Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Ad Redirect and Background Audio


  • This topic is locked This topic is locked
12 replies to this topic

#1 axiomkc

axiomkc

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 November 2011 - 03:27 PM

Hello,

I have a machine inftected with malware. There is an iexplore.exe that is always running and the memory usage climbs higher and higher, and audio advertisements play in the background. Links from Google search results are also hijacked. The machines is Windows 7 Professional x64.

Any help would be appreciated.

Thanks. Brent

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 14 November 2011 - 03:33 PM

Hello Brent.. lets do these and see where we are after.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware



Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 November 2011 - 03:43 PM

Thank you for your help. Here are the first two logs.

Here is the MBAM Log. Nothing found.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8134

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/14/2011 2:36:37 PM
mbam-log-2011-11-14 (14-36-37).txt

Scan type: Quick scan
Objects scanned: 218940
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the TDSS Log:

14:35:42.0422 5472 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
14:35:42.0521 5472 ============================================================
14:35:42.0521 5472 Current date / time: 2011/11/14 14:35:42.0521
14:35:42.0521 5472 SystemInfo:
14:35:42.0521 5472
14:35:42.0521 5472 OS Version: 6.1.7601 ServicePack: 1.0
14:35:42.0521 5472 Product type: Workstation
14:35:42.0521 5472 ComputerName: KC-CSIMONS
14:35:42.0521 5472 UserName: csimons
14:35:42.0522 5472 Windows directory: C:\Windows
14:35:42.0522 5472 System windows directory: C:\Windows
14:35:42.0522 5472 Running under WOW64
14:35:42.0522 5472 Processor architecture: Intel x64
14:35:42.0522 5472 Number of processors: 4
14:35:42.0522 5472 Page size: 0x1000
14:35:42.0522 5472 Boot type: Normal boot
14:35:42.0522 5472 ============================================================
14:35:44.0079 5472 Initialize success
14:36:06.0843 3868 ============================================================
14:36:06.0844 3868 Scan started
14:36:06.0844 3868 Mode: Manual;
14:36:06.0844 3868 ============================================================
14:36:07.0834 3868 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:36:07.0838 3868 1394ohci - ok
14:36:07.0916 3868 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:36:07.0922 3868 ACPI - ok
14:36:07.0993 3868 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:36:07.0995 3868 AcpiPmi - ok
14:36:08.0152 3868 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:36:08.0177 3868 adp94xx - ok
14:36:08.0256 3868 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:36:08.0297 3868 adpahci - ok
14:36:08.0361 3868 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:36:08.0365 3868 adpu320 - ok
14:36:08.0516 3868 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:36:08.0546 3868 AFD - ok
14:36:08.0690 3868 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:36:08.0694 3868 agp440 - ok
14:36:08.0801 3868 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:36:08.0803 3868 aliide - ok
14:36:08.0837 3868 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:36:08.0847 3868 amdide - ok
14:36:08.0902 3868 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:36:08.0904 3868 AmdK8 - ok
14:36:08.0923 3868 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:36:08.0927 3868 AmdPPM - ok
14:36:08.0987 3868 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:36:08.0992 3868 amdsata - ok
14:36:09.0051 3868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:36:09.0055 3868 amdsbs - ok
14:36:09.0077 3868 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:36:09.0081 3868 amdxata - ok
14:36:09.0153 3868 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:36:09.0159 3868 AppID - ok
14:36:09.0223 3868 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:36:09.0226 3868 arc - ok
14:36:09.0249 3868 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:36:09.0253 3868 arcsas - ok
14:36:09.0287 3868 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:36:09.0289 3868 AsyncMac - ok
14:36:09.0328 3868 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:36:09.0330 3868 atapi - ok
14:36:09.0428 3868 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
14:36:09.0482 3868 athr - ok
14:36:09.0579 3868 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:36:09.0602 3868 b06bdrv - ok
14:36:09.0655 3868 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:36:09.0660 3868 b57nd60a - ok
14:36:09.0698 3868 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:36:09.0701 3868 Beep - ok
14:36:09.0788 3868 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:36:09.0793 3868 blbdrive - ok
14:36:09.0833 3868 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:36:09.0842 3868 bowser - ok
14:36:09.0875 3868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:36:09.0877 3868 BrFiltLo - ok
14:36:09.0898 3868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:36:09.0900 3868 BrFiltUp - ok
14:36:09.0929 3868 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:36:09.0936 3868 Brserid - ok
14:36:09.0960 3868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:36:09.0962 3868 BrSerWdm - ok
14:36:09.0990 3868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:36:09.0993 3868 BrUsbMdm - ok
14:36:10.0016 3868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:36:10.0019 3868 BrUsbSer - ok
14:36:10.0136 3868 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:36:10.0139 3868 BTHMODEM - ok
14:36:10.0184 3868 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:36:10.0188 3868 cdfs - ok
14:36:10.0243 3868 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:36:10.0247 3868 cdrom - ok
14:36:10.0282 3868 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:36:10.0289 3868 circlass - ok
14:36:10.0361 3868 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:36:10.0368 3868 CLFS - ok
14:36:10.0427 3868 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:36:10.0430 3868 CmBatt - ok
14:36:10.0465 3868 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:36:10.0468 3868 cmdide - ok
14:36:10.0579 3868 cmuda3 (2835bf2a864cde9184c80cf4e6a485f9) C:\Windows\system32\drivers\cmudax3.sys
14:36:10.0607 3868 cmuda3 - ok
14:36:10.0645 3868 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:36:10.0653 3868 CNG - ok
14:36:10.0670 3868 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:36:10.0672 3868 Compbatt - ok
14:36:10.0696 3868 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:36:10.0699 3868 CompositeBus - ok
14:36:10.0730 3868 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:36:10.0732 3868 crcdisk - ok
14:36:10.0813 3868 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:36:10.0822 3868 CSC - ok
14:36:10.0869 3868 dc3d (b9f03c09f577d64900f15502a036ea77) C:\Windows\system32\DRIVERS\dc3d.sys
14:36:10.0871 3868 dc3d - ok
14:36:10.0924 3868 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:36:10.0927 3868 DfsC - ok
14:36:10.0970 3868 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:36:10.0982 3868 discache - ok
14:36:11.0013 3868 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:36:11.0015 3868 Disk - ok
14:36:11.0057 3868 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:36:11.0061 3868 Dot4 - ok
14:36:11.0093 3868 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
14:36:11.0096 3868 Dot4Print - ok
14:36:11.0119 3868 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:36:11.0121 3868 dot4usb - ok
14:36:11.0164 3868 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:36:11.0166 3868 drmkaud - ok
14:36:11.0212 3868 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:36:11.0237 3868 DXGKrnl - ok
14:36:11.0326 3868 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:36:11.0399 3868 ebdrv - ok
14:36:11.0456 3868 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:36:11.0465 3868 elxstor - ok
14:36:11.0496 3868 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:36:11.0498 3868 ErrDev - ok
14:36:11.0531 3868 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:36:11.0536 3868 exfat - ok
14:36:11.0557 3868 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:36:11.0562 3868 fastfat - ok
14:36:11.0610 3868 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:36:11.0612 3868 fdc - ok
14:36:11.0641 3868 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:36:11.0645 3868 FileInfo - ok
14:36:11.0677 3868 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:36:11.0684 3868 Filetrace - ok
14:36:11.0758 3868 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:36:11.0760 3868 flpydisk - ok
14:36:11.0818 3868 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:36:11.0824 3868 FltMgr - ok
14:36:11.0851 3868 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:36:11.0854 3868 FsDepends - ok
14:36:11.0882 3868 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:36:11.0884 3868 Fs_Rec - ok
14:36:11.0926 3868 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:36:11.0931 3868 fvevol - ok
14:36:11.0956 3868 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:36:11.0959 3868 gagp30kx - ok
14:36:11.0997 3868 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:36:11.0999 3868 hcw85cir - ok
14:36:12.0038 3868 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:36:12.0042 3868 HDAudBus - ok
14:36:12.0066 3868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:36:12.0068 3868 HidBatt - ok
14:36:12.0088 3868 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:36:12.0092 3868 HidBth - ok
14:36:12.0111 3868 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:36:12.0119 3868 HidIr - ok
14:36:12.0192 3868 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:36:12.0194 3868 HidUsb - ok
14:36:12.0252 3868 HPFXBULK (dbd2bb97a574fc565b1eb5c0a03f917a) C:\Windows\system32\drivers\hpfx64bulk.sys
14:36:12.0254 3868 HPFXBULK - ok
14:36:12.0302 3868 HPFXFAX (219c2a07fd07023d3905c332bf6f9ba8) C:\Windows\system32\drivers\hpfx64fax.sys
14:36:12.0304 3868 HPFXFAX - ok
14:36:12.0346 3868 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:36:12.0349 3868 HpSAMD - ok
14:36:12.0534 3868 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:36:12.0602 3868 HTTP - ok
14:36:12.0653 3868 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:36:12.0656 3868 hwpolicy - ok
14:36:12.0775 3868 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:36:12.0778 3868 i8042prt - ok
14:36:12.0806 3868 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
14:36:12.0810 3868 iaStor - ok
14:36:12.0867 3868 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:36:12.0875 3868 iaStorV - ok
14:36:12.0916 3868 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:36:12.0919 3868 iirsp - ok
14:36:13.0013 3868 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
14:36:13.0058 3868 IntcAzAudAddService - ok
14:36:13.0082 3868 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:36:13.0085 3868 intelide - ok
14:36:13.0120 3868 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:36:13.0123 3868 intelppm - ok
14:36:13.0167 3868 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:36:13.0170 3868 IpFilterDriver - ok
14:36:13.0206 3868 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:36:13.0209 3868 IPMIDRV - ok
14:36:13.0231 3868 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:36:13.0235 3868 IPNAT - ok
14:36:13.0260 3868 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:36:13.0262 3868 IRENUM - ok
14:36:13.0298 3868 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:36:13.0300 3868 isapnp - ok
14:36:13.0322 3868 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:36:13.0328 3868 iScsiPrt - ok
14:36:13.0360 3868 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:36:13.0362 3868 kbdclass - ok
14:36:13.0381 3868 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:36:13.0384 3868 kbdhid - ok
14:36:13.0409 3868 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:36:13.0412 3868 KSecDD - ok
14:36:13.0454 3868 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:36:13.0458 3868 KSecPkg - ok
14:36:13.0498 3868 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:36:13.0525 3868 ksthunk - ok
14:36:13.0620 3868 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:36:13.0622 3868 lltdio - ok
14:36:13.0753 3868 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
14:36:13.0754 3868 LMIInfo - ok
14:36:13.0826 3868 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
14:36:13.0839 3868 lmimirr - ok
14:36:13.0864 3868 LMIRfsClientNP - ok
14:36:13.0911 3868 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
14:36:13.0915 3868 LMIRfsDriver - ok
14:36:13.0982 3868 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:36:13.0985 3868 LSI_FC - ok
14:36:14.0012 3868 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:36:14.0014 3868 LSI_SAS - ok
14:36:14.0052 3868 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:36:14.0055 3868 LSI_SAS2 - ok
14:36:14.0093 3868 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:36:14.0098 3868 LSI_SCSI - ok
14:36:14.0136 3868 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:36:14.0141 3868 luafv - ok
14:36:14.0174 3868 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:36:14.0183 3868 megasas - ok
14:36:14.0224 3868 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:36:14.0230 3868 MegaSR - ok
14:36:14.0261 3868 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:36:14.0267 3868 Modem - ok
14:36:14.0316 3868 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:36:14.0319 3868 monitor - ok
14:36:14.0399 3868 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:36:14.0402 3868 mouclass - ok
14:36:14.0440 3868 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:36:14.0442 3868 mouhid - ok
14:36:14.0488 3868 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:36:14.0490 3868 mountmgr - ok
14:36:14.0575 3868 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:36:14.0578 3868 MpFilter - ok
14:36:14.0623 3868 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:36:14.0626 3868 mpio - ok
14:36:14.0657 3868 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:36:14.0661 3868 MpNWMon - ok
14:36:14.0694 3868 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:36:14.0701 3868 mpsdrv - ok
14:36:14.0749 3868 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:36:14.0752 3868 MRxDAV - ok
14:36:14.0806 3868 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:36:14.0809 3868 mrxsmb - ok
14:36:14.0872 3868 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:36:14.0888 3868 mrxsmb10 - ok
14:36:14.0918 3868 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:36:14.0925 3868 mrxsmb20 - ok
14:36:14.0979 3868 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:36:14.0984 3868 msahci - ok
14:36:15.0038 3868 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:36:15.0041 3868 msdsm - ok
14:36:15.0096 3868 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:36:15.0099 3868 Msfs - ok
14:36:15.0142 3868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:36:15.0147 3868 mshidkmdf - ok
14:36:15.0181 3868 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:36:15.0184 3868 msisadrv - ok
14:36:15.0255 3868 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:36:15.0258 3868 MSKSSRV - ok
14:36:15.0321 3868 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:36:15.0323 3868 MSPCLOCK - ok
14:36:15.0348 3868 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:36:15.0351 3868 MSPQM - ok
14:36:15.0412 3868 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:36:15.0428 3868 MsRPC - ok
14:36:15.0474 3868 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:36:15.0477 3868 mssmbios - ok
14:36:15.0510 3868 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:36:15.0513 3868 MSTEE - ok
14:36:15.0537 3868 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:36:15.0539 3868 MTConfig - ok
14:36:15.0568 3868 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:36:15.0574 3868 Mup - ok
14:36:15.0624 3868 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:36:15.0630 3868 NativeWifiP - ok
14:36:15.0768 3868 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:36:15.0799 3868 NDIS - ok
14:36:15.0839 3868 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:36:15.0848 3868 NdisCap - ok
14:36:15.0891 3868 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:36:15.0894 3868 NdisTapi - ok
14:36:15.0940 3868 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:36:15.0947 3868 Ndisuio - ok
14:36:16.0003 3868 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:36:16.0008 3868 NdisWan - ok
14:36:16.0111 3868 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:36:16.0116 3868 NDProxy - ok
14:36:16.0230 3868 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:36:16.0233 3868 NetBIOS - ok
14:36:16.0356 3868 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:36:16.0360 3868 NetBT - ok
14:36:16.0437 3868 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:36:16.0439 3868 nfrd960 - ok
14:36:16.0561 3868 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:36:16.0564 3868 NisDrv - ok
14:36:16.0656 3868 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:36:16.0659 3868 Npfs - ok
14:36:16.0690 3868 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:36:16.0693 3868 nsiproxy - ok
14:36:16.0825 3868 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:36:16.0869 3868 Ntfs - ok
14:36:16.0935 3868 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:36:16.0941 3868 NuidFltr - ok
14:36:16.0981 3868 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:36:16.0985 3868 Null - ok
14:36:17.0470 3868 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:36:17.0679 3868 nvlddmkm - ok
14:36:17.0938 3868 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:36:17.0942 3868 nvraid - ok
14:36:18.0071 3868 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:36:18.0075 3868 nvstor - ok
14:36:18.0190 3868 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:36:18.0192 3868 nv_agp - ok
14:36:18.0326 3868 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:36:18.0332 3868 ohci1394 - ok
14:36:18.0464 3868 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:36:18.0472 3868 Parport - ok
14:36:18.0659 3868 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:36:18.0664 3868 partmgr - ok
14:36:18.0849 3868 PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms
14:36:18.0850 3868 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
14:36:18.0941 3868 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:36:18.0945 3868 pci - ok
14:36:19.0017 3868 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:36:19.0022 3868 pciide - ok
14:36:19.0121 3868 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:36:19.0125 3868 pcmcia - ok
14:36:19.0231 3868 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:36:19.0234 3868 pcw - ok
14:36:19.0385 3868 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:36:19.0401 3868 PEAUTH - ok
14:36:19.0521 3868 Point64 (a6d06378f37bdba0c0019294c2aabbd0) C:\Windows\system32\DRIVERS\point64k.sys
14:36:19.0523 3868 Point64 - ok
14:36:19.0635 3868 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:36:19.0641 3868 PptpMiniport - ok
14:36:19.0758 3868 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:36:19.0762 3868 Processor - ok
14:36:19.0921 3868 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:36:19.0925 3868 Psched - ok
14:36:20.0069 3868 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:36:20.0099 3868 ql2300 - ok
14:36:20.0178 3868 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:36:20.0188 3868 ql40xx - ok
14:36:20.0233 3868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:36:20.0236 3868 QWAVEdrv - ok
14:36:20.0265 3868 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:36:20.0272 3868 RasAcd - ok
14:36:20.0306 3868 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:36:20.0319 3868 RasAgileVpn - ok
14:36:20.0362 3868 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:36:20.0367 3868 Rasl2tp - ok
14:36:20.0412 3868 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:36:20.0420 3868 RasPppoe - ok
14:36:20.0459 3868 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:36:20.0463 3868 RasSstp - ok
14:36:20.0531 3868 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:36:20.0537 3868 rdbss - ok
14:36:20.0558 3868 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:36:20.0560 3868 rdpbus - ok
14:36:20.0587 3868 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:36:20.0591 3868 RDPCDD - ok
14:36:20.0691 3868 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:36:20.0696 3868 RDPDR - ok
14:36:20.0745 3868 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:36:20.0749 3868 RDPENCDD - ok
14:36:20.0795 3868 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:36:20.0799 3868 RDPREFMP - ok
14:36:20.0941 3868 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:36:20.0943 3868 RdpVideoMiniport - ok
14:36:20.0980 3868 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:36:20.0984 3868 RDPWD - ok
14:36:21.0024 3868 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:36:21.0027 3868 rdyboost - ok
14:36:21.0099 3868 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:36:21.0102 3868 rspndr - ok
14:36:21.0174 3868 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:36:21.0186 3868 RTL8167 - ok
14:36:21.0258 3868 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
14:36:21.0261 3868 RTL8169 - ok
14:36:21.0312 3868 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:36:21.0314 3868 s3cap - ok
14:36:21.0346 3868 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:36:21.0351 3868 sbp2port - ok
14:36:21.0397 3868 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:36:21.0400 3868 scfilter - ok
14:36:21.0478 3868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:36:21.0480 3868 secdrv - ok
14:36:21.0543 3868 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:36:21.0552 3868 Serenum - ok
14:36:21.0574 3868 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:36:21.0578 3868 Serial - ok
14:36:21.0621 3868 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:36:21.0625 3868 sermouse - ok
14:36:21.0672 3868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:36:21.0677 3868 sffdisk - ok
14:36:21.0755 3868 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:36:21.0758 3868 sffp_mmc - ok
14:36:21.0772 3868 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:36:21.0774 3868 sffp_sd - ok
14:36:21.0831 3868 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:36:21.0834 3868 sfloppy - ok
14:36:21.0878 3868 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:36:21.0880 3868 SiSRaid2 - ok
14:36:21.0912 3868 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:36:21.0919 3868 SiSRaid4 - ok
14:36:21.0951 3868 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:36:21.0955 3868 Smb - ok
14:36:22.0012 3868 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:36:22.0030 3868 spldr - ok
14:36:22.0137 3868 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:36:22.0146 3868 srv - ok
14:36:22.0227 3868 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:36:22.0235 3868 srv2 - ok
14:36:22.0265 3868 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:36:22.0270 3868 srvnet - ok
14:36:22.0320 3868 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:36:22.0322 3868 stexstor - ok
14:36:22.0417 3868 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:36:22.0425 3868 storflt - ok
14:36:22.0498 3868 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:36:22.0521 3868 storvsc - ok
14:36:22.0575 3868 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:36:22.0578 3868 swenum - ok
14:36:22.0707 3868 Synth3dVsc - ok
14:36:22.0871 3868 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:36:22.0938 3868 Tcpip - ok
14:36:23.0074 3868 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:36:23.0105 3868 TCPIP6 - ok
14:36:23.0146 3868 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:36:23.0150 3868 tcpipreg - ok
14:36:23.0186 3868 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:36:23.0189 3868 TDPIPE - ok
14:36:23.0215 3868 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:36:23.0217 3868 TDTCP - ok
14:36:23.0276 3868 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:36:23.0282 3868 tdx - ok
14:36:23.0371 3868 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:36:23.0377 3868 TermDD - ok
14:36:23.0467 3868 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:36:23.0472 3868 tssecsrv - ok
14:36:23.0514 3868 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:36:23.0516 3868 TsUsbFlt - ok
14:36:23.0561 3868 tsusbhub - ok
14:36:23.0633 3868 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:36:23.0636 3868 tunnel - ok
14:36:23.0678 3868 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:36:23.0681 3868 uagp35 - ok
14:36:23.0760 3868 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:36:23.0785 3868 udfs - ok
14:36:23.0867 3868 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:36:23.0898 3868 uliagpkx - ok
14:36:23.0970 3868 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:36:23.0974 3868 umbus - ok
14:36:24.0033 3868 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:36:24.0037 3868 UmPass - ok
14:36:24.0087 3868 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:36:24.0093 3868 usbccgp - ok
14:36:24.0196 3868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:36:24.0199 3868 usbcir - ok
14:36:24.0228 3868 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:36:24.0235 3868 usbehci - ok
14:36:24.0302 3868 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:36:24.0319 3868 usbhub - ok
14:36:24.0346 3868 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:36:24.0351 3868 usbohci - ok
14:36:24.0392 3868 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:36:24.0398 3868 usbprint - ok
14:36:24.0448 3868 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:36:24.0451 3868 usbscan - ok
14:36:24.0482 3868 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:36:24.0484 3868 USBSTOR - ok
14:36:24.0510 3868 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:36:24.0513 3868 usbuhci - ok
14:36:24.0549 3868 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:36:24.0551 3868 vdrvroot - ok
14:36:24.0597 3868 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:36:24.0599 3868 vga - ok
14:36:24.0616 3868 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:36:24.0618 3868 VgaSave - ok
14:36:24.0637 3868 VGPU - ok
14:36:24.0668 3868 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:36:24.0672 3868 vhdmp - ok
14:36:24.0706 3868 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:36:24.0712 3868 viaide - ok
14:36:24.0738 3868 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:36:24.0742 3868 vmbus - ok
14:36:24.0777 3868 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:36:24.0781 3868 VMBusHID - ok
14:36:24.0806 3868 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:36:24.0810 3868 volmgr - ok
14:36:24.0865 3868 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:36:24.0871 3868 volmgrx - ok
14:36:24.0938 3868 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:36:24.0944 3868 volsnap - ok
14:36:24.0984 3868 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:36:24.0988 3868 vsmraid - ok
14:36:25.0017 3868 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:36:25.0021 3868 vwifibus - ok
14:36:25.0060 3868 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:36:25.0064 3868 vwififlt - ok
14:36:25.0133 3868 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:36:25.0138 3868 vwifimp - ok
14:36:25.0181 3868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:36:25.0186 3868 WacomPen - ok
14:36:25.0254 3868 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:36:25.0260 3868 WANARP - ok
14:36:25.0276 3868 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:36:25.0278 3868 Wanarpv6 - ok
14:36:25.0368 3868 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:36:25.0372 3868 Wd - ok
14:36:25.0435 3868 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:36:25.0451 3868 Wdf01000 - ok
14:36:25.0514 3868 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:36:25.0527 3868 WfpLwf - ok
14:36:25.0560 3868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:36:25.0570 3868 WIMMount - ok
14:36:25.0660 3868 WinDriver6 (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\DRIVERS\Windrvr6.sys
14:36:25.0667 3868 WinDriver6 - ok
14:36:25.0742 3868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:36:25.0744 3868 WmiAcpi - ok
14:36:25.0877 3868 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:36:25.0880 3868 ws2ifsl - ok
14:36:25.0942 3868 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:36:25.0950 3868 WudfPf - ok
14:36:25.0997 3868 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:36:26.0001 3868 WUDFRd - ok
14:36:26.0156 3868 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
14:36:26.0156 3868 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
14:36:26.0232 3868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:36:26.0241 3868 \Device\Harddisk0\DR0 - ok
14:36:26.0248 3868 Boot (0x1200) (a8d8438622f6b3e1e129d85cbfc41744) \Device\Harddisk0\DR0\Partition0
14:36:26.0249 3868 \Device\Harddisk0\DR0\Partition0 - ok
14:36:26.0363 3868 Boot (0x1200) (d9e67fec285ec3a8b1c71334878df602) \Device\Harddisk0\DR0\Partition1
14:36:26.0368 3868 \Device\Harddisk0\DR0\Partition1 - ok
14:36:26.0368 3868 ============================================================
14:36:26.0368 3868 Scan finished
14:36:26.0368 3868 ============================================================
14:36:26.0386 1140 Detected object count: 0
14:36:26.0386 1140 Actual detected object count: 0

#4 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 November 2011 - 03:46 PM

Here is the first MBAM log from last Thursday that I iniitally ran:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8134

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/10/2011 2:55:32 PM
mbam-log-2011-11-10 (14-55-32).txt

Scan type: Quick scan
Objects scanned: 218702
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 November 2011 - 03:47 PM

Here is the MiniToolBox Log

MiniToolBox by Farbar
Ran by csimons (administrator) on 14-11-2011 at 14:42:19
Windows 7 Ultimate Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : KC-CSIMONS
Primary Dns Suffix . . . . . . . : alliedconstruct.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : alliedconstruct.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : alliedconstruct.com
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-24-8C-13-85-9B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::80fe:279b:5df9:b7df%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.4.213(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 14, 2011 1:41:48 PM
Lease Expires . . . . . . . . . . : Thursday, December 29, 2011 1:41:47 PM
Default Gateway . . . . . . . . . : 192.168.4.253
DHCP Server . . . . . . . . . . . : 192.168.4.10
DHCPv6 IAID . . . . . . . . . . . : 251667284
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-4F-E9-D0-00-24-8C-13-85-9B
DNS Servers . . . . . . . . . . . : 192.168.4.10
192.168.1.10
Primary WINS Server . . . . . . . : 192.168.4.10
Secondary WINS Server . . . . . . : 192.168.1.10
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-21-00-A9-71-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Physical Address. . . . . . . . . : 00-21-00-A9-71-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.alliedconstruct.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : alliedconstruct.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4C878462-272B-40AD-9716-AC477172D880}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{93B08834-744D-4091-8EE3-9FACB0548FB7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ackansascity01.alliedconstruct.com
Address: 192.168.4.10

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging google.com [74.125.225.84] with 32 bytes of data:
Reply from 74.125.225.84: bytes=32 time=26ms TTL=55
Reply from 74.125.225.84: bytes=32 time=26ms TTL=55

Ping statistics for 74.125.225.84:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server: ackansascity01.alliedconstruct.com
Address: 192.168.4.10

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=73ms TTL=50
Reply from 67.195.160.76: bytes=32 time=81ms TTL=51

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 81ms, Average = 77ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 24 8c 13 85 9b ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
13...06 21 00 a9 71 d4 ......Microsoft Virtual WiFi Miniport Adapter
11...00 21 00 a9 71 d4 ......Atheros 802.11 a/b/g/n Dualband Wireless Network Module
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.4.253 192.168.4.213 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.4.0 255.255.255.0 On-link 192.168.4.213 266
192.168.4.213 255.255.255.255 On-link 192.168.4.213 266
192.168.4.255 255.255.255.255 On-link 192.168.4.213 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.4.213 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.4.213 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::80fe:279b:5df9:b7df/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2011 01:43:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2011 01:18:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2011 01:01:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x9090ffff
Faulting process id: 0x10e0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 01:00:55 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.

Program: Internet Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/14/2011 01:00:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x00690074
Faulting process id: 0x10e0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 00:58:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00568a27
Faulting process id: 0x544
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 00:57:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002e39e
Faulting process id: 0x12d4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 00:56:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0074006e
Faulting process id: 0x12d4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 00:16:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x68565350
Faulting process id: 0x544
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 09:51:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (11/10/2011 05:37:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %ALLIEDCONTRUCT60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.1646.0

Update Source: %ALLIEDCONTRUCT51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %ALLIEDCONTRUCT602

Update Type: %ALLIEDCONTRUCT604

User: ALLIEDCONTRUCT\csimons

Current Engine Version: %ALLIEDCONTRUCT605

Previous Engine Version: %ALLIEDCONTRUCT606

Error code: %ALLIEDCONTRUCT607

Error description: %ALLIEDCONTRUCT608

Error: (11/10/2011 05:37:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %ALLIEDCONTRUCT60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.1646.0

Update Source: %ALLIEDCONTRUCT51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %ALLIEDCONTRUCT602

Update Type: %ALLIEDCONTRUCT604

User: ALLIEDCONTRUCT\csimons

Current Engine Version: %ALLIEDCONTRUCT605

Previous Engine Version: %ALLIEDCONTRUCT606

Error code: %ALLIEDCONTRUCT607

Error description: %ALLIEDCONTRUCT608

Error: (11/10/2011 05:37:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %ALLIEDCONTRUCT60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.1646.0

Update Source: %ALLIEDCONTRUCT51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %ALLIEDCONTRUCT602

Update Type: %ALLIEDCONTRUCT604

User: ALLIEDCONTRUCT\csimons

Current Engine Version: %ALLIEDCONTRUCT605

Previous Engine Version: %ALLIEDCONTRUCT606

Error code: %ALLIEDCONTRUCT607

Error description: %ALLIEDCONTRUCT608

Error: (11/10/2011 05:37:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %ALLIEDCONTRUCT60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.115.1646.0

Update Source: %ALLIEDCONTRUCT51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %ALLIEDCONTRUCT602

Update Type: %ALLIEDCONTRUCT604

User: ALLIEDCONTRUCT\csimons

Current Engine Version: %ALLIEDCONTRUCT605

Previous Engine Version: %ALLIEDCONTRUCT606

Error code: %ALLIEDCONTRUCT607

Error description: %ALLIEDCONTRUCT608

Error: (11/10/2011 04:55:07 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/10/2011 04:40:08 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/10/2011 04:23:14 PM) (Source: Service Control Manager) (User: )
Description: The HP Easy Backup Button Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/10/2011 04:10:06 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/10/2011 04:10:06 PM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (11/10/2011 02:44:09 PM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}


Microsoft Office Sessions:
=========================
Error: (11/14/2011 01:43:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2011 01:18:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2011 01:01:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912unknown0.0.0.000000000c00000059090ffff10e001cca2ff361c9a24C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownfd38ed98-0ef2-11e1-8b27-00248c13859b

Error: (11/14/2011 01:00:55 PM) (Source: Application Error)(User: )
Description: Internet Explorer000000000

Error: (11/14/2011 01:00:55 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912unknown0.0.0.000000000c00000960069007410e001cca2ff361c9a24C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownfa92be25-0ef2-11e1-8b27-00248c13859b

Error: (11/14/2011 00:58:03 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912unknown0.0.0.000000000c000040900568a2754401cca2ff0857e408C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown93e7f707-0ef2-11e1-8b27-00248c13859b

Error: (11/14/2011 00:57:03 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912ntdll.dll6.1.7601.175144ce7ba58c00000050002e39e12d401cca2fed44a239aC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll7051a058-0ef2-11e1-8b27-00248c13859b

Error: (11/14/2011 00:56:57 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912unknown0.0.0.000000000c00000050074006e12d401cca2fed44a239aC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown6cc043ee-0ef2-11e1-8b27-00248c13859b

Error: (11/14/2011 00:16:45 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912unknown0.0.0.000000000c00000056856535054401cca2f7ffcda571C:\Program Files (x86)\Internet Explorer\iexplore.exeunknowncf2922f9-0eec-11e1-8b27-00248c13859b

Error: (11/14/2011 09:51:49 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.1)
8500A909_eDocs (Version: 1.00.0000)
8500A909_Help (Version: 1.00.0000)
8500A909a (Version: 50.0.165.000)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0)
Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Reader 9.4.6 (Version: 9.4.6)
BPD_DSWizards (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CutePDF Writer 2.8
CyberLink DVD Suite Deluxe (Version: 6.0.2111)
DesignPro 5 (Version: 5.5.708)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diamond Xtreme Audio
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Enhanced Multimedia Keyboard Solution (Version: 1.0.9.2)
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
GPBaseService2 (Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 5.1.4976.17)
HP Active Support Library (Version: 3.1.9.1)
HP Color LaserJet CM2320 MFP Series 3.1 (Version: 3.1)
HP Customer Experience Enhancements (Version: 5.7.0.2784)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Easy Backup (Version: 1.0.7.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart DVD (Version: 2.0.2213)
HP MediaSmart Music/Photo/Video (Version: 2.0.2217)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP Picasso Media Center Add-In (Version: 9.1.7.0)
HP Recovery Manager RSS (Version: 91.0.0.10)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Total Care Advisor (Version: 2.4.5106.2815)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 4.000.012.001)
HPAsset component for HP Active Support Library (Version: 2.0.64.3)
hppCLJCM2320 (Version: 003.001.00097)
hppFaxDrvCM2320 (Version: 003.000.00001)
hppFaxUtilityCM2320 (Version: 003.001.00095)
hppFonts (Version: 001.001.00061)
hppManualsCM2320 (Version: 003.001.00087)
hppQFolderCM2320 (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
hppScanToCM2320 (Version: 003.001.00090)
hppSendFaxCM2320 (Version: 003.000.00001)
HPSSupply (Version: 130.0.371.000)
ImgBurn (Version: 2.5.1.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 7 (Version: 1.6.0.70)
LabelPrint (Version: 2.5.0904)
LightScribe System Software 1.14.25.1 (Version: 1.14.25.1)
LightScribe Template Labeler (Version: 1.14.25.1)
LogMeIn (Version: 4.0.982)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 7.0 (Version: 7.0.260.0)
Microsoft IntelliType Pro 7.0 (Version: 7.0.260.0)
Microsoft Live Search Toolbar (Version: 3.0.541.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MPM (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.7315)
My HP Games (Version: 1.0.0.62)
Network64 (Version: 130.0.579.000)
NetZero Preloader (Version: 1.0.0)
NVIDIA Drivers (Version: 1.4)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Officejet Pro 8500 A909 Series (Version: 13.0)
PictureMover (Version: 3.3.1.7)
Power2Go (Version: 6.0.2112)
PowerDirector (Version: 7.0.2202)
ProductContext (Version: 50.0.165.000)
PVSonyDll (Version: 1.00.0001)
Python 2.5.2 (Version: 2.5.2150)
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
SPORE Creature Creator Trial Edition (Version: 1.00.0000)
Status (Version: 130.0.469.000)
TeamViewer 6 (Version: 6.0.11117)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
VisionX (Version: 3.3.2)
WebReg (Version: 130.0.132.017)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 4095.23 MB
Available physical RAM: 1749.37 MB
Total Pagefile: 8188.65 MB
Available Pagefile: 5655.1 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.44 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:685.46 GB) (Free:638.69 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.18 GB) (Free:1.86 GB) NTFS
8 Drive u: (DATA) (Network) (Total:931 GB) (Free:847.44 GB) NTFS

========================= Users: ========================================

User accounts for \\KC-CSIMONS

Administrator Guest LogMeInRemoteUser
Temp

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 14 November 2011 - 03:52 PM

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



You will also need to update to Java and Adobe Reader X or 10

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

Edited by boopme, 14 November 2011 - 03:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 November 2011 - 03:58 PM

This machine is behind a router, but is the only machine redirecting.
This machine is not using Firefox, and I just checked the control panel, and it is not installed.

GooredFix Log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:52 on 14/11/2011 (csimons)
Firefox version [Unable to determine]

========== GooredScan ==========

Removing Orphan:
"m3ffxtbr@mywebsearch.com"="C:\Program Files (x86)\MyWebSearch\bar\2.bin" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [16:44 03/05/2010]

-=E.O.F=-

#8 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 November 2011 - 04:20 PM

Java and Adobe Reader have been updated to the lastest versions.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 14 November 2011 - 09:27 PM

If there is only this PC and it's redirecting after GooredFix.....

The problem is actually based in your router.
Open MBAM in normal mode and click Update tab, select Check for Updates
Next disconnect your system from the internet, and your router, then…
Open MBAM in normal mode and click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected,

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE


However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:15 PM

Posted 15 November 2011 - 12:13 AM

Does this topic concern the same computer as the topic here: http://www.bleepingcomputer.com/forums/topic427890.html ?
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 15 November 2011 - 12:18 AM

Does this topic concern the same computer as the topic here: http://www.bleepingcomputer.com/forums/topic427890.html ?


Yes. After reading through several threads from the "Am I Infected" Subforum and that had the same issues I am facing and seeing them be redirected to the MRT forum, I started a thread over there so that I could get in the queue.

#12 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 15 November 2011 - 12:19 AM

If there is only this PC and it's redirecting after GooredFix.....

The problem is actually based in your router.


The problem is not with the router. The other 15 pc's on the network behind the same router, do not have any issues.

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:15 PM

Posted 15 November 2011 - 01:20 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic427890.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users