leedonpark1975

Hi Ron.I guess the problem is resolved. It has been ok since I disabled the service. Just wondering if there were a faster way, maybe some software that can analyze an EXE.

Hi Ron, thank you very much for your help. I've managed to find out what caused my networking to behave so strangely. Here's what I did, using MSCONFIG, I disabled most Startup all programs except for my Avira. Reboot system. Problem remains. I rebooted into SAFE MODE (problem doesn't exist in SAFE MODE) and made a list of Windows services that started and then stopping these services one by one after I rebooted normally, doing a PING test after stopping each service. I had to repeat the process 3 times as I found out that PING works normally sporadically. Finally, I found the service "FXcnStatutsDatabase" that is causing the problem. FXNADB.exe is part of the simple monitor that was installed from my Fuji Xerox printer driver CDROM. A couple days earlier, I saw that same file in the MSCONFIG startup entry, suspected that it may cause a problem, unchecked it, but it didn't help. I've even uploaded the file to virustotal.com website and it came clean. http://www.fujixeroxprinters.com.au/en/Downloads.aspx?product=5452

Hi Ron, thanks. I've attached the log. ComboFix.txt

Hi Ron, I've done a factory reset by rebooting the router and then holding onto the reset button for about 10 seconds, following this article - http://dlcdnet.asus.com/pub/ASUS/wireless/DSL-N12U_B1/E7218_DSL_N12U_B1_Manual_English.pdf I reloaded the firmware using Asus's router utility and uploaded my config (backup before reset). But the problem remains. After that, I upgraded the firmware to the latest version and also change the router passwords to be on the safe side.

Hi Ron, I've attached the log files. Yes, that is my ISP proxy. I use it sometimes when my Internet is slow or inconsistent. It doesn't appear to help this time though. I've tried using "SFC /SCANNOW" as suggested by this website. It helped improved my Windows speed but not networking. http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html malwarebytes_3.zip

By the way, since about yesterday or the day before, I'm experiencing a strange problem. When logging into Windows after a reboot, the login arrow becomes unresponsive. After entering my password, I had to click about 20 times before I'm able to really login.

Hi Ron, Thanks for replying. Here's the RKill, MBAM and RogueKiller logs/reports. On the event log, you can ignore the "Can't connect to MySQL server" errors. I want to point out that the last couple of days, whenever I shutdown Windows, Windows will be installing 1 Update. This happens every single time I shutdown. Rkill 2.6.7 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/02/2014 10:38:37 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe (PID: 3700) [uP-HEUR] * C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe (PID: 3700) [T-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 08/02/2014 10:42:47 PMExecution time: 0 hours(s), 4 minute(s), and 9 seconds(s) Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 2/8/2014Scan Time: 4:11:52 PMLogfile: malwarebytes log.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.02.02Rootkit Database: v2014.08.01.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Fujitsu Scan Type: Threat ScanResult: CompletedObjects Scanned: 413552Time Elapsed: 25 min, 46 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Fujitsu [Admin rights]Mode : Scan -- Date : 08/02/2014 23:04:18 ¤¤¤ Bad processes : 2 ¤¤¤[suspicious.Path] GoogleCrashHandler.exe -- C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe[7] -> KILLED [TermProc][suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\Fujitsu\AppData\Local\Temp\ALSysIO64.sys[x] -> STOPPED ¤¤¤ Registry Entries : 19 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HideFile -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HideFile -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HideFile -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[suspicious.Path] \\Core Temp Autostart Fujitsu -- "C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe" -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\SiRemFil @ Unknown (\SystemRoot\system32\DRIVERS\SiRemFil.sys)[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\snapman @ Unknown (\SystemRoot\system32\DRIVERS\snapman.sys) ¤¤¤ Web browsers : 2 ¤¤¤[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http", "proxy.singnet.com.sg"); -> FOUND[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http_port", 8080); -> FOUND ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD5000BPKT-00PK4T0 +++++--- User ---[MBR] b05a6bca9e52e4afb1ff539e0bd2bf39[bSP] 76275fc33034f9b3a520de17248a8ec4 : HP MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16395 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33579008 | Size: 200 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33988608 | Size: 122159 MB3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 284170240 | Size: 338185 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_07302014_155521.log

Anyway, it's very erratic, for example, I run a PING, the first PING had no delay, but the second PING onward is delayed.

Hi Ron, I've attached the 3 logs. Appreciate your help. p/s: Another point, sometimes after sometime, the problem goes away. After a reboot, it comes back again. Addition.txt CheckResults.txt FRST.txt

Hi David, thank you for your detailed instructions. I've attached the IPCONFIG.TXT file. I'm connected to the DSL WIFI router model ASUS DSL-N12U. I've checked other machines (XP, Vista, 7) that are connected to my same network, they don't have this problem. As matter of fact, the problem also doesn't exist if I reboot my laptop into SAFE mode with network. IPCONFIG.TXT

Thank you for replying. I've tried your suggestion, disabled and re-enabled WLAN, reboot router but it's still the same. By the way, I've tried to disable ipv6 for my WLAN, but only used 8.8.8.8 and 8.8.4.4. The strange thing is that there's a delay even for PING LOCALHOST.

I've been experiencing very slow DNS resolution since a couple days ago. Website take a longer than usual time to resolve and sometimes the website don't load even after a couple minutes. Sometimes, the DNS problem disappears before coming back again. It's very erratic. When I try to "PING google.com" or even "PING localhost", there can be a delay of anywhere between 4 seconds to half a minute before the results appear. PING Google IP address is instantaneous. When I say delay, I mean the delay that comes immediately after issuing PING Google.com but before the first response text 'Pinging google.com [74.125.130.101] with....' appears. NSLookup Google.com doesn't have this problem. The problem also doesn't exist if I reboot Windows into SAFE mode with network. I'm using DSL WIFI router and I've checked other PCs that are connected to my same network, they don't have this problem. Note: By the way, Iast week, while shutting down, my PC had a large Windows update that took like 15 minutes. My resolution attempts: 1). Tried flushing DNS flush (ipconfig /flushdns) as shown in this article - http://answers.microsoft.com/en-us/windows/forum/windows_xp-networking/ping-or-browser-dns-lookup-takes-5-10-seconds-yet/d8f5375d-a095-4900-8069-0177ad271750 2). Tried resetting the host file - http://forums.anvisoft.com/viewtopic-51-4003-0.html 3). Tried disabling Windows virtual wifi miniport. 4). Tried disable ipv6 for my Wireless LAN Adapter. 5). Scan using MalwareBytes anti-malware, no malicious items found. 6). Did a complete scan using Avira Pro which I've been using and activated for 2 years, nothing detected. 7). While surfing Internet, I discovered that AVAST can do a reboot scan so I downloaded AVAST free and did a bootscan scanned with all the options checked, also nothing found. I immediately uninstalled AVAST after that. 8). I've tried disabling Windows firewall to see if it's due to Windows. 9). Tried using CCLEANER. 10). Tried changing LAN adapter - still same. My environment: 1). OS: Windows 7 Home 2). Antivirus: Avira Pro 3). Firewall: Windows Firewall with Windows 8 Firewall Control 4). Network: Intel® Centrino® WIFI 5). Ipconfig: Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN Physical Address. . . . . . . . . : 00-24-D7-******** DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::d77:************(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.***(Preferred) Subnet Mask . . . . . . . . . . . : 255.25****** Lease Obtained. . . . . . . . . . : Wednesday, 30 July, 2014 4:40:19 PM Lease Expires . . . . . . . . . . : Thursday, 31 July, 2014 4:40:18 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 218113239 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-56-98-33-8C-73-6E-75-A7-56 DNS Servers . . . . . . . . . . . : 192.168.0.1 --> This is my router as I'm using DHCP. On my router, my ISP DNS servers are listed. NetBIOS over Tcpip. . . . . . . . : EnabledI've attached HijackThis, JRT, RogueKiller and MiniBoxTool logs as follows. Please help me. HijackThis v2.0.4 LogLogfile of Trend Micro HijackThis v2.0.4Scan saved at 11:03:49 AM, on 30/7/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17207)Boot mode: NormalRunning processes:c:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exeC:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exeC:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tunein.com/radio/Class-95-FM-950-s25599/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dllO3 - Toolbar: (no name) - {F348E1B0-CBFE-47C3-81B4-9F44B3B5A618} - (no file)O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeO4 - HKLM\..\Run: [LauncherM215fw] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M215 fwO4 - HKLM\..\Run: [M215fw RUN] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe"O4 - HKLM\..\Run: [StatusAutoRunmM215fw] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint M215 fw,hide,\SO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exeO4 - HKCU\..\Run: [Google Update] "C:\Users\Fujitsu\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - Global Startup: AlertDispatcherTray.lnk = C:\Program Files (x86)\AlertDispatcher\AlertDispatcherTray.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\agilent\io libraries suite\lximdnsnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://radio.mediacorp.sgO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLLO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXEO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FXcnStatutsDatabase (FXNADB) - Fuji Xerox Co., Ltd. - C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exeO23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exeO23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: MySQL - Unknown owner - D:\data\MariaDB5.5\bin\mysqld.exeO23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exeO23 - Service: Open DHCP Server (OpenDHCPServer) - Unknown owner - C:\OpenDHCPServer\OpenDHCPServer.exeO23 - Service: OTPServer - Click And Deploy Pte Ltd - D:\Data\ClickAndDeploy\OTPServer\otpserver\test\otpserver.exeO23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: RabbitMQ - Unknown owner - C:\Program Files (x86)\erl5.10.3\erts-5.10.3\bin\erlsrv.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: syslogd - Unknown owner - C:\Program Files (x86)\syslog\syslogd.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exeO23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: Windows8FirewallService - Sphinx Software - C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exeO23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by Fujitsu on Wed 30/07/2014 at 16:00:44.42~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfreeSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS~~~ FilesSuccessfully deleted: [File] C:\Windows\syswow64\sho406B.tmpSuccessfully deleted: [File] C:\Windows\syswow64\sho4635.tmpSuccessfully deleted: [File] C:\Windows\syswow64\sho4ADA.tmpSuccessfully deleted: [File] C:\Windows\syswow64\sho8CEB.tmpSuccessfully deleted: [File] C:\Windows\syswow64\shoA676.tmpSuccessfully deleted: [File] C:\Windows\syswow64\shoB676.tmp~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\Users\Fujitsu\AppData\Roaming\getrighttogo"Successfully deleted: [Folder] "C:\Users\Fujitsu\appdata\locallow\boost_interprocess"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 30/07/2014 at 16:14:19.19End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~RogueKiller LogRogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Fujitsu [Admin rights]Mode : Scan -- Date : 07/30/2014 15:55:21¤¤¤ Bad processes : 3 ¤¤¤[Suspicious.Path] Core Temp.exe -- C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe[-] -> KILLED [TermProc][Suspicious.Path] GoogleCrashHandler.exe -- C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe[7] -> KILLED [TermProc][Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\Fujitsu\AppData\Local\Temp\ALSysIO64.sys[x] -> STOPPED¤¤¤ Registry Entries : 19 ¤¤¤[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HideFile -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HideFile -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HideFile -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[Suspicious.Path] \\Core Temp Autostart Fujitsu -- "C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe" -> FOUND¤¤¤ Files : 0 ¤¤¤¤¤¤ HOSTS File : 0 ¤¤¤¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\SiRemFil @ Unknown (\SystemRoot\System32\drivers\fwpkclnt.sys)¤¤¤ Web browsers : 2 ¤¤¤[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http", "proxy.singnet.com.sg"); -> FOUND[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http_port", 8080); -> FOUND¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD5000BPKT-00PK4T0 +++++--- User ---[MBR] b05a6bca9e52e4afb1ff539e0bd2bf39[BSP] 76275fc33034f9b3a520de17248a8ec4 : HP MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16395 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33579008 | Size: 200 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33988608 | Size: 122159 MB3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 284170240 | Size: 338185 MBUser = LL1 ... OKUser = LL2 ... OKMiniBoxTool log: MiniToolBox by Farbar Version: 21-07-2014Ran by user (administrator) on 01-08-2014 at 00:35:05Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal***************************************************************************========================= Flush DNS: ===================================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========================= Hosts content: =================================127.0.0.1 localhost127.0.0.1 localhost========================= IP Configuration: ================================Intel(R) Centrino(R) Ultimate-N 6300 AGN = Wireless Network Connection (Connected)Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Hardware not present)VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 6 (Hardware not present)Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetset global icmpredirects=enabledset interface interface="Local Area Connection 6" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabledadd address name="Local Area Connection 6" address=10.150.10.33 mask=255.255.255.255add address name="Local Area Connection 6" address=10.150.9.68 mask=255.255.255.255add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0popd# End of IPv4 configurationWindows IP Configuration Host Name . . . . . . . . . . . . : notebook Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet Physical Address. . . . . . . . . : 8C-73-6E-75-A7-56 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 00-24-D7-0B-D9-B9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN Physical Address. . . . . . . . . : 00-24-D7-0B-D9-B8 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::d77:5aa5:9321:25b7%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, 31 July, 2014 10:36:09 PM Lease Expires . . . . . . . . . . : Friday, 1 August, 2014 11:48:07 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 218113239 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-56-98-33-8C-73-6E-75-A7-56 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : EnabledTunnel adapter isatap.{354DEDCD-EDE5-4FCA-A0DE-C75F32623F06}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{DB275B59-550E-4D86-8056-6225288D7B8E}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{0986B670-9564-4652-9241-A286EA7A40C5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 26: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2833:3c6b:2300:a5b(Preferred) Link-local IPv6 Address . . . . . : fe80::2833:3c6b:2300:a5b%30(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : DisabledServer: google-public-dns-a.google.comAddress: 8.8.8.8Name: google.comAddresses: 2404:6800:4003:c01::71 74.125.130.101 74.125.130.113 74.125.130.139 74.125.130.138 74.125.130.102 74.125.130.100Pinging google.com [74.125.130.100] with 32 bytes of data:Reply from 74.125.130.100: bytes=32 time=137ms TTL=43Reply from 74.125.130.100: bytes=32 time=8ms TTL=43Ping statistics for 74.125.130.100: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 8ms, Maximum = 137ms, Average = 72msServer: google-public-dns-a.google.comAddress: 8.8.8.8Name: yahoo.comAddresses: 98.139.183.24 98.138.253.109 206.190.36.45Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=267ms TTL=45Reply from 98.139.183.24: bytes=32 time=273ms TTL=45Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 267ms, Maximum = 273ms, Average = 270msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List 12...8c 73 6e 75 a7 56 ......Broadcom NetLink (TM) Gigabit Ethernet 18...00 24 d7 0b d9 b9 ......Microsoft Virtual WiFi Miniport Adapter 13...00 24 d7 0b d9 b8 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN 1...........................Software Loopback Interface 1 44...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 45...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7 30...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface===========================================================================IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.111 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.111 281 192.168.1.125 255.255.255.255 On-link 192.168.1.111 281 192.168.1.255 255.255.255.255 On-link 192.168.1.111 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.111 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.111 281===========================================================================Persistent Routes: NoneIPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 30 58 ::/0 On-link 1 306 ::1/128 On-link 30 58 2001::/32 On-link 30 306 2001:0:9d38:90d7:2833:3c6b:2300:a5b/128 On-link 13 281 fe80::/64 On-link 30 306 fe80::/64 On-link 13 281 fe80::d77:5aa5:9321:25b7/128 On-link 30 306 fe80::2833:3c6b:2300:a5b/128 On-link 1 306 ff00::/8 On-link 30 306 ff00::/8 On-link 13 281 ff00::/8 On-link===========================================================================Persistent Routes: If Metric Network Destination Gateway 0 4294967295 2620:9b::/96 On-link 0 4294967295 fe80::/10 On-link 0 4294967295 fe80::/10 On-link==================================================================================================== Winsock entries =====================================Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 15 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 16 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 17 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 18 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 19 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)========================= Devices: ================================Name: VirtualBox Host-Only Ethernet AdapterDescription: VirtualBox Host-Only Ethernet AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Oracle CorporationService: VBoxNetAdpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Bluetooth Device (Personal Area Network)Description: Bluetooth Device (Personal Area Network)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BthPanProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.========================= Minidump Files ==================================No minidump file found========================= Restore Points ==================================30-07-2014 14:40:59 Installed Microsoft Fix it 5040930-07-2014 14:41:48 Installed Microsoft Fix it 5040930-07-2014 14:56:07 Installed Microsoft Fix it 5044030-07-2014 16:41:59 Windows Update31-07-2014 01:25:41 Windows Update31-07-2014 02:12:46 Removed Agilent IO Libraries Suite 64-bit.31-07-2014 02:14:07 Removed Agilent IO Libraries Suite 16.3 Update 131-07-2014 02:43:21 Removed Bonjour31-07-2014 07:15:15 Windows Update**** End of log ****