Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

:-( Google Chrome Redirect Virus... please help


  • This topic is locked This topic is locked
8 replies to this topic

#1 Dom E.

Dom E.

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 31 October 2011 - 12:51 PM

Hi Guys,

This is my first post and I was recommended by a friend who said that I would definitely be able to get help here. I apologize if I'm not suppose to post in here since I'm new and haven't posted anything yet. I just don't know what else to do.

About a month ago or maybe even longer I would notice that sometimes when I would click on a link while searching with Google it would redirect me to a totally different page having nothing to do with my search inquiry. However, I thought nothing of it... until recently. Now, every single time I put a search in with Google, Bing or even Yahoo it redirects me to Scour.com and sometimes to get-answers-fast.com. And while the redirect is loading it says "loading www.crackajacksearch.com" on the bottom left hand side of the screen and then goes straight to Scour.com. Not only is this annoying and frustrating, but I have learned that it can potentially be very harmful to my computer if I don't do anything about it. I have no idea how I have gotten this virus/malware/adwar on my PC.

The browser I currently use is Google Chrome and I am using "Webroot with Spysweeper" for my security/anti virus software. Also, I am running Windows 7, 64 bit on a HP laptop. Webroot does not pick it up and says that my computer is protected and running fine. I have also researched this virus (by right clicking a search link and choosing open in new window, and sometimes that dosen't even work) via blogs, forums, etc. and read that these recommendations should work:

"Your computer is infected by the so-called 'google redirect' virus. Here's how to remove it:

1. Reset your HOSTS file to make sure that everything's normal and that there are no unwanted entries there:
http://support.microsoft.com/kb/972034

2. Check your computer's TCP/IP and DNS settings:
a. Click on Control Panel > Internet Options > Connections > LAN Settings. Make sure that only the "Automatically detect settings" box is marked. The rest (including the Proxy Server) should be left unmarked.

If you are also using another browser like Firefox, click on the orange Firefox tab > Options > Advanced > Network > Connection Settings. Select No Proxy.

b. If you have Vista or 7, click Start and type "network and sharing center" (w/o the quotes) and hit Enter. Click on Local Area Connection > Properties. Scroll down and click on TCP/IPv4.

If you have XP, click on Control Panel > Network and Internet Connections > Network Connections. Right click on Local Area Connection. Under General tab, select TCP/IP.

Click Properties. Under the General tab, select "Obtain an IP address automatically" and "Obtain DNS server address automatically". Click on OK to close.

3. If you have a router, check its IP and DNS settings also. They should be set to 'Dynamically/Automatically obtain from the ISP' unless your ISP has some specific requirements. Consult your user's manual for setting the router.

4. Run the following programs in the exact order:
http://support.kaspersky.com/viruses/sol…
http://www.bleepingcomputer.com/download… (which is RKill)
http://www.malwarebytes.org/products/mal…
"

I followed these instructions and saved the report logs... Malwarebytes said it found 3 infections and I removed them, but that didn't work. I don't know what else to do.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:08 AM

Posted 31 October 2011 - 01:03 PM

Hello, for some reason the links do not work for me. Let's see if this works.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please post the MBAM log
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

[color="#008000"] Note:
When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dom E.

Dom E.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 31 October 2011 - 01:56 PM

Thank you so much for helping me with this. However, I am currently not on my infected computer. I am on a office work computer at the present moment. I will follow your instructions once I get home.

I can answer the question you asked me about which browser I use. I use Google Chrome. I don't even have Firefox installed.

Thank you again, I'll send my reply later this evening.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:08 AM

Posted 31 October 2011 - 03:03 PM

You're welcome. I'll look for your reply later then,

Are you on a router? Are other machines on it,if so are they redirecting?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Dom E.

Dom E.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 31 October 2011 - 06:23 PM

Ok... to answer your questions, yes, I'm on a router. There is another computer on this router but it's not redirecting and is not infected.

Here are the reports from the other malware removal software that I have tried before coming to this forum:

This the report from 10bit Malware Fighter:

IObit Malware Fighter

OS: Windows 7
Version: 1.2.0.16
Define Version: 1074
Time Elapsed: 00:44:55
Objects Scanned: 83510
Threats Found: 15
Save Time: 10/30/2011 12:21:08 PM

|Name|Type|Description|ID|
Trojan.Dropper - Quarantined, FILE, C:\Users\Owner\AppData\Local\Temp\Webroot\Install\WISE_BESTBUY_NORMAL_EN_framework_resources.dll, 4102484
Trojan.Generic - Quarantined, FILE, C:\SwSetup\ESUW7\EXE_ESU.exe, 4073794
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\ESUW7\EXE_ESU_Silent.exe, 4087792
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\Drivers\MyWLAN3\Intel\Win7\S32\Install\Lang\SetupELL.dll, 4089980
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\Drivers\MYWIMAXS\Intel\XP\x32\Install\Lang\SetupESN.dll, 4089980
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\Drivers\MYWIMAXS\Intel\XP\x32\Install\Lang\SetupFRA.dll, 4089980
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\Drivers\MYWIMAXS\Intel\Win7\s32\Install\Lang\SetupESN.dll, 4089980
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\Drivers\MYWIMAXS\Intel\Win7\s32\Install\Lang\SetupFRA.dll, 4089980
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\Drivers\MYWIMAXS\Intel\Vista\v32\Install\Lang\SetupESN.dll, 4089980
Trojan.Dropper - Quarantined, FILE, C:\SwSetup\Drivers\MYWIMAXS\Intel\Vista\v32\Install\Lang\SetupFRA.dll, 4089980
Misleading.QuestScan - Delete, FOLDER, C:\Program Files (x86)\QuestScan, 303439
Misleading.QuestScan - Deleted, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan, 2012762
Misleading.QuestScan - Deleted, REG, HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan, 2012763
Misleading.QuestScan - Deleted, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan, 2013014
Misleading.QuestScan - Deleted, REG, HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan, 2013015

This is the report from Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8048

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/30/2011 10:47:28 PM
mbam-log-2011-10-30 (22-47-28).txt

Scan type: Full scan (C:\|D:\|G:\|Q:\|)
Objects scanned: 433080
Time elapsed: 57 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\assembly\tmp\U\800000c0.@ (Trojan.Agent) -> Quarantined and deleted successfully.

And this is the report from Rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 10/30/2011 at 21:07:48.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe


Rkill completed on 10/30/2011 at 22:26:21.


------------------------------------------------------------------


I scaned my computer with TDSSKiller and it did not find any threats at all.

And here is the Minitoolbox report log:

MiniToolBox by Farbar
Ran by Owner (administrator) on 31-10-2011 at 19:13:26
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-1D-BA-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-23-15-B0-E3-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-15-B0-E3-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 00-23-15-B0-E3-F8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4460:776a:fb09:999d%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, October 31, 2011 6:18:01 PM
Lease Expires . . . . . . . . . . : Tuesday, November 01, 2011 6:18:01 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 318776085
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-56-F9-60-98-4B-E1-8F-FA-3F
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.237.161.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{8BCDBFEF-C18C-4A87-90FA-69F779435BED}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A618024B-7236-4D2C-8AC3-462E233BD605}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D110A0CD-5CA3-43D6-BD01-BD5580832DB8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:ce2:3721:9d8b:f4a8(Preferred)
Link-local IPv6 Address . . . . . : fe80::ce2:3721:9d8b:f4a8%18(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging google.com [74.125.226.112] with 32 bytes of data:
Reply from 74.125.226.112: bytes=32 time=12ms TTL=250
Reply from 74.125.226.112: bytes=32 time=12ms TTL=250

Ping statistics for 74.125.226.112:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 12ms, Average = 12ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=22ms TTL=53
Reply from 67.195.160.76: bytes=32 time=25ms TTL=53

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 25ms, Average = 23ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...64 d4 da 1d ba b4 ......Intel® Centrino® WiMAX 6250
14...00 23 15 b0 e3 f9 ......Microsoft Virtual WiFi Miniport Adapter #2
13...00 23 15 b0 e3 f9 ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 15 b0 e3 f8 ......Intel® Centrino® Advanced-N 6250 AGN
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:ce2:3721:9d8b:f4a8/128
On-link
12 281 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::ce2:3721:9d8b:f4a8/128
On-link
12 281 fe80::4460:776a:fb09:999d/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 mswsock.dll [File Not found] ()
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 mswsock.dll [File Not found] ()
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/31/2011 07:11:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86a596
Exception code: 0xc0000005
Fault offset: 0x000000000000cfb7
Faulting process id: 0x1b98
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/31/2011 06:55:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_0_1.ocx, version: 11.0.1.152, time stamp: 0x4e7d19c2
Exception code: 0xc0000005
Fault offset: 0x0000000000557c3f
Faulting process id: 0x13d0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/31/2011 06:37:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86a596
Exception code: 0xc0000005
Fault offset: 0x0000000000028754
Faulting process id: 0x15cc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/31/2011 06:21:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c
Exception code: 0xe06d7363
Fault offset: 0x000000000000cacd
Faulting process id: 0x1714
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/31/2011 07:46:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86a596
Exception code: 0xc0000005
Fault offset: 0x0000000000028754
Faulting process id: 0xb34
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/30/2011 09:35:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86a596
Exception code: 0xc0000005
Fault offset: 0x00000000003a859a
Faulting process id: 0x160c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/30/2011 09:19:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86a596
Exception code: 0xc0000005
Fault offset: 0x00000000003f7c2d
Faulting process id: 0x1a24
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/30/2011 08:43:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86a596
Exception code: 0xc0000005
Fault offset: 0x0000000000028754
Faulting process id: 0x1a28
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/30/2011 08:33:30 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ff8

Start Time: 01cc97631d0b6744

Termination Time: 34

Application Path: C:\Windows\Explorer.EXE

Report Id: ec5c83d1-0357-11e1-b2f7-a6b84ae547be

Error: (10/30/2011 08:28:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_0_1.ocx, version: 11.0.1.152, time stamp: 0x4e7d19c2
Exception code: 0xc0000005
Fault offset: 0x00000000001d7125
Faulting process id: 0xc6c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (10/31/2011 06:40:50 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:40:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:40:42 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:40:42 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:21:01 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:21:01 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:21:01 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:20:47 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (10/31/2011 06:20:11 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (10/31/2011 06:19:58 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1070


Microsoft Office Sessions:
=========================
Error: (10/31/2011 07:11:13 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.176994e86a596c0000005000000000000cfb71b9801cc98224bff306cC:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dlla0314e45-0415-11e1-a245-c74935b28786

Error: (10/31/2011 06:55:11 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_11_0_1.ocx11.0.1.1524e7d19c2c00000050000000000557c3f13d001cc981fd66dc370C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_0_1.ocx62cd0244-0413-11e1-a245-c74935b28786

Error: (10/31/2011 06:37:39 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.176994e86a596c0000005000000000002875415cc01cc981d99b8d6d7C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dllefbb9638-0410-11e1-a245-c74935b28786

Error: (10/31/2011 06:21:22 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.176514e21213ce06d7363000000000000cacd171401cc981b4e807a4dC:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dlla9a380d5-040e-11e1-a245-c74935b28786

Error: (10/31/2011 07:46:53 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.176994e86a596c00000050000000000028754b3401cc97c29d7ba270C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll06af62c1-03b6-11e1-afa0-ecc320029886

Error: (10/30/2011 09:35:52 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.176994e86a596c000000500000000003a859a160c01cc976d4bc5ed81C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dllab147e03-0360-11e1-b2f7-a6b84ae547be

Error: (10/30/2011 09:19:29 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.176994e86a596c000000500000000003f7c2d1a2401cc976b0c5590d3C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll609fa37f-035e-11e1-b2f7-a6b84ae547be

Error: (10/30/2011 08:43:38 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.176994e86a596c000000500000000000287541a2801cc97660d2b800dC:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll5f1369cf-0359-11e1-b2f7-a6b84ae547be

Error: (10/30/2011 08:33:30 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567ff801cc97631d0b674434C:\Windows\Explorer.EXEec5c83d1-0357-11e1-b2f7-a6b84ae547be

Error: (10/30/2011 08:28:02 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_11_0_1.ocx11.0.1.1524e7d19c2c000000500000000001d7125c6c01cc97637e54f159C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_0_1.ocx30e46446-0357-11e1-b2f7-a6b84ae547be


=========================== Installed Programs ============================

µTorrent (Version: 2.2.1)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader 9.4.6 MUI (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
CyberLink DVD Suite (Version: 7.0.3320)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Fences Pro (Version: 1.0.1.312)
Fences Pro (Version: 1.0.1.312.19219)
Final Drive Nitro (Version: 2.2.0.95)
FL Studio 10
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.2.0.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Game Console
HP Games (Version: 1.0.1.5)
HP MediaSmart DVD (Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (Version: 4.2.4604)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart Webcam (Version: 4.2.3303)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.9.0)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.2.3)
HP Quick Launch (Version: 2.4.4)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP SimplePass Identity Protection (Version: 5.20.205)
HP Software Framework (Version: 4.1.8.1)
HP Support Assistant (Version: 6.0.5.4)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (Version: 1.0.6292.0)
IL Download Manager
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Intel® Wireless Display (Version: 1.2.21.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 29 (Version: 6.0.290)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3220)
LightScribe System Software (Version: 1.18.18.1)
Magic Audio Converter v8.3.2
Magic Audio Recorder v5.4.0 (Version: 5.4.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MixMeister CD-R Drivers (Version: 3.54.26.1)
MixMeister Fusion + Video 7.0.5
Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MTV Music Generator
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Norton Online Backup (Version: 2.1.17869)
PDF Settings CS5 (Version: 10.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.7717)
PictureMover (Version: 3.5.0.33)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4419)
PowerDirector (Version: 8.0.3320)
PowerISO (Version: 4.7)
QuickTime (Version: 7.70.80.34)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recovery Manager (Version: 5.5.3223)
RoxioNow Player (Version: 1.9.5.101)
SmartFTP Client (Version: 2.5.1006.10)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Validity Sensors DDK (Version: 4.1.139.0)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Webroot Software (Version: 7.0.6.38)
Wheel of Fortune 2 (Version: 2.2.0.95)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3893.86 MB
Available physical RAM: 2260.34 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 5890.37 MB
Total Virtual: 4095.88 MB
Available Virtual: 3989.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:436.37 GB) (Free:288.57 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:29.1 GB) (Free:4.27 GB) NTFS
5 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
7 Drive z: (HP CloudDrive) (Removable) (Total:2 GB) (Free:2 GB) FAT32

========================= Users: ========================================

User accounts for \\OWNER-HP

Administrator Guest Owner

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:08 AM

Posted 31 October 2011 - 09:51 PM

Hello. I asked that to see if the router was infected,but as the other is not redirecting it is clean.
I meant to ask if you did perform the steps in the first post.

As I am concerned with this
The following helper DLL cannot be loaded: WSHELPER.DLL.

I find it very interesting that IObit was caughr by MBAm for stealing their software and yet MBAm still detected items when run after it.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Dom E.

Dom E.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 31 October 2011 - 10:17 PM

Hi Boopme,

Yes, I did follow the steps in the first post... and I did download and run TDSSkiller and it scanned my computer and did not find any threats. My computer is still redirecting... so annoying. This virus has dug its filthy little claws deep down in the dark abyss of my computer. :-(

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:08 AM

Posted 31 October 2011 - 10:27 PM

It's not showing,we will find it but we need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:08 AM

Posted 02 November 2011 - 03:03 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic425927.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users