Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • Please log in to reply
20 replies to this topic

#1 Chris0212

Chris0212

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 08 August 2012 - 04:08 PM

Hello,

I believe my computer is currently infected with a GRV, in both Chrome and Firefox. I have been troubleshooting since last night, 6-7 hours I figure it's time to ask some experts for help..

Either yesterday or previous day I did run Norton and there were trojans that appeared, but apparently they were cleared. Unfortunately I don't remember the names of the viruses.

Still redirecting after clearing...

I've taken quite a few steps already and I'd be happy to re-run anything you'd like. Here are the steps I have taken so far in fairly close order, it's been a bunch and I haven't taken exact records.

The following steps were taken after running Norton Antivirus, Malwarebytes, and Search and Destroy.


1. Enabled hidden files and operating system files in folder settings.
2. Checked bootlog in MSConfig.
(generated ntbttxt.log)
3. Complete IE optimization.
4. Checked device manager hidden objects, no TDSS found.
5. Searched registry, no TDSS found.
6. Looked through ntbt log, didn't catch anything suspicious.
7. Re-ran above mentioned virus protection scans and ran the following... Norton Power Eraser, TDSSKiller, HitmanPro, GMER, Combofix and Nortons TDSS fix tool.

Some of these programs may have found issues and I may have cleared them (the ones that fix) but the problem is still here... I'm not expert but personally, I wouldn't advice you get to caught up in what I've already done unless its important. Just start from where you would normally, I don't mind. The virus is kind of stopping my work and I cant stand knowing there's an active backdoor running on here so I'll be sitting by ready to take orders..

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:08 AM

Posted 08 August 2012 - 07:28 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 05:45 PM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy 2
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Mozilla Thunderbird 11.0.1 Thunderbird out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

#4 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 05:48 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Chris (administrator) on 09-08-2012 at 18:47:38
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Chris0212, 09 August 2012 - 05:53 PM.


#5 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 05:57 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Chris (administrator) on 09-08-2012 at 18:49:00
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com

There are 15218 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set subinterface interface=?.$ subinterface=ethernet_6 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Chris
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
Physical Address. . . . . . . . . : 40-2C-F4-3B-7B-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::347e:c583:fef7:17e6%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.76(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 09, 2012 6:40:09 PM
Lease Expires . . . . . . . . . . : Friday, August 10, 2012 6:40:09 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 373304564
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A9-25-BA-08-2E-5F-85-AE-DC
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : RVS4000
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 08-2E-5F-85-AE-DC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 40-2C-F4-26-3F-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B35F21CF-A675-44EE-8269-4DE3E3E571F1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.RVS4000:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7D0489A4-BC20-4F04-A68C-7E6F54BECF37}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:384a:347b:3f57:feb3(Preferred)
Link-local IPv6 Address . . . . . : fe80::384a:347b:3f57:feb3%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:801::1008
74.125.228.72
74.125.228.68
74.125.228.65
74.125.228.64
74.125.228.66
74.125.228.78
74.125.228.70
74.125.228.73
74.125.228.67
74.125.228.71
74.125.228.69


Pinging google.com [173.194.43.9] with 32 bytes of data:
Reply from 173.194.43.9: bytes=32 time=13ms TTL=55
Reply from 173.194.43.9: bytes=32 time=18ms TTL=55

Ping statistics for 173.194.43.9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 18ms, Average = 15ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
209.191.122.70
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=93ms TTL=48
Reply from 72.30.38.140: bytes=32 time=112ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 93ms, Maximum = 112ms, Average = 102ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...40 2c f4 3b 7b fa ......Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
13...08 2e 5f 85 ae dc ......Realtek PCIe GBE Family Controller
11...40 2c f4 26 3f 26 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.76 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.76 296
192.168.1.76 255.255.255.255 On-link 192.168.1.76 296
192.168.1.255 255.255.255.255 On-link 192.168.1.76 296
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.76 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.76 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:9d38:953c:384a:347b:3f57:feb3/128
On-link
14 296 fe80::/64 On-link
15 306 fe80::/64 On-link
14 296 fe80::347e:c583:fef7:17e6/128
On-link
15 306 fe80::384a:347b:3f57:feb3/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
14 296 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/08/2012 07:24:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDTray.exe, version: 2.0.7.126, time stamp: 0x4f314f1e
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002f378
Faulting process id: 0xc54
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (08/08/2012 06:08:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2012 05:28:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (08/08/2012 05:28:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

Error: (08/08/2012 05:28:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2012 05:28:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDTray.exe, version: 2.0.7.126, time stamp: 0x4f314f1e
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002f378
Faulting process id: 0xb98
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (08/08/2012 05:02:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2012 04:20:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: SDTray.exe, version: 2.0.7.126, time stamp: 0x4f314f1e
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002f378
Faulting process id: 0x163c
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (08/08/2012 03:31:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2012 01:29:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/08/2012 06:28:46 PM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (08/08/2012 04:54:04 PM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (08/08/2012 03:09:33 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/08/2012 03:09:33 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/08/2012 03:09:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/08/2012 03:09:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/08/2012 02:49:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/08/2012 02:49:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/08/2012 02:49:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/08/2012 02:49:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/08/2012 07:24:02 PM) (Source: Application Error)(User: )
Description: SDTray.exe2.0.7.1264f314f1entdll.dll6.1.7601.177254ec49b8fc00000050002f378c5401cd75b231895131C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Windows\SysWOW64\ntdll.dll23053842-e1b0-11e1-965b-402cf4263f26

Error: (08/08/2012 06:08:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2012 05:28:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (08/08/2012 05:28:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

Error: (08/08/2012 05:28:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2012 05:28:31 PM) (Source: Application Error)(User: )
Description: SDTray.exe2.0.7.1264f314f1entdll.dll6.1.7601.177254ec49b8fc00000050002f378b9801cd75a93f905d40C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Windows\SysWOW64\ntdll.dllffbe5198-e19f-11e1-815f-402cf4263f26

Error: (08/08/2012 05:02:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2012 04:20:33 PM) (Source: Application Error)(User: )
Description: SDTray.exe2.0.7.1264f314f1entdll.dll6.1.7601.177254ec49b8fc00000050002f378163c01cd759c9a9291d1C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Windows\SysWOW64\ntdll.dll815acb76-e196-11e1-add9-402cf4263f26

Error: (08/08/2012 03:31:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2012 01:29:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe After Effects CS5.5 Third Party Content (Version: 10.5)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Media Player (Version: 1.8)
Adobe Reader X MUI (Version: 10.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe Story (Version: 1.0.571)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.11 Beta1)
Audacity 2.0
AuthenTec TrueAPI (Version: 1.3.0.144)
AutoCAD 2013 - English (Version: 19.0.55.0)
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0)
Autodesk Content Service (Version: 3.0.84.0)
Autodesk Content Service Language Pack (Version: 3.0.84.0)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230)
Autodesk Material Library 2013 (Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bing Bar (Version: 7.0.822.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blender (Version: 2.62-release)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: )
Brother MFL-Pro Suite MFC-7340 (Version: 1.0.1.0)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Canon MX430 series MP Drivers
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dexpot (Version: 1.5.99)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DiskAid 5.12 (Version: 5.12)
Dora's World Adventure (Version: 2.2.0.95)
Dropbox (Version: 1.4.9)
eMedia Piano and Keyboard Method
Energy Star Digital Logo (Version: 1.0.1)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Evernote v. 4.5.4 (Version: 4.5.4.6497)
Farm Frenzy (Version: 2.2.0.95)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
FATE - The Traitor Soul (Version: 2.2.0.95)
FLAC 1.2.1b (remove only) (Version: 1.2.1b)
Freemake Video Converter version 3.0.2 (Version: 3.0.2)
Google Chrome (Version: 21.0.1180.60)
Google Earth (Version: 6.2.2.6613)
Google SketchUp 8 (Version: 3.0.11752)
Google Talk Plugin (Version: 3.3.3.8675)
Google Update Helper (Version: 1.3.21.115)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HFSExplorer 0.21 (Version: 0.21)
HitmanPro 3.6 (Version: 3.6.1.163)
HP 3D DriveGuard (Version: 4.1.5.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (Version: 4.0.45.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Games (Version: 1.0.2.4)
HP On Screen Display (Version: 1.1.2)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (Version: 14.0)
HP Power Manager (Version: 1.2.3)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13253.3682)
HP SimplePass 2011 (Version: 5.3.0.273)
HP Software Framework (Version: 4.0.110.1)
HP Support Assistant (Version: 6.1.12.1)
iCloud (Version: 1.1.0.40)
IDT Audio (Version: 1.0.6329.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2291)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 31 (Version: 6.0.310)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
Live 8.2.2
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (Version: 5.0.0)
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 1.00.0000)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 1.00.0000)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Thunderbird 11.0.1 (x86 en-US) (Version: 11.0.1)
Mozilla Thunderbird 12.0.1 (x86 en-US) (Version: 12.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Network64 (Version: 140.0.212.000)
Norton Internet Security (Version: 19.7.1.5)
Paragon HFS+ for Windows™ 9.0 (Version: 1.00)
PDF Settings CS5 (Version: 10.0)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
PS_AIO_07_D110_SW_Min (Version: 140.0.142.000)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek PCIE Card Reader (Version: 6.1.7600.74)
Recovery Manager (Version: 2.0.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Scan (Version: 140.0.77.000)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.10 (Version: 5.10.116)
Slingo Supreme (Version: 2.2.0.95)
Songbird 1.10.3 (Build 2288)
Spybot - Search & Destroy 2 (Version: 2.0.7)
Steinberg Hypersonic VSTi DXi v2.0
Synaptics TouchPad Driver (Version: 15.3.29.0)
Toolbox (Version: 140.0.424.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Validity WBF DDK (Version: 4.3.118.0)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 2.0.1 (Version: 2.0.1)
Vuze (Version: 4.7)
WampServer 2.2
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 6091.86 MB
Available physical RAM: 3315.8 MB
Total Pagefile: 12181.91 MB
Available Pagefile: 9168.58 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.93 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:681.57 GB) (Free:401.78 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.77 GB) (Free:1.84 GB) NTFS

========================= Users: ========================================

User accounts for \\CHRIS

Administrator Chris Guest
GuestUser


**** End of log ****

#6 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 06:00 PM

First Malwarebytes run


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS [administrator]

8/8/2012 10:30:35 AM
mbam-log-2012-08-08 (10-30-35).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 484579
Time elapsed: 1 hour(s), 8 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\Microsoft\Windows\DRM\91C8.tmp.dat (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\cache\Broadcom\mibhoh.dll (Trojan.Agent.FakeSEC) -> Quarantined and deleted successfully.
C:\Users\Chris\Documents\Vuze Downloads\Quick.Time.Pro.7.66.71.0.Incl.Keygen\Quick.Time.Pro.7.66.71.0.Incl.Keygen\Keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)

Second Malware run


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Chris :: CHRIS [administrator]

8/8/2012 1:33:30 PM
mbam-log-2012-08-08 (13-33-30).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 492099
Time elapsed: 55 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 06:22 PM

I've attempted to run aswMBR.exe two times. During each scan my computer has crashed to a BSOD with error "DRIVER_IRQL_NOT_LESS_OR_EQUAL". After reboot the unexpected shut down error appeared with this log:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 0000000000000000
BCP2: 0000000000000002
BCP3: 0000000000000008
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\080912-68562-01.dmp
C:\Users\Chris\AppData\Local\Temp\WER-172303-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:08 AM

Posted 09 August 2012 - 06:25 PM

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 07:00 PM

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/09/2012 07:59:56 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 2912) [AU-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/09/2012 08:00:20 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:08 AM

Posted 09 August 2012 - 07:48 PM

I don't see much there.

Can you check if IE is redirected as well?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 08:06 PM

It does not appear to be redirecting.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:08 AM

Posted 09 August 2012 - 08:21 PM

Uninstall Chrome....

  • Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
  • Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
  • Select the default browser you'd like to use.
  • Click OK in the confirmation prompt.
The uninstall process will begin.


Install fresh copy.

=======================================

Uninstall Firefox completely using this guide: http://kb.mozillazine.org/Uninstalling_Firefox

Install fresh copy.




Let me know how it went.












My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 08:59 PM

REALLY!!? A simple two second step is gonna fix both of them? How in the world... So what happened? My virus remover removed the trojan and then it was just left in cache or something? Neither are redirecting anymore... I am of course worried I am still infected though...

Also two unrelated questions.. 1. Accidentally installed babylon software, now in i.e, it is the default search, I thought I cleared that, any idea how to? 2. Can I import my backed up bookmarks into chrome and firefox? or should is it better to try to manually read the backup files and re-bookmark links.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:08 AM

Posted 09 August 2012 - 09:04 PM

Good news :)

My virus remover removed the trojan and then it was just left in cache or something?

That, or some other internal leftover.

As for IE, open it, go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE.
Gone?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Chris0212

Chris0212
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 August 2012 - 09:20 PM

Gone!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users