Computer bogging

**zep516** · 06-17-2012 07:51 AM

Kingsoft is still listed in C: Program files

Right click on the folder and choose delete.

Did you set these

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local

Do you know what they are?

A proxy server allows you to reach a Web site or other Internet location even when direct access is blocked in your country or by your ISP.

The 04 entries as shown in the Hijackthis log are registry run keys, those programs start every time you boot windows, they can cause slow boot times and use up available ram. These are optional fixes, I suggest you check them as well!

Again do a system scan only place a check mark in the following entries in bold

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI0498~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe"

Click Fix check
Close Hijackthis.
Reboot

Next

Clean out your temporary internet files and temp files.

Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Again post a fresh log so we / you can see those entries are gone.

Is the computer running any better? Are there problems still.

**jerabel** · 06-19-2012 07:15 PM

Thanks Joe,

TFC was in conflict with Avast and Malwarebites so i ran CCleaner instead, looks like some things keep reappearing in the Log.

I also opened up the case and cleansed up the cooling and cpu fans and sinks, that seemed to helpout with the bogging a bit.

Jerabel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:00 AM, on 20/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1253800399031
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI0498~1\Datamngr\datamngr.dll C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1ca40f79efbb038) (gupdate1ca40f79efbb038) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 9455 bytes

**zep516** · 06-19-2012 07:54 PM

Hi,

Are you still getting "Redirects" ?

TFC was in conflict with Avast and Malwarebites

What do you mean here? Was there an error produced?

Please run this......and post the results.

Please download MiniToolBox http://download.bleepingcomputer.com...iniToolBox.exe and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (Only Problems)

Click Go and post the result.

**jerabel** · 06-21-2012 05:59 AM

Hey Joe,

TFC would try to start it's run, then Avast would arc up and stop it, so i off'd the real time protect, tried again, OK, but then MWBites did the same, but it was'nt clear how to off protection so i used CClean.

No more redirects.

the user of the machine is happy with it

do u think that its clear enough to put back into service,

Jerabel

MiniToolBox by Farbar Version: 09-06-2012
Ran by Jerabel (administrator) on 21-06-2012 at 18:36:24
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 192.168.0.1:8080

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 reg.sorensonmedia.com
127.0.0.1 reg.sorensonmedia.com
127.0.0.1 reg.sorensonmedia.com
127.0.0.1 reg.sorensonmedia.com
127.0.0.1 reg.sorensonmedia.com
127.0.0.1 reg.sorensonmedia.com
127.0.0.1 reg.sorensonmedia.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

There are 15226 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : jerabel-pc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-24-1D-27-5C-3D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Thursday, 21 June 2012 9:05:01 AM

Lease Expires . . . . . . . . . . : Friday, 22 June 2012 9:05:01 AM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 203.59.140.177, 203.59.140.170, 203.59.140.174, 203.59.140.181
203.59.140.146, 203.59.140.184, 203.59.140.153, 203.59.140.156, 203.59.140.160
203.59.140.163, 203.59.140.167, 203.59.140.149

Pinging google.com [203.59.140.160] with 32 bytes of data:

Reply from 203.59.140.160: bytes=32 time=15ms TTL=60

Reply from 203.59.140.160: bytes=32 time=15ms TTL=60

Ping statistics for 203.59.140.160:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 15ms, Average = 15ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=280ms TTL=52

Reply from 209.191.122.70: bytes=32 time=280ms TTL=52

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 280ms, Maximum = 280ms, Average = 280ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 1d 27 5c 3d ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.5 192.168.0.5 20
192.168.0.0 255.255.255.0 192.168.0.5 192.168.0.5 10
192.168.0.5 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.5 192.168.0.5 10
224.0.0.0 240.0.0.0 192.168.0.5 192.168.0.5 10
255.255.255.255 255.255.255.255 192.168.0.5 192.168.0.5 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/17/2012 02:22:18 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/15/2012 09:34:11 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80004005previous uninstall incomplete4.0.1526.00security essentialsNILNILNIL

Error: (06/15/2012 09:33:52 PM) (Source: Application Hang) (User: )
Description: Hanging application Setup.exe, version 4.0.1526.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/15/2012 08:12:07 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0passthrough1.1.8403.0fixed2 _ 2049+5 _ not bootNILNILNIL

Error: (06/15/2012 08:12:01 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8403.0fixed2 _ 2049+5 _ not bootNILNILNIL

Error: (06/15/2012 08:11:56 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry2152759308unspecifiedscanfile4.0.1526.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (06/15/2012 08:11:47 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8403.0fixed2 _ 2049+5 _ not bootNILNILNIL

Error: (06/15/2012 08:11:32 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8403.0fixed2 _ 2049+5 _ not bootNILNILNIL

Error: (06/14/2012 07:42:49 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/14/2012 07:42:49 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (06/20/2012 09:04:59 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.5 for the Network Card with network address 00241D275C3D has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The Crypkey License service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/18/2012 09:53:08 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2012 09:43:56 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (05/28/2012 01:46:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52972 seconds with 3480 seconds of active time. This session ended with a crash.

Error: (04/26/2012 01:38:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 240 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/26/2012 01:33:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13195 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/18/2012 11:49:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 210081 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (01/09/2012 09:34:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 325867 seconds with 2280 seconds of active time. This session ended with a crash.

Error: (11/28/2011 11:54:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 88673 seconds with 540 seconds of active time. This session ended with a crash.

Error: (10/14/2011 03:23:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 68541 seconds with 960 seconds of active time. This session ended with a crash.

Error: (02/15/2011 08:29:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8940 seconds with 2040 seconds of active time. This session ended with a crash.

Error: (03/10/2010 07:27:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/14/2010 03:16:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15520 seconds with 0 seconds of active time. This session ended with a crash.

=========================== Installed Programs ============================

123 Cheese (Version: 123 Cheese 2.5.7)
3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
7-Zip 4.60 beta
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Color Video Profiles AE CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe Encore CS4 (Version: 4)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS (Version: CS)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Dolby (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files CS4 (Version: 2.0)
Adobe OnLocation CS4 (Version: 4)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Photoshop Lightroom 2.2 (Version: 2.2)
Adobe Premiere Pro CS4 (Version: 4)
Adobe Premiere Pro CS4 Functional Content (Version: 4)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced IP Scanner v1.5
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 3.1.3)
avast! Free Antivirus (Version: 7.0.1426.0)
BitLord 1.1 (Version: 1.1)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite (Version: 1.00)
Browser Configuration Utility (Version: 1.0.4.9)
Canon Utilities EOS Utility (Version: 2.9.0.0)
CCleaner (Version: 3.19)
Connect (Version: 1.0.0.1)
Duocast Plugin (Version: 1.0.1.7)
e-tax 2009 (Version: 1.0.0.0)
e-tax 2011 (Version: 11.1.704)
EaseUS Data Recovery Wizard Free Edition 5.5.1
EASEUS Partition Master 8.0.1 Home Edition
Energy Saver Advance B8.1015.1 (Version: 1.10.0000)
ffdshow [rev 2033] [2008-07-05] (Version: 1.0)
FileZilla Client 3.5.3 (Version: 3.5.3)
FlipShare (Version: 5.8.11.0)
Google Chrome (Version: 19.0.1084.56)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.874 (Version: 5.1.0.874)
HijackThis 2.0.2 (Version: 2.0.2)
Imaginate
iTunes (Version: 10.5.0.142)
Java(TM) 6 Update 11 (Version: 6.0.110)
kuler (Version: 2.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Matrix 6.0 (Version: 6.0.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.0.0.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam (Version: 2.7.569.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 8.0 Support DLLs (Version: 1.0.0)
MiniTool Power Data Recovery
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Nero 7 Essentials (Version: 7.03.1055)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.0.2.0)
Nokia Flashing Cable Driver (Version: 8.23.0.0)
Nokia Software Updater (Version: 01.04.056.35267)
NVIDIA Drivers (Version: 1.3)
NVIDIA PhysX (Version: 9.09.0203)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
One-click Ringtone Converter (Version: 2.6.0)
ooVoo (Version: 3.5.1071)
PaperPort (Version: 9.02.0827)
Pazera Free MOV to AVI Converter 1.4 (Version: 1.4)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 5.10.0.5672)
Remote Administrator v2.1
Revo Uninstaller Pro 2.5.8 (Version: 2.5.8)
Ringtone Expressions 1.5.0 (Version: 1.5.0)
SaveVid Plug-in (Version: 2.0.0.355)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Smart Defrag (Version: 1.4.5)
SmartFTP Client (Version: 4.0.1072.0)
SmartFTP Client 4.0 Setup Files (remove only) (Version: 4.0)
Sony DVD Architect 2.0 (Version: 2.0.94)
Sorenson Squeeze 6.0 (Version: 6.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Suite Shared Configuration CS4 (Version: 1.0)
SUPERAntiSpyware (Version: 5.1.1002)
TeamViewer 6 (Version: 6.0.10722)
TorrentMan Toolbar (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
uTorrentControl2 Toolbar (Version: 6.8.5.1)
VCRedistSetup (Version: 1.0.0)
Vegas Pro 9.0 (Version: 9.0.772)
VLC media player 1.0.1 (Version: 1.0.1)
Vuze (Version: 4.7)
Vuze Remote Toolbar (Version: 6.8.5.1)
WBFS Manager 3.0 (Version: 3.0)
WD SmartWare (Version: 1.2.0.20)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Savevid Toolbar (Version: 3.0.0.119169)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3326.42 MB
Available physical RAM: 2143.44 MB
Total Pagefile: 5210.61 MB
Available Pagefile: 3655.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.5 GB) (Free:264.02 GB) NTFS
4 Drive e: (Elements) (Fixed) (Total:111.76 GB) (Free:11.5 GB) FAT32

========================= Users: ========================================

User accounts for \\JERABEL-PC

Administrator Guest HelpAssistant
Jerabel SUPPORT_388945a0

**** End of log ****

**zep516** · 06-21-2012 04:58 PM

do u think that its clear enough to put back into service,

Administrator Guest HelpAssistant
Jerabel SUPPORT_388945a0

What type of office setting is this computer located in? What is the machine used for on a daily basis?

**jerabel** · 06-21-2012 07:22 PM

Sorry Joe,

when i said "back into service" i meant let my wife put back external drives etc

the machine is used as a home office only with some graphic design, movie downloads, social networking, definately non comercial.

Jerabel

**zep516** · 06-21-2012 08:03 PM

No problem!

Lets run a final scan and that's it. Post the log report. This scan may take some time.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on: (Selecting Uninstall application on close if you so wish)

**jerabel** · 06-22-2012 09:49 PM

Hello Joe,

ESET said it found 25 threats

Jerabel

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6488aafd5b7743479afd1c02f5e05ac3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-23 02:34:30
# local_time=2012-06-23 10:34:30 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 739974 739974 0 0
# compatibility_mode=8192 67108863 100 0 44961 44961 0 0
# scanned=257637
# found=25
# cleaned=0
# scan_time=4503
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\Desktop\BestVideoDownloaderSetup-Silent.exe probably a variant of Win32/Adware.LWFCI application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\cr-ytd01\keygen.exe a variant of Win32/Keygen.CX application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\Downloads\cnet2_Pazera_Free_MOV_to_AVI_Converter_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\Gemvision Matrix 3D 6.0 SR2\Crack Matrix v60 Update 2009-03-17 601\M\m60run.exe probably a variant of Win32/Agent.BLZPBVQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\Gemvision Matrix 3D 6.0 SR2\Rhinoceros SR5\RHINO 4 SR5_Crk.exe a variant of Win32/HackTool.Patcher.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\LimeWire\Incomplete\Preview-T-5872025-chokin ’ on the dust.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\My Music\Music\Shared\by time i get to phoenix glen (256k 44800).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\My Music\Music\Shared\get ready temptations (high bitrate).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\My Music\Music\Shared\i love you because jim reeves (high bitrate).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\My Music\Music\Shared\Air Supply\Air Supply - Lost in love.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerabel\My Documents\ori software\WLM 2009\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Matrix60\m60run.exe probably a variant of Win32/Agent.BLZPBVQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Radmin\AdmDll.dll Win32/RemoteAdmin application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Radmin\raddrv.dll Win32/RemoteAdmin application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Trend Micro\HijackThis\backups\backup-20120618-093438-411.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Savevid Toolbar\del_DM_DLL_75.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Savevid Toolbar\del_DM_EXE_40.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Savevid Toolbar\del_IEBHO_66.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Savevid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Savevid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I

**zep516** · 06-22-2012 09:53 PM

Ok. I set the scan not to remove anything. Let me review it for you.

Thanks for posting that.

Joe

**jerabel** · 06-22-2012 09:54 PM

Sorry Joe,

After looking through that log i've realized that i didnt check the Scan Archives option

Should i re-scan

Jerabel

Thread: Computer bogging

LinkBack

Thread Tools