Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot track and cure infection, hearing 'Congratulations, you've won!' sound


  • This topic is locked This topic is locked
5 replies to this topic

#1 viq

viq

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 February 2012 - 10:04 PM

Hello.

For the last 2 days I've been hearing random 'Congratulations, you've won!' sound from my PC and cannot find a way to cure the infection.
Tried several tools including full scan with Norton 360 (ver. 5.2.0.13 with latest updates, it also runs constantly on my PC and is used for regular scanning) and ESET Online Scanner (having stopped Norton 360 during scan with ESET), which both found and removed several threats, but that annoying sound is still there and starting to get me mad =)

My system is Windows7 86x. Also, noticed some sluggishness while running the PC recently, but no pop-ups or search redirects.

Will be very grateful for any help, since I don't seem to be able to cure the PC myself this time.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:38 AM

Posted 18 February 2012 - 10:14 PM

Hello, I moved this to Am I Infected for now.
Lets do these next and see how it is after.

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
    [/list


    Next run MBAM (MalwareBytes):

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
      For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 viq

viq
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 February 2012 - 11:58 PM

Helloboopme. Thanks for your help.

Here are the logs:

1. Bootkit Remover window:


BootkitRemover

©2009 Esage Lab

www.esagelab.com

Programversion: 1.2.0.1

OSVersion: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32

-bit

Systemvolume is \\.\C:

\\.\C: -> \\.\PhysicalDrive0at offset 0x00000000`00007e00

Bootsector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 OK (DOS/Win32Boot code found)



Done;

Pressany key to quit...



2. MBAM Log:
Reboot was required after MBAM's Quick scan, so I rebooted the machine The log follows:
---------- ---------- ----------



Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org



Database version: v2012.02.19.01



Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

vitalik :: ORK [administrator]



Protection: Enabled



19.02.2012 05:54:10

mbam-log-2012-02-19 (05-54-10).txt



Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227917

Time elapsed: 8 minute(s), 21 second(s)



Memory Processes Detected: 1

C:\Users\vitalik\AppData\Local\Temp\NOD97AD.tmp (Trojan.FakeAlert) -> 1984 -> Delete on reboot.



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 4

C:\Users\vitalik\AppData\Local\Temp\NOD97AD.tmp (Trojan.FakeAlert) -> Delete on reboot.

C:\Users\vitalik\Downloads\FreePHG_Install.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.

C:\Users\vitalik\Downloads\SetupCasino_262f3b.exe (PUP.Casino) -> Quarantined and deleted successfully.

C:\Users\vitalik\Downloads\SetupPoker_68e0.exe (PUP.Casino) -> Quarantined and deleted successfully.



(end)

3. Minitoolbox results.txt
Please note that my system language is Russian, so I guess some output text in results.txt got garbled. If that is an issue I can try to provide english versions of what's messed in the log. As far as i can see all the numbers and section headers (in English) are in place.
So here's the file:
----------

MiniToolBox by Farbar Version: 18-01-2012
Ran by vitalik (administrator) on 19-02-2012 at 06:28:15
Microsoft Windows 7 Максимальная Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Ќ бва®©Є Їа®в®Є®« IP ¤«п Windows

Љни б®Ї®бв ўЁвҐ«п DNS гбЇҐи­® ®зЁйҐ­.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Подключение по локальной сети (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)


# ----------------------------------
# Љ®­дЁЈга жЁп IPv4
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
add route prefix=174.132.202.108/32 interface="iftype0_0" nexthop=192.168.168.133 metric=1 publish=„
add route prefix=0.0.0.0/0 interface="Џ®¤Є«о祭ЁҐ Ї® «®Є «м­®© бҐвЁ" nexthop=192.168.1.1 publish=„
add address name="Џ®¤Є«о祭ЁҐ Ї® «®Є «м­®© бҐвЁ" address=192.168.1.5 mask=255.255.255.0
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.202.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.75.1 mask=255.255.255.0


popd
# Љ®­Ґж Є®­дЁЈга жЁЁ IPv4



Ќ бва®©Є Їа®в®Є®« IP ¤«п Windows

€¬п Є®¬ЇмовҐа . . . . . . . . . : ork
Ћб­®ў­®© DNS-бгддЁЄб . . . . . . :
'ЁЇ 㧫 . . . . . . . . . . . . . : ѓЁЎаЁ¤­л©
IP-¬ аиагвЁ§ жЁп ўЄ«о祭 . . . . : ЌҐв
WINS-Їа®ЄбЁ ўЄ«о祭 . . . . . . . : ЌҐв

Ethernet adapter Џ®¤Є«о祭ЁҐ Ї® «®Є «м­®© бҐвЁ:

DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 1C-6F-65-35-74-21
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „
‹®Є «м­л© IPv6- ¤аҐб Є ­ « . . . : fe80::e434:1e31:e8f5:9c6a%11(Ћб­®ў­®©)
IPv4- ¤аҐб. . . . . . . . . . . . : 192.168.1.5(Ћб­®ў­®©)
Њ бЄ Ї®¤бҐвЁ . . . . . . . . . . : 255.255.255.0
Ћб­®ў­®© и«о§. . . . . . . . . : 192.168.1.1
IAID DHCPv6 . . . . . . . . . . . : 236744549
DUID Є«ЁҐ­в DHCPv6 . . . . . . . : 00-01-00-01-14-F0-E3-0E-1C-6F-65-35-74-21
DNS-бҐаўҐал. . . . . . . . . . . : 8.8.8.8
192.168.1.1
NetBios зҐаҐ§ TCP/IP. . . . . . . . : ‚Є«о祭

Ethernet adapter VMware Network Adapter VMnet1:

DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 00-50-56-C0-00-01
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „
‹®Є «м­л© IPv6- ¤аҐб Є ­ « . . . : fe80::357c:e1d5:797d:eb2f%18(Ћб­®ў­®©)
IPv4- ¤аҐб. . . . . . . . . . . . : 192.168.202.1(Ћб­®ў­®©)
Њ бЄ Ї®¤бҐвЁ . . . . . . . . . . : 255.255.255.0
Ћб­®ў­®© и«о§. . . . . . . . . :
IAID DHCPv6 . . . . . . . . . . . : 453005398
DUID Є«ЁҐ­в DHCPv6 . . . . . . . : 00-01-00-01-14-F0-E3-0E-1C-6F-65-35-74-21
DNS-бҐаўҐал. . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBios зҐаҐ§ TCP/IP. . . . . . . . : ‚Є«о祭

Ethernet adapter VMware Network Adapter VMnet8:

DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 00-50-56-C0-00-08
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „
‹®Є «м­л© IPv6- ¤аҐб Є ­ « . . . : fe80::7406:3772:9dfc:db69%19(Ћб­®ў­®©)
IPv4- ¤аҐб. . . . . . . . . . . . : 192.168.75.1(Ћб­®ў­®©)
Њ бЄ Ї®¤бҐвЁ . . . . . . . . . . : 255.255.255.0
Ћб­®ў­®© и«о§. . . . . . . . . :
IAID DHCPv6 . . . . . . . . . . . : 469782614
DUID Є«ЁҐ­в DHCPv6 . . . . . . . : 00-01-00-01-14-F0-E3-0E-1C-6F-65-35-74-21
DNS-бҐаўҐал. . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBios зҐаҐ§ TCP/IP. . . . . . . . : ‚Є«о祭

Ethernet adapter VirtualBox Host-Only Network:

DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 08-00-27-00-A0-C5
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „
‹®Є «м­л© IPv6- ¤аҐб Є ­ « . . . : fe80::40da:e4a5:69bc:1201%21(Ћб­®ў­®©)
IPv4- ¤аҐб. . . . . . . . . . . . : 192.168.56.1(Ћб­®ў­®©)
Њ бЄ Ї®¤бҐвЁ . . . . . . . . . . : 255.255.255.0
Ћб­®ў­®© и«о§. . . . . . . . . :
IAID DHCPv6 . . . . . . . . . . . : 436731943
DUID Є«ЁҐ­в DHCPv6 . . . . . . . : 00-01-00-01-14-F0-E3-0E-1C-6F-65-35-74-21
DNS-бҐаўҐал. . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBios зҐаҐ§ TCP/IP. . . . . . . . : ‚Є«о祭

'г­­Ґ«м­л© ¤ ЇвҐа isatap.{2F583018-F6B1-45BF-B503-941D7706781F}:

'®бв®п­ЁҐ б।л. . . . . . . . : '। ЇҐаҐ¤ зЁ ­Ґ¤®бвгЇ­ .
DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : Ђ¤ ЇвҐа Microsoft ISATAP
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „

'г­­Ґ«м­л© ¤ ЇвҐа Џ®¤Є«о祭ЁҐ Ї® «®Є «м­®© бҐвЁ*:

'®бв®п­ЁҐ б।л. . . . . . . . : '। ЇҐаҐ¤ зЁ ­Ґ¤®бвгЇ­ .
DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „

'г­­Ґ«м­л© ¤ ЇвҐа isatap.{A753AD83-A15A-4286-89C1-B1AFAD065481}:

'®бв®п­ЁҐ б।л. . . . . . . . : '। ЇҐаҐ¤ зЁ ­Ґ¤®бвгЇ­ .
DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : Ђ¤ ЇвҐа Microsoft ISATAP #2
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „

'г­­Ґ«м­л© ¤ ЇвҐа isatap.{A472C93F-6E3B-4BAC-AA72-14F5CAB205DC}:

'®бв®п­ЁҐ б।л. . . . . . . . : '। ЇҐаҐ¤ зЁ ­Ґ¤®бвгЇ­ .
DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : Ђ¤ ЇвҐа Microsoft ISATAP #3
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „

'г­­Ґ«м­л© ¤ ЇвҐа isatap.{C299128C-D39E-4A67-90D3-4920B7AFA04A}:

'®бв®п­ЁҐ б।л. . . . . . . . : '। ЇҐаҐ¤ зЁ ­Ґ¤®бвгЇ­ .
DNS-бгддЁЄб Ї®¤Є«о祭Ёп . . . . . :
ЋЇЁб ­ЁҐ. . . . . . . . . . . . . : Ђ¤ ЇвҐа Microsoft ISATAP #4
"Ё§ЁзҐбЄЁ© ¤аҐб. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ўЄ«о祭. . . . . . . . . . . : ЌҐв
Ђўв®­ бва®©Є ўЄ«о祭 . . . . . . : „
Сервер: google-public-dns-a.google.com
Address: 8.8.8.8

Имя: google.com
Addresses: 173.194.70.101
173.194.70.113
173.194.70.138
173.194.70.102
173.194.70.100
173.194.70.139


ЋЎ¬Ґ­ Ї ЄҐв ¬Ё б google.com [173.194.70.113] б 32 Ў ©в ¬Ё ¤ ­­ле:
ЋвўҐв ®в 173.194.70.113: зЁб«® Ў ©в=32 ўаҐ¬п=66¬б TTL=47
ЋвўҐв ®в 173.194.70.113: зЁб«® Ў ©в=32 ўаҐ¬п=68¬б TTL=47

'в вЁбвЁЄ Ping ¤«п 173.194.70.113:
Џ ЄҐв®ў: ®вЇа ў«Ґ­® = 2, Ї®«г祭® = 2, Ї®вҐап­® = 0
(0% Ї®вҐам)
ЏаЁЎ«Ё§ЁвҐ«м­®Ґ ўаҐ¬п ЇаЁҐ¬ -ЇҐаҐ¤ зЁ ў ¬б:
ЊЁ­Ё¬ «м­®Ґ = 66¬бҐЄ, Њ ЄбЁ¬ «м­®Ґ = 68 ¬бҐЄ, '।­ҐҐ = 67 ¬бҐЄ
Сервер: google-public-dns-a.google.com
Address: 8.8.8.8

Имя: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24


ЋЎ¬Ґ­ Ї ЄҐв ¬Ё б yahoo.com [98.139.183.24] б 32 Ў ©в ¬Ё ¤ ­­ле:
ЋвўҐв ®в 98.139.183.24: зЁб«® Ў ©в=32 ўаҐ¬п=158¬б TTL=47
ЋвўҐв ®в 98.139.183.24: зЁб«® Ў ©в=32 ўаҐ¬п=235¬б TTL=47

'в вЁбвЁЄ Ping ¤«п 98.139.183.24:
Џ ЄҐв®ў: ®вЇа ў«Ґ­® = 2, Ї®«г祭® = 2, Ї®вҐап­® = 0
(0% Ї®вҐам)
ЏаЁЎ«Ё§ЁвҐ«м­®Ґ ўаҐ¬п ЇаЁҐ¬ -ЇҐаҐ¤ зЁ ў ¬б:
ЊЁ­Ё¬ «м­®Ґ = 158¬бҐЄ, Њ ЄбЁ¬ «м­®Ґ = 235 ¬бҐЄ, '।­ҐҐ = 196 ¬бҐЄ
Сервер: google-public-dns-a.google.com
Address: 8.8.8.8

Имя: bleepingcomputer.com
Address: 208.43.87.2


ЋЎ¬Ґ­ Ї ЄҐв ¬Ё б bleepingcomputer.com [208.43.87.2] б 32 Ў ©в ¬Ё ¤ ­­ле:
ЋвўҐв ®в 208.43.87.2: ‡ ¤ ­­л© 㧥« ­Ґ¤®бвгЇҐ­.
ЋвўҐв ®в 208.43.87.2: ‡ ¤ ­­л© 㧥« ­Ґ¤®бвгЇҐ­.

'в вЁбвЁЄ Ping ¤«п 208.43.87.2:
Џ ЄҐв®ў: ®вЇа ў«Ґ­® = 2, Ї®«г祭® = 2, Ї®вҐап­® = 0
(0% Ї®вҐам)

ЋЎ¬Ґ­ Ї ЄҐв ¬Ё б 127.0.0.1 Ї® б 32 Ў ©в ¬Ё ¤ ­­ле:
ЋвўҐв ®в 127.0.0.1: зЁб«® Ў ©в=32 ўаҐ¬п=1¬б TTL=64
ЋвўҐв ®в 127.0.0.1: зЁб«® Ў ©в=32 ўаҐ¬п=1¬б TTL=64

'в вЁбвЁЄ Ping ¤«п 127.0.0.1:
Џ ЄҐв®ў: ®вЇа ў«Ґ­® = 2, Ї®«г祭® = 2, Ї®вҐап­® = 0
(0% Ї®вҐам)
ЏаЁЎ«Ё§ЁвҐ«м­®Ґ ўаҐ¬п ЇаЁҐ¬ -ЇҐаҐ¤ зЁ ў ¬б:
ЊЁ­Ё¬ «м­®Ґ = 1¬бҐЄ, Њ ЄбЁ¬ «м­®Ґ = 1 ¬бҐЄ, '।­ҐҐ = 1 ¬бҐЄ
===========================================================================
'ЇЁб®Є Ё­вҐа䥩ᮢ
11...1c 6f 65 35 74 21 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
18...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
19...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
21...08 00 27 00 a0 c5 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Ђ¤ ЇвҐа Microsoft ISATAP
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Ђ¤ ЇвҐа Microsoft ISATAP #2
15...00 00 00 00 00 00 00 e0 Ђ¤ ЇвҐа Microsoft ISATAP #3
16...00 00 00 00 00 00 00 e0 Ђ¤ ЇвҐа Microsoft ISATAP #4
===========================================================================

IPv4 в Ў«Ёж ¬ аиагв
===========================================================================
ЂЄвЁў­лҐ ¬ аиагвл:
'ҐвҐў®© ¤аҐб Њ бЄ бҐвЁ Ђ¤аҐб и«о§ €­вҐадҐ©б ЊҐваЁЄ
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 276
192.168.1.5 255.255.255.255 On-link 192.168.1.5 276
192.168.1.255 255.255.255.255 On-link 192.168.1.5 276
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.75.0 255.255.255.0 On-link 192.168.75.1 276
192.168.75.1 255.255.255.255 On-link 192.168.75.1 276
192.168.75.255 255.255.255.255 On-link 192.168.75.1 276
192.168.202.0 255.255.255.0 On-link 192.168.202.1 276
192.168.202.1 255.255.255.255 On-link 192.168.202.1 276
192.168.202.255 255.255.255.255 On-link 192.168.202.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.5 276
224.0.0.0 240.0.0.0 On-link 192.168.202.1 276
224.0.0.0 240.0.0.0 On-link 192.168.75.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.5 276
255.255.255.255 255.255.255.255 On-link 192.168.202.1 276
255.255.255.255 255.255.255.255 On-link 192.168.75.1 276
===========================================================================
Џ®бв®п­­лҐ ¬ аиагвл:
'ҐвҐў®© ¤аҐб Њ бЄ Ђ¤аҐб и«о§ ЊҐваЁЄ
174.132.202.108 255.255.255.255 192.168.168.133 1
0.0.0.0 0.0.0.0 192.168.1.1 Џ® 㬮«з ­Ёо
===========================================================================

IPv6 в Ў«Ёж ¬ аиагв
===========================================================================
ЂЄвЁў­лҐ ¬ аиагвл:
ЊҐваЁЄ 'ҐвҐў®© ¤аҐб ˜«о§
1 306 ::1/128 On-link
21 276 fe80::/64 On-link
11 276 fe80::/64 On-link
18 276 fe80::/64 On-link
19 276 fe80::/64 On-link
18 276 fe80::357c:e1d5:797d:eb2f/128
On-link
21 276 fe80::40da:e4a5:69bc:1201/128
On-link
19 276 fe80::7406:3772:9dfc:db69/128
On-link
11 276 fe80::e434:1e31:e8f5:9c6a/128
On-link
1 306 ff00::/8 On-link
21 276 ff00::/8 On-link
11 276 ff00::/8 On-link
18 276 ff00::/8 On-link
19 276 ff00::/8 On-link
===========================================================================
Џ®бв®п­­лҐ ¬ аиагвл:
ЋвбгвбвўгҐв
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 12 C:\Program Files\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/19/2012 06:15:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2012 05:27:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2012 07:23:47 PM) (Source: SideBySide) (User: )
Description: Ошибка создания контекста архивации для "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Ошибка в файле манифеста или политики "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"2" в строке Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"3.
Идентификатор компонента в файле манифеста не соответствует запрошенному идентификатору компонента.
Ссылка - Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Определение - Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Используйте sxstrace.exe для подробной диагностики.

Error: (02/18/2012 07:23:46 PM) (Source: SideBySide) (User: )
Description: Ошибка при создании контекста активации для "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Не найдена зависимая сборка "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"".
Используйте sxstrace.exe для подробной диагностики.

Error: (02/18/2012 07:23:30 PM) (Source: SideBySide) (User: )
Description: Ошибка при создании контекста активации для "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Не найдена зависимая сборка "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"".
Используйте sxstrace.exe для подробной диагностики.

Error: (02/18/2012 07:22:28 PM) (Source: SideBySide) (User: )
Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".
Используйте sxstrace.exe для подробной диагностики.

Error: (02/18/2012 07:21:51 PM) (Source: SideBySide) (User: )
Description: Ошибка создания контекста архивации для "assemblyIdentity1". Ошибка в файле манифеста или политики "assemblyIdentity2" в строке assemblyIdentity3.
Значение "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" атрибута "version" в элементе "assemblyIdentity" недопустимо.

Error: (02/18/2012 02:30:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2012 03:16:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569

Error: (02/18/2012 03:16:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569


System errors:
=============
Error: (02/18/2012 06:11:51 PM) (Source: volsnap) (User: )
Description: Теневая копия тома C: прервана, поскольку не удалось увеличить хранилище теневых копий из-за ограничения, установленного пользователем.

Error: (02/18/2012 01:50:24 PM) (Source: DCOM) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (02/17/2012 00:35:40 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: Микропрограмма платформы разрушила память во время предыдущего изменения режима питания системы. Узнайте о наличии обновлений микропрограммы для системы.

Error: (02/17/2012 11:53:09 AM) (Source: DCOM) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (02/17/2012 11:53:42 AM) (Source: Service Control Manager) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "wuauserv".

Error: (02/17/2012 03:41:19 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Микропрограмма платформы разрушила память во время предыдущего изменения режима питания системы. Узнайте о наличии обновлений микропрограммы для системы.

Error: (02/16/2012 09:03:59 PM) (Source: volsnap) (User: )
Description: Теневая копия тома C: прервана, поскольку не удалось увеличить хранилище теневых копий из-за ограничения, установленного пользователем.

Error: (02/16/2012 09:45:20 AM) (Source: Service Control Manager) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "N360".

Error: (02/16/2012 07:50:59 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Микропрограмма платформы разрушила память во время предыдущего изменения режима питания системы. Узнайте о наличии обновлений микропрограммы для системы.

Error: (02/16/2012 07:48:52 AM) (Source: EventLog) (User: )
Description: Предыдущее завершение работы системы в 7:46:40 на ?16.?02.?2012 было неожиданным.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.0.0)
Языковой пакет расширенной версии Microsoft.NET Framework 4 - RUS (Version: 4.0.30319)
Языковой пакет клиентского профиля Microsoft.NET Framework 4 - RUS (Version: 4.0.30319)
7-Zip 9.20
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61205.2219)
Android SDK Tools (Version: 0.6)
Anki
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.10)
AudioSurf (Version: 1.0)
AutoHotkey 1.0.97.00 (Version: 1.0.97.00)
AutoIt v3.3.8.1
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.1205.2215.39827)
Catalyst Control Center Graphics Previews Common (Version: 2011.1205.2215.39827)
Catalyst Control Center InstallProxy (Version: 2011.1205.2215.39827)
Catalyst Control Center Localization All (Version: 2011.1205.2215.39827)
ccc-utility (Version: 2011.1205.2215.39827)
CCC Help Chinese Standard (Version: 2011.1205.2214.39827)
CCC Help Chinese Traditional (Version: 2011.1205.2214.39827)
CCC Help Czech (Version: 2011.1205.2214.39827)
CCC Help Danish (Version: 2011.1205.2214.39827)
CCC Help Dutch (Version: 2011.1205.2214.39827)
CCC Help English (Version: 2011.1205.2214.39827)
CCC Help Finnish (Version: 2011.1205.2214.39827)
CCC Help French (Version: 2011.1205.2214.39827)
CCC Help German (Version: 2011.1205.2214.39827)
CCC Help Greek (Version: 2011.1205.2214.39827)
CCC Help Hungarian (Version: 2011.1205.2214.39827)
CCC Help Italian (Version: 2011.1205.2214.39827)
CCC Help Japanese (Version: 2011.1205.2214.39827)
CCC Help Korean (Version: 2011.1205.2214.39827)
CCC Help Norwegian (Version: 2011.1205.2214.39827)
CCC Help Polish (Version: 2011.1205.2214.39827)
CCC Help Portuguese (Version: 2011.1205.2214.39827)
CCC Help Russian (Version: 2011.1205.2214.39827)
CCC Help Spanish (Version: 2011.1205.2214.39827)
CCC Help Swedish (Version: 2011.1205.2214.39827)
CCC Help Thai (Version: 2011.1205.2214.39827)
CCC Help Turkish (Version: 2011.1205.2214.39827)
Curse Client (Version: 4.0.1.180)
DAEMON Tools Pro (Version: 4.41.0315.0262)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.07)
DjVuLibre+DjView (Version: 3.5.24+4.7c)
DMIView B8.0717.01 (Version: 1.4)
Dropbox (Version: 1.3.17)
Easy Tune 6 B09.0814.1 (Version: 1.00.0000)
EasySaver B9.0610.1 (Version: 1.00.0000)
EPSON Printer Software
eReg (Version: 1.20.138.34)
Executor v0.99.11b
F.lux
Finam Multi Exchange (Version: 2.19.18.0)
Foxit PDF Editor (Version: 2.2.0.0205)
Foxit Reader (Version: 4.3.1.323)
Fraps (remove only)
Google AdWords Editor (Version: 9.5.1)
Google Chrome (Version: 17.0.963.56)
Google Earth Plug-in (Version: 6.1.0.5001)
[font="arial"]Google Talk (remove only)[/font]
[font="arial"]Google Talk Plugin (Version: 2.6.1.5251)[/font]
[font="arial"]Google Update Helper (Version: 1.3.21.99)[/font]
[font="arial"]Guitar Pro 6[/font]
[font="arial"]Hedgewars (Version: 0.9.15)[/font]
[font="arial"]High-Logic FontCreator 6.5[/font]
[font="arial"]Holdem Manager[/font]
[font="arial"]Intel® Processor ID Utility (Version: 4.41.0000)[/font]
[font="arial"]IntelliJ IDEA 11.0.1 (Version: 111.167)[/font]
[font="arial"]iTunes (Version: 10.5.3.3)[/font]
[font="arial"]Java Auto Updater (Version: 2.1.5.3)[/font]
[font="arial"]Java™ 6 Update 29 (Version: 6.0.290)[/font]
[font="arial"]Java™ 7 Update 2 (Version: 7.0.20)[/font]
[font="arial"]Java™ SE Development Kit 7 Update 2 (Version: 1.7.0.20)[/font]
[font="arial"]JavaFX 2.0.2 (Version: 2.0.2)[/font]
[font="arial"]JavaFX 2.0.2 SDK (Version: 2.0.2)[/font]
[font="arial"]JetBrains PhpStorm 2.1.5 (Version: 107.658)[/font]
[font="arial"]KatMouse (remove only)[/font]
[font="arial"]LastPass (uninstall only)[/font]
[font="arial"]Logitech Gaming Software 5.10 (Version: 5.10.127)[/font]
[font="arial"]Logitech SetPoint 6.20 (Version: 6.20.64)[/font]
[font="arial"]Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)[/font]
[font="arial"]Mathematica Extras 8.0 (2427702) (Version: 8.0.3)[/font]
[font="arial"]Media Player Classic - Home Cinema v1.5.1.2953 (Version: 1.5.1.2953)[/font]
[font="arial"]Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)[/font]
[font="arial"]Microsoft .NET Framework 4 Client Profile RUS Language Pack (Version: 4.0.30319)[/font]
[font="arial"]Microsoft .NET Framework 4 Extended (Version: 4.0.30319)[/font]
[font="arial"]Microsoft .NET Framework 4 Extended RUS Language Pack (Version: 4.0.30319)[/font]
[font="arial"]Microsoft Office 2007 Service Pack 2 (SP2)[/font]
[font="arial"]Microsoft Office 2010 Service Pack 1 (SP1)[/font]
[font="arial"]Microsoft Office Access MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Excel MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Groove MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office InfoPath MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office OneNote MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Outlook MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office PowerPoint MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)[/font]
[font="arial"]Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000)[/font]
[font="arial"]Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Proof (Russian) 2007 (Version: 12.0.6425.1000)[/font]
[font="arial"]Microsoft Office Proof (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Proof (Ukrainian) 2007 (Version: 12.0.6425.1000)[/font]
[font="arial"]Microsoft Office Proof (Ukrainian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Proofing (Russian) 2007 (Version: 12.0.4518.1022)[/font]
[font="arial"]Microsoft Office Proofing (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)[/font]
[font="arial"]Microsoft Office Publisher MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office Shared MUI (Russian) 2007 (Version: 12.0.6425.1000)[/font]
[font="arial"]Microsoft Office Shared MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office SharePoint Designer 2007 (Version: 12.0.6425.1000)[/font]
[font="arial"]Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)[/font]
[font="arial"]Microsoft Office SharePoint Designer MUI (Russian) 2007 (Version: 12.0.6425.1000)[/font]
[font="arial"]Microsoft Office Word MUI (Russian) 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Office профессиональный плюс 2010 (Version: 14.0.6029.1000)[/font]
[font="arial"]Microsoft Silverlight (Version: 4.1.10111.0)[/font]
[font="arial"]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)[/font]
[font="arial"]Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)[/font]
[font="arial"]Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)[/font]
[font="arial"]Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)[/font]
[font="arial"]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)[/font]
[font="arial"]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)[/font]
[font="arial"]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)[/font]
[font="arial"]Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)[/font]
[font="arial"]Microsoft_VC80_CRT_x86 (Version: 1.00.0000)[/font]
[font="arial"]Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)[/font]
[font="arial"]Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)[/font]
[font="arial"]Microsoft_VC90_ATL_x86 (Version: 1.00.0000)[/font]
[font="arial"]Microsoft_VC90_CRT_x86 (Version: 1.00.0000)[/font]
[font="arial"]Microsoft_VC90_MFC_x86 (Version: 1.00.0000)[/font]
[font="arial"]Mobipocket Reader 6.2 (Version: 6.2.608)[/font]
[font="arial"]Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)[/font]
[font="arial"]MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)[/font]
[font="arial"]MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)[/font]
[font="arial"]Norton 360 (Version: 5.2.0.13)[/font]
[font="arial"]Norton Internet Security (Version: 18.5.0.125)[/font]
[font="arial"]NVIDIA PhysX (Version: 9.10.0513)[/font]
[font="arial"]ON_OFF Charge B10.0422.2 (Version: 1.00.0001)[/font]
[font="arial"]Opera 11.61 (Version: 11.61.1250)[/font]
[font="arial"]Oracle VM VirtualBox 4.1.8 (Version: 4.1.8)[/font]
[font="arial"]PostgreSQL 8.3 (Version: 8.3)[/font]
[font="arial"]Punto Switcher 3.2 (Version: 3.2.2.45)[/font]
[font="arial"]Python 2.7 PIL-1.1.7[/font]
[font="arial"]Python 2.7.2 (Version: 2.7.2150)[/font]
[font="arial"]qBittorrent 2.9.0.1[/font]
[font="arial"]QuickTime (Version: 7.71.80.42)[/font]
[font="arial"]Ray Adams ATI Tray Tools[/font]
[font="arial"]Realtek High Definition Audio Driver (Version: 6.0.1.6077)[/font]
[font="arial"]Recuva (Version: 1.40)[/font]
[font="arial"]Revo Uninstaller Pro 2.5.1 (Version: 2.5.1)[/font]
[font="arial"]Skype Click to Call (Version: 5.8.8855)[/font]
[font="arial"]Skype™ 5.5 (Version: 5.5.124)[/font]
[font="arial"]SQLyog 8.80 (Version: 8.80 )[/font]
[font="arial"]Steam (Version: 1.0.0.0)[/font]
[font="arial"]Sublime Text 2 Build 2165[/font]
[font="arial"]Team Fortress 2[/font]
[font="arial"]TeamViewer 6 (Version: 6.0.11117)[/font]
[font="arial"]Tesseract-OCR 3.01 - open source OCR engine[/font]
[font="arial"]TextCatch 3.2.8 (Version: 3.2.8)[/font]
[font="arial"]tools-freebsd (Version: 8.4.6.16648)[/font]
[font="arial"]tools-linux (Version: 8.4.6.16648)[/font]
[font="arial"]tools-netware (Version: 8.4.6.16648)[/font]
[font="arial"]tools-solaris (Version: 8.4.6.16648)[/font]
[font="arial"]tools-windows (Version: 8.4.6.16648)[/font]
[font="arial"]tools-winPre2k (Version: 8.4.6.16648)[/font]
[font="arial"]Total Commander 7.56 PowerPack[/font]
[font="arial"]Type light 3.1.014 (Version: 014)[/font]
[font="arial"]Uniblue RegistryBooster (Version: 6.0.10.7)[/font]
[font="arial"]Update for 2007 Microsoft Office System (KB967642)[/font]
[font="arial"]Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)[/font]
[font="arial"]Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)[/font]
[font="arial"]Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)[/font]
[font="arial"]Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)[/font]
[font="arial"]Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)[/font]
[font="arial"]Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)[/font]
[font="arial"]Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)[/font]
[font="arial"]Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Office 2007 System (KB2539530)[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2494150)[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2553065)[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2553092)[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2566458)[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition[/font]
[font="arial"]Update for Microsoft Outlook Social Connector (KB2583935)[/font]
[font="arial"]Vim 7.3 (self-installing)[/font]
[font="arial"]VMware Workstation (Version: 7.1.4.16648)[/font]
[font="arial"]Windows Media Player Firefox Plugin (Version: 1.0.0.8)[/font]
[font="arial"]Wolfram CDF Player (M-WIN-D 8.0.3 2427703) (Version: 8.0.3)[/font]

[font="arial"]========================= Memory info: ===================================[/font]

[font="arial"]Percentage of memory in use: 79%[/font]
[font="arial"]Total physical RAM: 2046.49 MB[/font]
[font="arial"]Available physical RAM: 425.65 MB[/font]
[font="arial"]Total Pagefile: 8046.49 MB[/font]
[font="arial"]Available Pagefile: 5726.54 MB[/font]
[font="arial"]Total Virtual: 2047.88 MB[/font]
[font="arial"]Available Virtual: 1924.21 MB[/font]

[font="arial"]========================= Partitions: =====================================[/font]

[font="arial"]1 Drive c: © (Fixed) (Total:187.18 GB) (Free:20.33 GB) NTFS[/font]
[font="arial"]2 Drive d: (D) (Fixed) (Total:110.91 GB) (Free:23.8 GB) NTFS[/font]
[font="arial"]3 Drive e: (BARNYARD_PLAY) (CDROM) (Total:1.29 GB) (Free:0 GB) CDFS[/font]
[font="arial"]4 Drive f: (F) (Fixed) (Total:15 GB) (Free:4.77 GB) NTFS[/font]
[font="arial"]5 Drive g: (G) (Fixed) (Total:60 GB) (Free:0.23 GB) NTFS[/font]
[font="arial"]7 Drive v: (H) (Fixed) (Total:74.04 GB) (Free:3.74 GB) NTFS[/font]

[font="arial"]========================= Users: ========================================[/font]

[font="arial"]"зҐв­лҐ § ЇЁбЁ Ї®«м§®ў ⥫Ґ© ¤«п \\ORK[/font]

[font="arial"]
__vmware_user__ vitalik Ђ¤¬Ё­Ёбва в®а
ѓ®бвм
Љ®¬ ­¤ ўлЇ®«­Ґ­ гбЇҐи­®.
[/font]

[font="arial"]**** End of log ****[/font]

[font="arial"]------------------[/font][font="arial"]------------------[/font][font="arial"]------------------[/font][font="arial"]------------------[/font]

[font="arial"]After running MBAM and rebooting the sound-virus did not show up, so maybe the PC is cleaner now.[/font]
[font="arial"]But I still have doubts of full cleanness because last evening after check with ESET the virus also has been silent for several hours and then went completely [/font][font="arial, sans-serif"]frantic barking at me every single minute.[/font]
[font="arial, sans-serif"] [/font]
[font="arial, sans-serif"]Thanks for help, waiting for further instructions.[/font]

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:38 AM

Posted 19 February 2012 - 04:42 PM

Ok, looks like a protected rootkit.

DDS LOG
We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run,it may not, skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 viq

viq
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 20 February 2012 - 08:41 AM

Hi boopme.

I got DDS log and started new topic here: http://www.bleepingcomputer.com/forums/topic443379.html
GMER didnt run too well, but it managed to collect some info (it crashed the system into BSOD basically, some details are in the new topic if you are interested =)

Also, I'm not hearing any 'Congraulations' so far. Perhaps it's too early to say anything regarding performance improvements yet since all I've been able to do with PC was running DDS and GMER so far )

Thanks for your help, boopme.

Pleas advise if/when I can remove all the software installed during checks (particulalry Malwarebytes Anti-Malware, since all the others are just stand-alone executables).

Thanks again =)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:38 AM

Posted 20 February 2012 - 02:52 PM

You're welcome,everything will get removed when the other topic is completed by the Tech there.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users