Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeps redirecting


  • This topic is locked This topic is locked
7 replies to this topic

#1 ajtnwells

ajtnwells

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 July 2012 - 09:27 PM

Hi there,

we are having problems with our computer redirecting from search site (yahoo, google, and bing). Sometimes it will also redirect when a website it typed into the browser. It will start to load but then will change before it is finished. The websites that it redirectes to is some generic website that always included a list of other sites that has something to do with what was searched for. We run through windows internet explorer 8. Any help would be useful

BC AdBot (Login to Remove)

 


#2 ajtnwells

ajtnwells
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 July 2012 - 09:29 PM

The computer runs on Window 7 home premium with a 64 bit operating system

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:46 PM

Posted 30 July 2012 - 09:39 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 ajtnwells

ajtnwells
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 July 2012 - 10:10 PM

Thank you so much for the quick reply

security check.exe log

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
StopSign® Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Acceleration Software Anti-Virus stopsignav.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 26-07-2012
Ran by Wells (administrator) on 30-07-2012 at 21:50:02
Running from "C:\Users\Wells\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNIAVHV1"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 23:07] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 21:30] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 12:00] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



mimi tool box results

MiniToolBox by Farbar Version: 23-07-2012
Ran by Wells (administrator) on 30-07-2012 at 21:53:25
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Wells-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ckt.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 2A-7C-8F-3C-E2-2E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 20-6A-8A-1E-E0-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : ckt.net
Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
Physical Address. . . . . . . . . : 20-7C-8F-3C-E2-2E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2857:a962:c799:5cd4%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 29, 2012 2:12:50 PM
Lease Expires . . . . . . . . . . : Tuesday, July 31, 2012 9:42:25 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 287341711
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-4F-C7-97-20-7C-8F-3C-E2-2E
DNS Servers . . . . . . . . . . . : 216.49.224.10
216.49.224.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F8015863-75C4-478E-AB4D-2180B8B8C980}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.ckt.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ckt.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{07C5021B-BB09-450E-A0AB-8DBB714DE92E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:184f:2a08:3f57:fe99(Preferred)
Link-local IPv6 Address . . . . . : fe80::184f:2a08:3f57:fe99%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging google.com [74.125.227.137] with 32 bytes of data:
Reply from 74.125.227.137: bytes=32 time=54ms TTL=52
Reply from 74.125.227.137: bytes=32 time=54ms TTL=52

Ping statistics for 74.125.227.137:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 54ms, Average = 54ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=55ms TTL=50
Reply from 209.191.122.70: bytes=32 time=56ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 55ms, Maximum = 56ms, Average = 55ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 5ms, Maximum = 6ms, Average = 5ms
===========================================================================
Interface List
14...2a 7c 8f 3c e2 2e ......Microsoft Virtual WiFi Miniport Adapter
12...20 6a 8a 1e e0 e7 ......Broadcom NetLink ™ Gigabit Ethernet
11...20 7c 8f 3c e2 2e ......Atheros AR5B97 Wireless Network Adapter
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:184f:2a08:3f57:fe99/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::184f:2a08:3f57:fe99/128
On-link
11 281 fe80::2857:a962:c799:5cd4/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/27/2012 10:08:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: splwow64.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd3ca
Faulting module name: hpz3rw71.dll, version: 0.3.7071.0, time stamp: 0x4a5bdf2f
Exception code: 0xc0000005
Fault offset: 0x000000000004296b
Faulting process id: 0x10a08
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3

Error: (07/26/2012 09:41:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: splwow64.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd3ca
Faulting module name: hpz3rw71.dll, version: 0.3.7071.0, time stamp: 0x4a5bdf2f
Exception code: 0xc0000005
Fault offset: 0x000000000004296b
Faulting process id: 0xd01c
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3

Error: (07/25/2012 10:16:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x001d9aa6
Faulting process id: 0x2ab0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/25/2012 08:25:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 4.1.0.179, time stamp: 0x4acf0be1
Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc0000005
Fault offset: 0x0003b565
Faulting process id: 0xb40
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (07/24/2012 08:08:10 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5b84

Start Time: 01cd699ca9058d88

Termination Time: 10

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/22/2012 08:55:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: splwow64.exe, version: 6.1.7600.16385, time stamp: 0x4a5bd3ca
Faulting module name: hpz3rw71.dll, version: 0.3.7071.0, time stamp: 0x4a5bdf2f
Exception code: 0xc0000005
Fault offset: 0x00000000000429dd
Faulting process id: 0x61f8
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3

Error: (07/21/2012 01:23:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/21/2012 01:23:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/21/2012 01:21:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/21/2012 00:57:53 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{6C248201-4546-4B80-B72F-385D83061745}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}eAcceleration Corp Notification Service SENS Logon Subscription


System errors:
=============
Error: (07/30/2012 09:19:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%183

Error: (07/30/2012 09:19:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%183

Error: (07/30/2012 07:47:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.131.805.0).

Error: (07/30/2012 07:47:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (07/29/2012 03:56:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (07/29/2012 02:25:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.131.805.0).

Error: (07/29/2012 02:25:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (07/28/2012 06:12:13 AM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.101 with the system
having network hardware address 44-A7-CF-01-9B-4D. Network operations on this system may
be disrupted as a result.

Error: (07/27/2012 09:55:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.131.805.0).

Error: (07/27/2012 09:55:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (07/27/2012 10:08:50 AM) (Source: Application Error)(User: )
Description: splwow64.exe6.1.7600.163854a5bd3cahpz3rw71.dll0.3.7071.04a5bdf2fc0000005000000000004296b10a0801cd6c0477a2f94aC:\Windows\splwow64.exeC:\Windows\system32\spool\DRIVERS\x64\3\hpz3rw71.dllf873d5fa-d7fc-11e1-8d7a-206a8a1ee0e7

Error: (07/26/2012 09:41:11 PM) (Source: Application Error)(User: )
Description: splwow64.exe6.1.7600.163854a5bd3cahpz3rw71.dll0.3.7071.04a5bdf2fc0000005000000000004296bd01c01cd6b8b1f9136e9C:\Windows\splwow64.exeC:\Windows\system32\spool\DRIVERS\x64\3\hpz3rw71.dll8665538f-d794-11e1-8d7a-206a8a1ee0e7

Error: (07/25/2012 10:16:11 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll9.0.8112.164474fc9d776c0000005001d9aa62ab001cd6a77f94a08b6C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dllaa33156a-d66b-11e1-8d7a-206a8a1ee0e7

Error: (07/25/2012 08:25:55 AM) (Source: Application Error)(User: )
Description: Skype.exe4.1.0.1794acf0be1RPCRT4.dll6.1.7600.163854a5bdb3bc00000050003b565b4001cd676ad8b44377C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\RPCRT4.dll42d48522-d65c-11e1-8d7a-206a8a1ee0e7

Error: (07/24/2012 08:08:10 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.164475b8401cd699ca9058d8810C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/22/2012 08:55:12 PM) (Source: Application Error)(User: )
Description: splwow64.exe6.1.7600.163854a5bd3cahpz3rw71.dll0.3.7071.04a5bdf2fc000000500000000000429dd61f801cd685a8539aaa0C:\Windows\splwow64.exeC:\Windows\system32\spool\DRIVERS\x64\3\hpz3rw71.dll6ff73e90-d469-11e1-8d7a-206a8a1ee0e7

Error: (07/21/2012 01:23:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\Users\Wells\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\X2EUFMEP\esetsmartinstaller_enu.exe

Error: (07/21/2012 01:23:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\Users\Wells\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\X2EUFMEP\esetsmartinstaller_enu.exe

Error: (07/21/2012 01:21:52 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/21/2012 00:57:53 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{6C248201-4546-4B80-B72F-385D83061745}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}eAcceleration Corp Notification Service SENS Logon Subscription


=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Acer Backup Manager (Version: 2.0.0.68)
Acer Crystal Eye Webcam (Version: 5.2.19.3)
Acer ePower Management (Version: 5.00.3005)
Acer eRecovery Management (Version: 4.05.3013)
Acer Game Console
Acer Games (Version: 1.0.1.3)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.0423.2010)
Acer Updater (Version: 1.02.3001)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Reader 9.5.1 MUI (Version: 9.5.1)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
AIO_CDA_ProductContext (Version: 130.0.365.000)
AIO_CDA_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.365.000)
Alcor Micro USB Card Reader (Version: 1.9.17.06019)
AOL Toolbar
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
Backup Manager Basic (Version: 2.0.0.68)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 2.0.5.0)
Broadcom Gigabit NetLink Controller (Version: 14.2.4.2)
BufferChm (Version: 130.0.331.000)
Build-a-lot 2 (Version: 2.2.0.95)
C5100 (Version: 130.0.365.000)
c5100_Help (Version: 82.0.256.000)
Chuzzle Deluxe (Version: 2.2.0.95)
Copy (Version: 130.0.428.000)
CyberLink PowerDVD 9 (Version: 9.0.3216.50)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DocProc (Version: 13.0.0.0)
Dora's Carnival Adventure (Version: 2.2.0.95)
eBay Worldwide (Version: 2.1.0901)
eSobi v2 (Version: 2.0.4.000274)
FATE (Version: 2.2.0.95)
Fax (Version: 130.0.418.000)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Fisher-Price iXL - Disney Princess (Version: 2.0.0.13)
Fisher-Price iXL - Shrek (Version: 1.0.0.0)
Fisher-Price iXL Computer Software (Version: 2.0.1.4)
Google Update Helper (Version: 1.3.21.115)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Identity Card (Version: 1.00.3003)
InstallIQ Updater (Version: 1.4.3.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2119)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
iTunes (Version: 10.2.2.12)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 4.0.14)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog Tag Plugin (Version: 3.2.19.13664)
LG Android Drivers (Version: 1.1)
LG United Mobile Drivers (Version: 3.3.0.0)
LG USB Modem driver (Version: 4.9.4)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SiteAdvisor (Version: 3.3.1.129)
McAfee SiteAdvisor (Version: 3.5.227)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Key Castle (Version: 1.18.3.0)
My Sirius Studio
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
NOOK for PC (Version: 2.5.4.7070)
Norton Online Backup (Version: 2.1.17869)
NTI Backup Now 5 (Version: 5.1.2.630)
NTI Backup Now Standard (Version: 5.1.2.630)
NTI Media Maker 8 (Version: 8.0.12.6636)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.6167)
RealUpgrade 1.1 (Version: 1.1.0)
Rhapsody
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 13.0)
Shredder (Version: 2.0.8.3)
Skype™ 4.1 (Version: 4.1.179)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
StopSign Internet Security
Synaptics Pointing Device Driver (Version: 14.0.6.0)
The Weather Channel App
The Weather Channel Desktop 6
Times Reader (Version: 2.055)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Unity Web Player (Version: )
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 3.2.19.13664)
Verizon V CAST Media Manager
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
WebReg (Version: 130.0.132.017)
Welcome Center (Version: 1.02.3004)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Toolbar
Zoo Tycoon: Complete Collection
Zuma's Revenge (Version: 2.2.0.95)

========================= Devices: ================================

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 2804.5 MB
Available physical RAM: 1000.37 MB
Total Pagefile: 5607.14 MB
Available Pagefile: 2841.95 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.4 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:219.6 GB) (Free:168.65 GB) NTFS

========================= Users: ========================================

User accounts for \\WELLS-PC

Administrator Guest Wells


**** End of log ****



mbam log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Wells :: WELLS-PC [administrator]

Protection: Enabled

7/30/2012 10:03:36 PM
mbam-log-2012-07-30 (22-03-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215315
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

The aswMBR log will come shortly

Thanks

#5 ajtnwells

ajtnwells
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 July 2012 - 10:37 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 22:19:48
-----------------------------
22:19:48.645 OS Version: Windows x64 6.1.7600
22:19:48.645 Number of processors: 2 586 0x2505
22:19:48.647 ComputerName: WELLS-PC UserName: Wells
22:19:50.289 Initialize success
22:29:25.947 AVAST engine defs: 12073100
22:31:34.149 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:31:34.154 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
22:31:34.175 Disk 0 MBR read successfully
22:31:34.180 Disk 0 MBR scan
22:31:34.188 Disk 0 Windows VISTA default MBR code
22:31:34.199 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13500 MB offset 2048
22:31:34.222 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27650048
22:31:34.244 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224873 MB offset 27854848
22:31:34.283 Disk 0 scanning C:\Windows\system32\drivers
22:31:44.870 Service scanning
22:32:36.861 Service w550bus C:\Windows\system32\ntservice1.dll **INFECTED** Win64:ZAccess-E [Rtk]
22:32:40.762 Modules scanning
22:32:40.778 Disk 0 trace - called modules:
22:32:40.807 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:32:40.817 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030fa060]
22:32:40.826 3 CLASSPNP.SYS[fffff88001aea43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002f59050]
22:32:42.539 AVAST engine scan C:\Windows
22:32:47.807 AVAST engine scan C:\Windows\system32
22:32:57.017 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
22:33:00.932 File: C:\Windows\system32\DcCam.dll **INFECTED** Win64:ZAccess-E [Rtk]
22:33:43.005 File: C:\Windows\system32\ntservice1.dll **INFECTED** Win64:ZAccess-E [Rtk]
22:34:22.905 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
22:34:25.543 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
22:35:46.048 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:Downloader-PKU [Trj]
22:35:46.274 File: C:\Windows\assembly\tmp\3WMNDF59\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll **SUSPICIOUS**
22:35:46.321 File: C:\Windows\assembly\tmp\4QI6JILL\Microsoft.VisualStudio.Tools.Applications.Runtime.dll **SUSPICIOUS**
22:35:46.381 File: C:\Windows\assembly\tmp\8IZ2XGBP\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll **SUSPICIOUS**
22:35:46.437 File: C:\Windows\assembly\tmp\AEVFL2SL\Microsoft.Office.Tools.Excel.Implementation.dll **SUSPICIOUS**
22:35:46.506 File: C:\Windows\assembly\tmp\APH5E90S\Microsoft.Office.Tools.Outlook.Implementation.dll **SUSPICIOUS**
22:35:46.562 File: C:\Windows\assembly\tmp\BDCUP6B3\Microsoft.VisualStudio.Tools.Office.Runtime.dll **SUSPICIOUS**
22:35:46.656 File: C:\Windows\assembly\tmp\D1DXI4DW\Policy.12.0.Microsoft.Office.Interop.Access.dll **SUSPICIOUS**
22:35:46.713 File: C:\Windows\assembly\tmp\DHX6P7OE\Microsoft.Office.Tools.Word.dll **SUSPICIOUS**
22:35:46.780 File: C:\Windows\assembly\tmp\DYD221M1\Microsoft.Office.Tools.Common.Implementation.dll **SUSPICIOUS**
22:35:46.856 File: C:\Windows\assembly\tmp\E3PLEO4H\Microsoft.Office.Tools.Common.dll **SUSPICIOUS**
22:35:46.938 File: C:\Windows\assembly\tmp\EV0J6ZQE\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll **SUSPICIOUS**
22:35:46.983 File: C:\Windows\assembly\tmp\F8VL2MCE\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll **SUSPICIOUS**
22:35:47.021 File: C:\Windows\assembly\tmp\GO8APGHW\Microsoft.Office.Tools.Outlook.dll **SUSPICIOUS**
22:35:47.062 File: C:\Windows\assembly\tmp\IMZTGEB7\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll **SUSPICIOUS**
22:35:47.135 File: C:\Windows\assembly\tmp\K4HOLRO9\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll **SUSPICIOUS**
22:35:47.222 File: C:\Windows\assembly\tmp\LKR7420Q\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll **SUSPICIOUS**
22:35:47.294 File: C:\Windows\assembly\tmp\LRQZ5FXE\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll **SUSPICIOUS**
22:35:47.367 File: C:\Windows\assembly\tmp\NXMPOCXO\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll **SUSPICIOUS**
22:35:47.420 File: C:\Windows\assembly\tmp\RN11I3PN\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll **SUSPICIOUS**
22:35:47.485 File: C:\Windows\assembly\tmp\T0OWOEZ7\Microsoft.Office.Tools.Word.Implementation.dll **SUSPICIOUS**
22:35:47.563 File: C:\Windows\assembly\tmp\T6HU9I62\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll **SUSPICIOUS**
22:35:47.625 File: C:\Windows\assembly\tmp\TB5FQJXN\Microsoft.Office.Interop.Access.dll **SUSPICIOUS**
22:35:47.760 File: C:\Windows\assembly\tmp\U92NH44X\Microsoft.Office.Tools.dll **SUSPICIOUS**
22:35:47.822 File: C:\Windows\assembly\tmp\UIP03XS6\Microsoft.Office.Tools.v4.0.Framework.dll **SUSPICIOUS**
22:35:47.896 File: C:\Windows\assembly\tmp\VHC7SU1M\Policy.11.0.Microsoft.Office.Interop.Access.dll **SUSPICIOUS**
22:35:47.951 File: C:\Windows\assembly\tmp\VHC7SU1M\SKJU0INY **SUSPICIOUS**
22:35:47.974 File: C:\Windows\assembly\tmp\W07AQSZ0\Microsoft.Office.Tools.Excel.dll **SUSPICIOUS**
22:35:48.018 File: C:\Windows\assembly\tmp\WZQQS9VI\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll **SUSPICIOUS**
22:35:48.064 File: C:\Windows\assembly\tmp\X3E7UXE4\Microsoft.VisualStudio.Tools.Applications.Hosting.dll **SUSPICIOUS**
22:35:48.117 File: C:\Windows\assembly\tmp\XZOY06YD\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll **SUSPICIOUS**
22:35:48.174 File: C:\Windows\assembly\tmp\Y103HQNK\microsoft.office.businessdata.dll **SUSPICIOUS**
22:35:48.296 File: C:\Windows\assembly\tmp\ZN53G0XK\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll **SUSPICIOUS**
22:35:48.937 AVAST engine scan C:\Windows\system32\drivers
22:36:01.448 AVAST engine scan C:\Users\Wells
22:36:49.723 Disk 0 MBR has been saved successfully to "C:\Users\Wells\Desktop\MBR.dat"
22:36:49.735 The log file has been saved successfully to "C:\Users\Wells\Desktop\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:46 PM

Posted 30 July 2012 - 10:42 PM

You're infected with ZeroAccess rootkit.
It'll require elevated help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 ajtnwells

ajtnwells
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 06 August 2012 - 07:31 PM

Thank you for your help. I have posted in the other forum. Again thank you

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,963 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:46 PM

Posted 07 August 2012 - 01:04 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic464146.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users