to do from here?

Please let me know.

Thanks Artellos!
  • 0

#105
Artellos
Posted 17 July 2012 - 11:26 AM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Hey Daniel,

What I would like you to do on the new user account is upload/download some files and then run SINO again.

I am pretty sure the old user account was corrupted. If it is then we can copy all your preferences over to the new user account to save you all the trouble. SINO should confirm if it was corrupt or not due to the event manager.

Regards,
Olrik
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP