Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check and Internet Security 2012


  • Please log in to reply
10 replies to this topic

#1 Somnus

Somnus

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 21 January 2012 - 03:13 AM

So it turns out, my computer was infected with both at the same time. I was able to use RKill, Malwarebytes, and TDSSKill to rid my computer of it.

But, I'm still sort of paranoid. Is there a way to make sure that my system is completely clear of the viruses? My paranoia came when I was customizing my toolbar icons, and I saw "system check" and "internet security 2012" in the list of icons. Does that mean they are still on my computer?

Help would be much appreciated!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:57 AM

Posted 21 January 2012 - 01:34 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Somnus

Somnus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 21 January 2012 - 03:29 PM

Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 24
Java™ SE Development Kit 6 Update 24
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````


FSS:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Boss (administrator) on 21-01-2012 at 14:17:11
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 18:09] - [2009-07-13 19:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 17:36] - [2009-07-13 19:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 17:39] - [2009-07-13 19:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll
[2011-02-09 21:20] - [2010-12-21 00:16] - 0097280 ____A (Microsoft Corporation) 8F9F3969933C02DA96EB0F84576DB43E

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 18:36] - [2009-07-13 19:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 17:46] - [2009-07-13 19:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 17:49] - [2009-07-13 19:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Boss (administrator) on 21-01-2012 at 14:18:19
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 14750 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : GLaDOS
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pn.at.cox.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 1C-65-9D-B3-03-FB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : pn.at.cox.net
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 1C-65-9D-B3-03-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : pn.at.cox.net
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : D4-85-64-BE-6B-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e1d9:1df8:5f08:a16a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.122(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 21, 2012 1:44:03 PM
Lease Expires . . . . . . . . . . : Sunday, January 22, 2012 1:44:03 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 258224464
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-87-CD-B4-64-31-50-25-94-91
DNS Servers . . . . . . . . . . . : 68.105.28.12
68.105.29.12
68.105.28.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-41-78-74
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::541:7874(Preferred)
Link-local IPv6 Address . . . . . : fe80::b1:51c3:b8e5:cb7d%26(Preferred)
IPv4 Address. . . . . . . . . . . : 5.65.120.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Saturday, January 21, 2012 1:44:03 PM
Lease Expires . . . . . . . . . . : Sunday, January 20, 2013 1:46:09 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 779778391
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-87-CD-B4-64-31-50-25-94-91
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:7d:34be:9d55:2a0(Preferred)
Link-local IPv6 Address . . . . . : fe80::7d:34be:9d55:2a0%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.pn.at.cox.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B23003AA-CEA2-4DE6-A50C-CA38E731643B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3A081B53-6D78-4C91-8815-D3CE47A41B56}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns2.cox.net
Address: 68.105.28.12

Name: google.com
Addresses: 74.125.227.81
74.125.227.82
74.125.227.83
74.125.227.84
74.125.227.80


Pinging google.com [74.125.227.146] with 32 bytes of data:
Reply from 74.125.227.146: bytes=32 time=60ms TTL=53
Reply from 74.125.227.146: bytes=32 time=57ms TTL=53

Ping statistics for 74.125.227.146:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 60ms, Average = 58ms
Server: cdns2.cox.net
Address: 68.105.28.12

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=74ms TTL=56
Reply from 98.137.149.56: bytes=32 time=73ms TTL=56

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 74ms, Average = 73ms
Server: cdns2.cox.net
Address: 68.105.28.12

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...1c 65 9d b3 03 fb ......Microsoft Virtual WiFi Miniport Adapter
13...1c 65 9d b3 03 fa ......802.11n Wireless LAN Card
12...d4 85 64 be 6b 5b ......Realtek PCIe FE Family Controller
26...7a 79 05 41 78 74 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.65.120.116 9256
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.122 20
5.0.0.0 255.0.0.0 On-link 5.65.120.116 9256
5.65.120.116 255.255.255.255 On-link 5.65.120.116 9256
5.255.255.255 255.255.255.255 On-link 5.65.120.116 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.122 276
192.168.1.122 255.255.255.255 On-link 192.168.1.122 276
192.168.1.255 255.255.255.255 On-link 192.168.1.122 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.122 276
224.0.0.0 240.0.0.0 On-link 5.65.120.116 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.122 276
255.255.255.255 255.255.255.255 On-link 5.65.120.116 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:7d:34be:9d55:2a0/128
On-link
26 276 2620:9b::/96 On-link
26 276 2620:9b::541:7874/128 On-link
12 276 fe80::/64 On-link
26 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::7d:34be:9d55:2a0/128
On-link
26 276 fe80::b1:51c3:b8e5:cb7d/128
On-link
12 276 fe80::e1d9:1df8:5f08:a16a/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
12 276 ff00::/8 On-link
26 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/21/2012 02:30:14 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.16912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1404

Start Time: 01ccd7f69d4a7335

Termination Time: 49

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 2064e29f-440a-11e1-8216-d48564be6b5b

Error: (01/20/2012 09:22:04 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7600.16912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cec

Start Time: 01ccd7eacaf34288

Termination Time: 60000

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (01/20/2012 09:07:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuAgent.exe, version: 2.1.17869.0, time stamp: 0x4c056009
Faulting module name: NOBuAgent.exe, version: 2.1.17869.0, time stamp: 0x4c056009
Exception code: 0xc0000409
Fault offset: 0x000000000011e006
Faulting process id: 0xc5c
Faulting application start time: 0xNOBuAgent.exe0
Faulting application path: NOBuAgent.exe1
Faulting module path: NOBuAgent.exe2
Report Id: NOBuAgent.exe3

Error: (01/20/2012 08:39:50 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/20/2012 08:39:50 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/20/2012 08:20:10 PM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Installed DirectX).

Error: (01/20/2012 07:44:25 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/20/2012 07:44:25 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/16/2012 11:29:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: HPSF_Tasks.exe, version: 6.0.5.4, time stamp: 0x4e00bf33
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x047d1288
Faulting process id: 0x%9
Faulting application start time: 0xHPSF_Tasks.exe0
Faulting application path: HPSF_Tasks.exe1
Faulting module path: HPSF_Tasks.exe2
Report Id: HPSF_Tasks.exe3

Error: (01/15/2012 01:55:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.


System errors:
=============
Error: (01/21/2012 01:47:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (01/21/2012 01:47:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (01/20/2012 09:31:55 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (01/20/2012 09:31:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (01/20/2012 09:10:56 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Error: (01/20/2012 09:10:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (01/20/2012 09:10:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (01/20/2012 09:10:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (01/20/2012 09:07:42 PM) (Source: Service Control Manager) (User: )
Description: The Norton Online Backup service failed to start due to the following error:
%%1053

Error: (01/20/2012 09:07:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.


Microsoft Office Sessions:
=========================
Error: (01/21/2012 02:30:14 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7600.16912140401ccd7f69d4a733549C:\Program Files (x86)\Internet Explorer\iexplore.exe2064e29f-440a-11e1-8216-d48564be6b5b

Error: (01/20/2012 09:22:04 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7600.169121cec01ccd7eacaf3428860000C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (01/20/2012 09:07:40 PM) (Source: Application Error)(User: )
Description: NOBuAgent.exe2.1.17869.04c056009NOBuAgent.exe2.1.17869.04c056009c0000409000000000011e006c5c01ccd7e9cb988c09C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe138ad924-43dd-11e1-b879-d48564be6b5b

Error: (01/20/2012 08:39:50 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/20/2012 08:39:50 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/20/2012 08:20:10 PM) (Source: System Restore)(User: )
Description: Installed DirectX

Error: (01/20/2012 07:44:25 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/20/2012 07:44:25 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/16/2012 11:29:47 AM) (Source: Application Error)(User: )
Description: HPSF_Tasks.exe6.0.5.44e00bf33unknown0.0.0.000000000c0000005047d1288

Error: (01/15/2012 01:55:00 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2


=========================== Installed Programs ============================

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 3.0.0.4080)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.6)
Adobe Dreamweaver CS5.5 (Version: 11.5)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.1109.2212.39826)
AMD Media Foundation Decoders (Version: 1.0.61109.2218)
AMD VISION Engine Control Center (Version: 2011.1109.2212.39826)
Audacity 1.2.6
Audiosurf
AVG 2011 (Version: 10.0.1382)
AVG 2011 (Version: 10.0.1388)
AVG 2011 (Version: 10.0.1390)
AVG 2011 (Version: 10.0.1391)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1410)
AVG 2011 (Version: 10.0.1411)
AVG 2011 (Version: 10.0.1415)
AVG 2011 (Version: 10.0.1416)
AVG 2011 (Version: 10.0.2109)
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.0.609.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826)
Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826)
ccc-utility64 (Version: 2011.1109.2212.39826)
CCC Help English (Version: 2011.1109.2211.39826)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
Cisco Connect (Version: 1.3.11006.1)
CyberLink DVD Suite Deluxe (Version: 7.0.2823)
D3DX10 (Version: 15.4.2368.0902)
DC Universe Online
Demigod
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.1.4030)
Epson CreativeZone
Epson Easy Photo Print 2 (Version: 2.2.3.1)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0001)
EPSON NX620 Series Printer Uninstall
EPSON Scan
EpsonNet Setup 3.3 (Version: 3.3b)
Escape Rosecliff Island (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Garry's Mod
Google Chrome (Version: 16.0.912.75)
Google Update Helper (Version: 1.3.21.79)
Half-Life
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Heroes of Newerth (Version: 2.0.33)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HP Advisor (Version: 3.4.12850.3526)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Game Console
HP Games (Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP MediaSmart DVD (Version: 4.1.4229)
HP MediaSmart Music (Version: 4.1.4301)
HP MediaSmart Photo (Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.1.4214)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.3.0)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 8.1.4186.3400)
HP Support Assistant (Version: 6.0.5.4)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173)
Hulu Desktop (Version: 0.9.13)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ SE Development Kit 6 Update 24 (Version: 1.6.0.240)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Killing Floor
Kobo
LabelPrint (Version: 2.5.2823)
League of Legends (Version: 1.3)
Left 4 Dead
Left 4 Dead 2
LightScribe System Software (Version: 1.18.15.1)
LogMeIn Hamachi (Version: 2.1.0.124)
LOLReplay (Version: 0.7.6.0)
Magicka
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.5130.5001)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (ARP entry) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Redists) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Shared Components) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (Visual Studio) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (Version: 4.0.20823.0)
Microsoft XNA Game Studio 4.0 Documentation (Version: 4.0.20823.0)
Microsoft XNA Game Studio Platform Tools (Version: 1.3.0.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Movie Theme Pack for HP MediaSmart Video (Version: 4.1.4030)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nation Red
Norton Internet Security (Version: 18.0.0.128)
Norton Online Backup (Version: 2.1.17869)
Notepad++ (Version: 5.9.3)
NVIDIA PhysX (Version: 9.10.0129)
Paint.NET v3.5.8 (Version: 3.58.0)
Pando Media Booster (Version: 2.6.0.1)
PDF Complete Special Edition (Version: 3.5.111)
PDF Settings CS5 (Version: 10.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
PictureMover (Version: 3.5.0.28)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Portal
Power2Go (Version: 6.1.4022)
PowerDirector (Version: 8.0.2906)
PowerISO (Version: 4.9)
PressReader (Version: 5.10.621.0)
PunkBuster Services (Version: 0.991)
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver (Version: 6.0.1.6132)
Recovery Manager (Version: 5.5.2926)
Rise of Immortals
Roxio CinemaNow 2.0 (Version: 1.0.284)
Rusty Hearts
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)
SilkroadR
Skype Click to Call (Version: 5.6.8312)
Skype™ 5.5 (Version: 5.5.119)
Spiral Knights
Spybot - Search & Destroy (Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
Team Fortress 2
TeamViewer 6 (Version: 6.0.11052)
The Sims™ 3 (Version: 1.0.631)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
USB 1.3MP Camera (Version: 1.0.20)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4 (Version: 4.0.2811)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 3839.29 MB
Available physical RAM: 1635.9 MB
Total Pagefile: 7676.71 MB
Available Pagefile: 4610.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3981.39 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:686.46 GB) (Free:497.47 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.08 GB) (Free:1.48 GB) NTFS
3 Drive e: (Sims3) (CDROM) (Total:5.54 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\GLADOS

Administrator Boss Guest


**** End of log ****

I'll post the rest in my next reply.

#4 Somnus

Somnus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 21 January 2012 - 04:29 PM

MBAM:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.21.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Boss :: GLADOS [administrator]

1/21/2012 2:42:34 PM
mbam-log-2012-01-21 (14-42-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185266
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Boss\AppData\Local\Temp\F518.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:57 AM

Posted 21 January 2012 - 08:57 PM

..and aswMBR...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Somnus

Somnus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 21 January 2012 - 09:04 PM

Sorry, here it is.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 16:21:41
-----------------------------
16:21:41.862 OS Version: Windows x64 6.1.7600
16:21:41.862 Number of processors: 4 586 0x503
16:21:41.863 ComputerName: GLADOS UserName: Boss
16:21:44.788 Initialize success
16:21:52.300 AVAST engine defs: 12012101
16:22:06.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
16:22:06.077 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 11
16:22:06.112 Disk 0 MBR read successfully
16:22:06.115 Disk 0 MBR scan
16:22:06.119 Disk 0 unknown MBR code
16:22:06.131 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:22:06.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702933 MB offset 206848
16:22:06.195 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12369 MB offset 1439813632
16:22:06.204 Service scanning
16:22:14.130 Modules scanning
16:22:14.134 Disk 0 trace - called modules:
16:22:14.162 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
16:22:14.166 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046fe790]
16:22:14.502 3 CLASSPNP.SYS[fffff8800190643f] -> nt!IofCallDriver -> [0xfffffa80036e71c0]
16:22:14.507 5 amdxata.sys[fffff88000c017a8] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa80041dd9c0]
16:22:19.688 AVAST engine scan C:\Windows
16:23:29.796 AVAST engine scan C:\Windows\system32
16:29:03.607 AVAST engine scan C:\Windows\system32\drivers
16:30:12.789 AVAST engine scan C:\Users\Boss
19:26:58.098 AVAST engine scan C:\ProgramData
19:43:32.076 Scan finished successfully
20:03:41.158 Disk 0 MBR has been saved successfully to "C:\Users\Boss\Desktop\MBR.dat"
20:03:41.173 The log file has been saved successfully to "C:\Users\Boss\Desktop\aswMBR.txt"

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:57 AM

Posted 21 January 2012 - 09:27 PM

All looks clean so far....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Somnus

Somnus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 22 January 2012 - 02:40 AM

Apologies for the late reply.

Here it is:

C:\Users\Boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1MUI7RJ\SoftonicDownloader_for_kaspersky-tdsskiller[1].exe Win32/SoftonicDownloader application cleaned by deleting - quarantined
C:\Users\Boss\AppData\Local\Temp\jar_cache2924835561174857903.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:57 AM

Posted 22 January 2012 - 02:57 PM

Update Internet Explorer to version 9.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===========================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current (including Service Pack 1 installation!!)

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Somnus

Somnus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 22 January 2012 - 08:02 PM

Thanks so much for your help! I appreciate it! :lol:

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:57 AM

Posted 22 January 2012 - 08:20 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users