Jump to content

Malwarebytes

Have Google Redirect Virus - April 2012

- - - - -
Started by flipper202, Apr 04 2012 07:47 PM
google redirect virus disabled AV

35 replies to this topic

#21
Maniac
Posted 09 April 2012 - 12:51 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please manually delete ComboFix and download a new fresh one. Run it and post the log file.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#22
flipper202
Posted 09 April 2012 - 04:47 AM

    New Member

  • Members
  • Pip
  • 19 posts
Goodmorning Maniac,

here is my new combofix log file:


ComboFix 12-04-08.02 - User 09/04/2012 10:29:56.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1083 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp
2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan
2012-03-28 22:54 . 2012-04-09 09:07 -------- d-----w- c:\programdata\SecTaskMan
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43
2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake
2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks
2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild
2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake
2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java
2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java
2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll
2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec
2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 13167656
*NewlyCreated* - 1708232DRV
*NewlyCreated* - ASWMBR
*NewlyCreated* - KXLDAPOB
*Deregistered* - aswMBR
*Deregistered* - kxldapob
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(8048)
c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-04-09 10:43:11
ComboFix-quarantined-files.txt 2012-04-09 09:43
ComboFix2.txt 2012-04-06 15:37
.
Pre-Run: 415,288,967,168 bytes free
Post-Run: 415,231,205,376 bytes free
.
- - End Of File - - 8929F39A66A975EBC5F2EFDC585BAB94

#23
Maniac
Posted 09 April 2012 - 07:38 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU
How are things running now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#24
flipper202
Posted 09 April 2012 - 07:44 AM

    New Member

  • Members
  • Pip
  • 19 posts
Yeah, the sneaky thing is still there. In IE, still redirects on google results and won't let me run the Windows Security Center.

Would it be better to re-run some of these processes in safe mode or with RKill?

#25
Maniac
Posted 09 April 2012 - 07:47 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU
No, in Safe mode they not working as should.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#26
flipper202
Posted 09 April 2012 - 06:09 PM

    New Member

  • Members
  • Pip
  • 19 posts
Maniac,

Please see the log below:


MiniToolBox by Farbar Version: 18-01-2012
Ran by User (administrator) on 10-04-2012 at 00:06:46
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 1000 BGN = Wireless Network Connection 2 (Connected)
Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : User-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-19-D5-15-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 00-1E-64-29-4E-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bc1c:259c:9149:fb51%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 06 April 2012 19:43:37
Lease Expires . . . . . . . . . . : 10 April 2012 15:29:45
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 335552100
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-BC-91-0E-00-26-2D-70-52-B7
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-2D-70-52-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{19D515E1-851B-4B8B-B932-FED1713FC829}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1498:1d9f:a13d:9821(Preferred)
Link-local IPv6 Address . . . . . : fe80::1498:1d9f:a13d:9821%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1CAC04CD-6190-4548-83B7-7D9E69D64440}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.34.164
173.194.34.161
173.194.34.162
173.194.34.168
173.194.34.163
173.194.34.169
173.194.34.166
173.194.34.165
173.194.34.160
173.194.34.167
173.194.34.174


Pinging google.com [173.194.34.104] with 32 bytes of data:
Reply from 173.194.34.104: bytes=32 time=23ms TTL=57
Reply from 173.194.34.104: bytes=32 time=24ms TTL=57

Ping statistics for 173.194.34.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 24ms, Average = 23ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=145ms TTL=54
Reply from 209.191.122.70: bytes=32 time=145ms TTL=54

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 145ms, Maximum = 145ms, Average = 145ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 ff 19 d5 15 e1 ......TAP-Win32 Adapter V9
13...00 1e 64 29 4e 76 ......Intel® WiFi Link 1000 BGN
10...00 26 2d 70 52 b7 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 281
192.168.1.65 255.255.255.255 On-link 192.168.1.65 281
192.168.1.255 255.255.255.255 On-link 192.168.1.65 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:1498:1d9f:a13d:9821/128
On-link
13 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::1498:1d9f:a13d:9821/128
On-link
13 281 fe80::bc1c:259c:9149:fb51/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/09/2012 11:22:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/09/2012 11:22:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/09/2012 11:21:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (04/09/2012 11:20:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/09/2012 11:19:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/07/2012 02:20:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (04/07/2012 02:20:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/07/2012 02:19:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/05/2012 11:46:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.8.0.158, time stamp: 0x4f4de709
Faulting module name: Skype.exe, version: 5.8.0.158, time stamp: 0x4f4de709
Exception code: 0xc0000005
Fault offset: 0x001e4f47
Faulting process id: 0xba8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (04/05/2012 10:31:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.


System errors:
=============
Error: (04/10/2012 00:06:35 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/10/2012 00:01:25 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:56:15 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:51:05 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:45:55 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:40:45 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:35:35 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:30:25 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:25:15 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.

Error: (04/09/2012 11:20:05 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65.
The computer with the IP address 192.168.1.66 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Apple Software Update (Version: 2.1.1.116)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36)
BlackBerry Device Software Updater (Version: 6.0.1.37)
Broadcom 802.11 Wireless LAN Adapter (Version: 4.10.47.0)
Broadcom Wireless Utility (Version: 4.10.47.0)
Cisco EAP-FAST Module (Version: 2.2.14)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.8)
Dropbox (Version: 1.3.34)
DVD43 v4.6.0
Google Chrome (Version: 18.0.1025.151)
GStreamer WinBuilds 0.10.6 (GPL) (Version: 0.10.6)
HandBrake 0.9.6 (Version: 0.9.6)
HP MediaSmart Server 3.0 Update 1 (Version: 3.0.14.33080)
HP Update (Version: 4.000.011.006)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Lightworks (Version: 10.0.35.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
Nitro Reader 2 (Version: 2.2.1.14)
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.62.14.0)
Skype Click to Call (Version: 5.9.9216)
Skypeâ„¢ 5.8 (Version: 5.8.158)
Spotify (Version: 0.8.2.610.g090a06f8)
TunnelBear 1.0.29 (Version: 1.0.29)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139) (Version: 10/07/2010 13.4.0.139)
Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6) (Version: 10/27/2011 14.3.0.6)
Windows Home Server Connector (Version: 6.0.3436.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

========================= Devices: ================================

Name: catchme
Description: catchme
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: catchme
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 1978.79 MB
Available physical RAM: 1198.13 MB
Total Pagefile: 4212.32 MB
Available Pagefile: 2832.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:385.96 GB) NTFS
2 Drive d: (MTD0EUF1 ) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\USER-PC

Administrator Guest Mcx1-USER-PC
User

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#27
Maniac
Posted 10 April 2012 - 10:11 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU
Any progress?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#28
flipper202
Posted 10 April 2012 - 04:48 PM

    New Member

  • Members
  • Pip
  • 19 posts
Google seems to be fine now. Ran a couple searches and didn't send me to some weird ad pages.

Only problem is that I still can't turn on Windows Security Center and it won't let me run a scan of Microsoft Security Essentials. Should I re-install them?

#29
Maniac
Posted 11 April 2012 - 01:29 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU

Quote

Only problem is that I still can't turn on Windows Security Center and it won't let me run a scan of Microsoft Security Essentials. Should I re-install them?

Maybe we should proceed with that, but let's check another thing before.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#30
flipper202
Posted 11 April 2012 - 02:57 AM

    New Member

  • Members
  • Pip
  • 19 posts
Maniac,

Seems like I just have to re-enable Windows Security Center. Here is the log:


Farbar Service Scanner Version: 01-03-2012
Ran by User (administrator) on 11-04-2012 at 08:55:25
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#31
Maniac
Posted 11 April 2012 - 04:51 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please try to manually start wscsvc Service.
http://www.sevenforu...rt-disable.html
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#32
flipper202
Posted 12 April 2012 - 02:48 AM

    New Member

  • Members
  • Pip
  • 19 posts
Hey Maniac,

I think it worked! I can restart Windows Security Center and Microsoft Security Essentials. Google seems to be sending me to the right place as well.

Thank you!

Alex

#33
Maniac
Posted 12 April 2012 - 05:15 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU
Please make sure your Microsoft Security Essentials is updated and perform a full system scan. Let me know, Alex.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#34
flipper202
Posted 14 April 2012 - 04:00 AM

    New Member

  • Members
  • Pip
  • 19 posts
Hey Maniac,

Ran a full scan and everything looks fine. :) Thank you again for all your help

#35
Maniac
Posted 14 April 2012 - 04:34 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,117 posts
  • Gender:Male
  • Location:Bulgaria, EU
Glad I could help, Alex! :)

Please uninstall ComboFix:
www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS, aswMBR, GMER, Kaspersky AVP, MiniToolBox and Farbar Service Scanner.

Some malware prevention tips:
http://forums.malwar...=0


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#36
Maurice Naggar
Posted 14 April 2012 - 10:00 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us