Got a rootkit (Trojan: DOS/Alureon.A ) Please Help Me

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
Got a rootkit (Trojan: DOS/Alureon.A ) Ran Superanti Spyware Scan and Malewarebites scan and Windows Security Essentials. Tried to turn on defender but system will not let me. Tried to make a offline boot disc with defender but can't do that either. Any help I sure would be greatfull. Thanks Don
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:35:34 AM, on 1/19/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\RunOnce: [Application Restart #7] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11431 bytes
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Owner at 8:36:26 on 2013-01-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1467 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRunOnce: [Application Restart #7] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{25D81EBF-1A16-453A-9E33-FEE822589865} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3re8mv4r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 MpKslacd878dc;MpKslacd878dc;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\MpKslacd878dc.sys [2013-1-19 35664]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-23 202752]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-7-9 21560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2009-8-23 17992]
R3 AVerAVF2;AVerAVF2;C:\Windows\System32\drivers\AVerAVF2.sys [2010-11-11 1212416]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2009-9-16 14328]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-8-24 1885792]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\System32\drivers\NW1950.sys [2009-9-16 25080]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-23 233472]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-8-23 34872]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-23 35104]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-4 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-4 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-16 1255736]
.
=============== Created Last 30 ================
.
2013-01-19 05:51:34 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\offreg.dll
2013-01-19 05:51:33 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\MpKslacd878dc.sys
2013-01-19 02:41:54 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{805E16D0-7EDC-49B8-89BA-F9A0B01CCD46}\gapaengine.dll
2013-01-19 02:41:51 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\mpengine.dll
2013-01-19 02:40:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-19 02:40:28 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-19 02:36:22 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7AD23175-FBC0-4A8F-BACB-E08820D8298B}\mpengine.dll
2013-01-18 21:06:29 20480 ----a-w- C:\Windows\svchost.exe
2013-01-09 18:47:37 -------- d-----w- C:\ProgramData\CanonIJPLM
2013-01-09 18:44:30 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX
2013-01-09 18:44:23 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2013-01-09 18:44:23 -------- d--h--w- C:\ProgramData\CanonEPP
2013-01-09 18:44:15 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2013-01-09 18:41:01 -------- d-----w- C:\ProgramData\CanonIJMSetup
2013-01-09 18:40:50 -------- d-----w- C:\Program Files\Common Files\CANON
2013-01-09 18:40:42 -------- d-----w- C:\ProgramData\CanonIJWSpt
2013-01-09 18:38:54 -------- d-----w- C:\Program Files\Canon
2013-01-09 18:38:09 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA9.DLL
2013-01-09 18:38:09 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA9.DLL
2013-01-09 18:37:50 361472 ----a-w- C:\Windows\System32\CNMLMA9.DLL
2013-01-09 18:37:38 248320 ----a-w- C:\Windows\System32\CNMIUA9.DLL
2013-01-09 18:37:19 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2013-01-09 18:37:19 -------- d-----w- C:\Windows\System32\STRING
2013-01-09 18:37:18 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2013-01-09 18:36:25 -------- d-----w- C:\Program Files (x86)\Canon
2013-01-09 12:47:43 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 12:47:43 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 12:43:52 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 12:43:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 12:43:28 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 12:43:27 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 12:43:27 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 12:11:19 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 12:11:18 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 12:09:09 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-07 23:36:26 348672 ----a-w- C:\Windows\System32\CNC495L.dll
2013-01-07 23:36:26 307200 ----a-w- C:\Windows\SysWow64\CNC495L.dll
2013-01-07 23:36:26 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-01-07 23:36:26 1354240 ----a-w- C:\Windows\System32\CNC495C.dll
2013-01-07 23:36:26 112128 ----a-w- C:\Windows\System32\CNC495I.dll
2013-01-07 23:36:26 106496 ----a-w- C:\Windows\SysWow64\CNC495U.dll
2013-01-07 23:36:25 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2013-01-04 18:03:46 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-01-04 18:03:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-04 18:03:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-04 18:03:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-04 18:03:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-04 18:00:25 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-01-04 18:00:25 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-01-04 18:00:24 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-01-04 18:00:24 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-01-04 18:00:17 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-01-04 18:00:17 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-01-04 18:00:17 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-01-04 17:51:58 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-01-04 17:50:22 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-01-04 17:48:59 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-01-04 17:48:59 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-01-04 17:19:15 -------- d-----w- C:\Program Files\CCleaner
2013-01-04 16:59:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-01-04 16:59:20 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-04 16:59:18 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-04 16:59:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-04 16:59:05 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2013-01-04 16:45:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 16:45:06 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2013-01-04 16:45:03 4096000 ----a-w- C:\Program Files (x86)\GUTBE31.tmp
2013-01-04 16:45:03 -------- d-----w- C:\Program Files (x86)\GUMBE21.tmp
2013-01-04 16:44:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-01-04 16:44:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-12-24 16:21:28 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
2012-12-24 12:17:28 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-21 08:00:35 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 08:00:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 08:00:33 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 08:00:32 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 03:18:06 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 8:37:06.99 ===============
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/16/2012 1:56:43 PM
System Uptime: 1/19/2013 12:51:04 AM (8 hours ago)
.
Motherboard: PEGATRON CORPORATION | | JESSE
Processor: AMD Athlon(tm) II X2 240e Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 527.641 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: HP Integrated Module with Bluetooth 2.1 + EDR Wireless Technology
Device ID: USB\VID_0A5C&PID_21B1\00247EFBC6AC
Manufacturer: Broadcom
Name: HP Integrated Module with Bluetooth 2.1 + EDR Wireless Technology
PNP Device ID: USB\VID_0A5C&PID_21B1\00247EFBC6AC
Service: BTHUSB
.
==== System Restore Points ===================
.
RP105: 1/2/2013 6:01:53 PM - Windows Update
RP106: 1/4/2013 12:57:58 PM - Windows Update
RP107: 1/6/2013 7:00:02 PM - Windows Backup
RP108: 1/8/2013 6:22:03 AM - Windows Update
RP109: 1/10/2013 3:00:14 AM - Windows Update
RP110: 1/13/2013 7:00:02 PM - Windows Backup
RP111: 1/15/2013 6:45:22 PM - HPSF Restore Point
RP112: 1/16/2013 7:01:52 AM - Windows Update
RP113: 1/18/2013 9:36:01 PM - Windows Update
.
==== Installed Programs ======================
.
1701 A.D.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Amazing Adventures Around the World
Amazing Adventures The Caribbean Secret
Amazing Adventures The Lost Tomb
AMD USB Filter Driver
ATI Catalyst Install Manager
Big Fish Games: Game Manager
Bing Desktop
Bluetooth by hp
Buttons & OSDs control application gen3
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Escape Whisper Valley
Google Update Helper
Hardware Diagnostic Tools
HP Advisor
HP Customer Experience Enhancements
HP Desktop Keyboard
HP Games
HP MediaSmart DVD
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP TouchSmart
HP TouchSmart Browser
HP TouchSmart Calendar
HP TouchSmart Canvas
HP TouchSmart Clock
HP TouchSmart Link
HP TouchSmart Live TV
HP TouchSmart Movie Themes
HP TouchSmart Music/Photo/Video
HP TouchSmart Netflix
HP TouchSmart Notes
HP TouchSmart RecipeBox
HP TouchSmart RSS
HP TouchSmart Tutorials
HP TouchSmart Twitter
HP TouchSmart Weather
HP TouchSmart Webcam
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
Java Auto Updater
Java(TM) 6 Update 30
LabelPrint
Legends of Discovery
LightScribe System Software
Mahjongg Master 5
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files&reg;: Escape from Ravenhearst&#8482; Collector's Edition
Mystery Case Files: Huntsville &#8482;
OpenOffice.org 3.3
PokerStars.net
Power2Go
PowerDirector
PowerRecover
Redemption Cemetery: Children's Plight
Redemption Cemetery: Curse of the Raven
Skype Click to Call
Skype&#8482; 6.0
SoundMAX
SUPERAntiSpyware
Update Installer for WildTangent Games App
Virtual Earth 3D (Beta)
WildTangent Games App (HP Games)
.
==== Event Viewer Messages From Past Week ========
.
1/18/2013 9:50:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/18/2013 9:50:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/18/2013 9:50:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/18/2013 3:03:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/18/2013 2:09:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 2:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/18/2013 2:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/18/2013 2:09:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/18/2013 2:09:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/18/2013 2:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/18/2013 2:08:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 2:08:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2013 12:54:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 12:52:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/18/2013 12:51:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2013 12:49:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/18/2013 12:49:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/18/2013 12:49:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 9:50:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/17/2013 9:50:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 9:50:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 9:40:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 9:40:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 9:40:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/17/2013 9:39:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
1/17/2013 9:39:54 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.141.3531.0;1.141.3531.0 Engine version: 1.1.9002.0
1/17/2013 9:36:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/17/2013 9:36:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 9:36:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 7:45:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/17/2013 7:45:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 7:45:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 10:10:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/17/2013 10:10:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/17/2013 10:10:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/16/2013 11:24:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/16/2013 11:24:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/16/2013 11:24:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/16/2013 10:26:10 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.141.3531.0;1.141.3531.0 Engine version: 1.1.9002.0
1/15/2013 10:21:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/15/2013 10:21:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/15/2013 10:21:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/15/2013 10:04:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/15/2013 10:04:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/15/2013 10:04:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/14/2013 6:21:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/14/2013 6:21:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/14/2013 2:21:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/14/2013 2:21:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/14/2013 10:23:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
1/14/2013 10:23:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
1/14/2013 10:21:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/14/2013 10:04:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/13/2013 2:13:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/13/2013 10:04:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/13/2013 10:04:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/12/2013 10:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/12/2013 10:03:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-19 08:42:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000054 SAMSUNG_ rev.1AA0 596.17GB
Running: 1h2l847u.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwloapow.sys


---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2400:3576] 00000000710eb684
Thread C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2400:3776] 00000000707c838a
Thread c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [3348:3184] 000000006f59786a
Thread c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [3348:2704] 00000000100219d0
Thread c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2720:3620] 0000000076f32e25
Thread c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2720:5128] 0000000076f33e45
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4232] 000007fef3f3cc10
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4236] 000007fef3dfb564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4244] 000007fef3dfb564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4248] 000007fef3dfb564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4256] 000007fef3dfb564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4260] 000007fef3dfb564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4264] 000007fef3f0f718
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4272] 000007fef3dfb564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4276] 000007fef3dfb564
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4280] 000007fef3df143c
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4360] 000007fef4436050
Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:7384] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4312] 000007fef3f3cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4316] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4320] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4328] 000007fef3f0f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4348] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4352] 000007fef4436050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4372] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4376] 000007fef7a42a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4384] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4392] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4404] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4448] 000007fef3df143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4460] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:1268] 000007fef3dfb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:6472] 000007fef3dfb564
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5048:3852] 000007fef7a42a7c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4532] 000000006158628d
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7428] 00000000615852c2
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6540] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4124] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5344] 00000000716562ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7756] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6892] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4656] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7804] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:3832] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:3884] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6008] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:8048] 0000000076f32e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:2940] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6952] 00000000712927e1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:8036] 0000000076f37111
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4948] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7968] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:860] 000000006c0832fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5492] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1996] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4580] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1984] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5436] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7016] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:308] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:2564] 0000000076f33e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7332] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5724] 000000006d329827
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4080] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4936] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4100] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7028] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1484] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7716] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1420] 0000000074f4d864
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7864] 0000000076f33e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7508] 0000000076f33e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:2180] 000000006a6ec724
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:3708] 00000000615852c2
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:3508] 000000006073eb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:2612] 000000006073eb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:5792] 0000000076f32e25
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6060] 0000000076f33e45
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:2688] 000000006073eb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:5456] 000000006073eb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6664] 00000000712927e1
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:3180] 0000000076f37111
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6980] 0000000076f33e45
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6572] 0000000076f33e45
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2400] 0000000073030000
Library ? (*** suspicious ***) @ c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224] 000007fefdac0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296] 000007fefdac0000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5048] 000007feeb420000
Library \\.\globalroot\systemroot\svchost.exe (*** suspicious ***) @ \\.\globalroot\systemroot\svchost.exe [7904] 0000000000270000

---- EOF - GMER 2.0 ----
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Welcome.

Lets try Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------​
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------​
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------​
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
Ran combo Fix. It produced a report fine. How ever when I went to get back on the net to post the report.
I clicked on Firefox and Explorer and a box came up Saying " Illegal operation attempted on registry key that has been marked for deletion." An I cant get to the internet. Not sure what to do next. I am using another machine to post this. I did not touch the machine after combofix started until the report came up.
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
Here is the Combofix report

ComboFix 13-01-23.01 - Owner 01/23/2013 15:48:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2354 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Island
c:\users\Owner\AppData\Roaming\Island\space.rgt
c:\windows\inf\autorun.inf
c:\windows\inf\win32
c:\windows\inf\win32\0x0404.ini
c:\windows\inf\win32\0x0405.ini
c:\windows\inf\win32\0x0406.ini
c:\windows\inf\win32\0x0407.ini
c:\windows\inf\win32\0x0408.ini
c:\windows\inf\win32\0x0409.ini
c:\windows\inf\win32\0x040a.ini
c:\windows\inf\win32\0x040b.ini
c:\windows\inf\win32\0x040c.ini
c:\windows\inf\win32\0x040e.ini
c:\windows\inf\win32\0x0410.ini
c:\windows\inf\win32\0x0411.ini
c:\windows\inf\win32\0x0412.ini
c:\windows\inf\win32\0x0413.ini
c:\windows\inf\win32\0x0414.ini
c:\windows\inf\win32\0x0415.ini
c:\windows\inf\win32\0x0416.ini
c:\windows\inf\win32\0x0418.ini
c:\windows\inf\win32\0x0419.ini
c:\windows\inf\win32\0x041a.ini
c:\windows\inf\win32\0x041d.ini
c:\windows\inf\win32\0x041f.ini
c:\windows\inf\win32\0x0804.ini
c:\windows\inf\win32\0x0816.ini
c:\windows\inf\win32\1028.mst
c:\windows\inf\win32\1029.mst
c:\windows\inf\win32\1030.mst
c:\windows\inf\win32\1031.mst
c:\windows\inf\win32\1032.mst
c:\windows\inf\win32\1033.mst
c:\windows\inf\win32\1034.mst
c:\windows\inf\win32\1035.mst
c:\windows\inf\win32\1036.mst
c:\windows\inf\win32\1038.mst
c:\windows\inf\win32\1040.mst
c:\windows\inf\win32\1041.mst
c:\windows\inf\win32\1042.mst
c:\windows\inf\win32\1043.mst
c:\windows\inf\win32\1044.mst
c:\windows\inf\win32\1045.mst
c:\windows\inf\win32\1046.mst
c:\windows\inf\win32\1048.mst
c:\windows\inf\win32\1049.mst
c:\windows\inf\win32\1050.mst
c:\windows\inf\win32\1053.mst
c:\windows\inf\win32\1055.mst
c:\windows\inf\win32\2052.mst
c:\windows\inf\win32\2070.mst
c:\windows\inf\win32\BBalloon.dll
c:\windows\inf\win32\brcmVista\bcbthid32.cat
c:\windows\inf\win32\brcmVista\bcbthid32.inf
c:\windows\inf\win32\brcmVista\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmVista\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmVista\btusbflt.sys
c:\windows\inf\win32\brcmVista\DPInst.exe
c:\windows\inf\win32\brcmWin7\bcbthid32.cat
c:\windows\inf\win32\brcmWin7\bcbthid32.inf
c:\windows\inf\win32\brcmWin7\bcbtums-win7x86-brcm.cat
c:\windows\inf\win32\brcmWin7\Bcbtums-Win7x86-brcm.inf
c:\windows\inf\win32\brcmWin7\btusbflt.sys
c:\windows\inf\win32\brcmWin7\DPInst.exe
c:\windows\inf\win32\BtSetup.dll
c:\windows\inf\win32\BTW.msi
c:\windows\inf\win32\btw_ci.dll
c:\windows\inf\win32\btwaudio.cat
c:\windows\inf\win32\btwaudio.inf
c:\windows\inf\win32\btwaudio.sys
c:\windows\inf\win32\btwavdt.cat
c:\windows\inf\win32\btwavdt.inf
c:\windows\inf\win32\btwavdt.sys
c:\windows\inf\win32\btwl2cap.cat
c:\windows\inf\win32\btwl2cap.inf
c:\windows\inf\win32\BTWL2CAP.sys
c:\windows\inf\win32\BtwMM.exe
c:\windows\inf\win32\btwprofpack.dll
c:\windows\inf\win32\btwrchid.cat
c:\windows\inf\win32\btwrchid.inf
c:\windows\inf\win32\btwrchid.sys
c:\windows\inf\win32\BtwRSupport.dll
c:\windows\inf\win32\Data1.cab
c:\windows\inf\win32\Inst.exe
c:\windows\inf\win32\instmsia.exe
c:\windows\inf\win32\instmsiw.exe
c:\windows\inf\win32\Setup.exe
c:\windows\inf\win32\Setup.ini
c:\windows\inf\win32\svcpack\SvcPack.ini
c:\windows\svchost.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 20:55 . 2013-01-23 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 02:41 . 2013-01-19 02:41 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{805E16D0-7EDC-49B8-89BA-F9A0B01CCD46}\gapaengine.dll
2013-01-19 02:41 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-19 02:40 . 2013-01-19 02:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-19 02:40 . 2013-01-19 02:40 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-19 02:36 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AD23175-FBC0-4A8F-BACB-E08820D8298B}\mpengine.dll
2013-01-09 18:47 . 2013-01-10 08:20 -------- d-----w- c:\programdata\CanonIJPLM
2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX
2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonEPP
2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2013-01-09 18:41 . 2013-01-09 18:41 -------- d-----w- c:\programdata\CanonIJMSetup
2013-01-09 18:40 . 2013-01-09 18:40 -------- d-----w- c:\program files\Common Files\CANON
2013-01-09 18:40 . 2013-01-09 18:40 -------- d-----w- c:\programdata\CanonIJWSpt
2013-01-09 18:38 . 2013-01-09 18:38 -------- d-----w- c:\program files\Canon
2013-01-09 18:38 . 2013-01-09 18:38 -------- d--h--w- c:\programdata\CanonBJ
2013-01-09 18:38 . 2010-08-25 10:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPA9.DLL
2013-01-09 18:38 . 2010-08-25 10:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDA9.DLL
2013-01-09 18:38 . 2013-01-09 18:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-01-09 18:37 . 2010-08-25 10:00 361472 ----a-w- c:\windows\system32\CNMLMA9.DLL
2013-01-09 18:37 . 2010-03-11 07:57 248320 ----a-w- c:\windows\system32\CNMIUA9.DLL
2013-01-09 18:37 . 2013-01-09 18:37 -------- d-----w- c:\windows\system32\STRING
2013-01-09 18:37 . 2010-02-05 09:37 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
2013-01-09 18:37 . 2010-02-05 09:37 327680 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2013-01-09 18:36 . 2013-01-09 18:49 -------- d-----w- c:\program files (x86)\Canon
2013-01-09 12:47 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 12:47 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 12:43 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 12:43 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 12:43 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 12:43 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 12:43 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 12:11 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 12:11 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 12:09 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-07 23:36 . 2010-03-19 00:26 348672 ----a-w- c:\windows\system32\CNC495L.dll
2013-01-07 23:36 . 2010-03-19 00:25 307200 ----a-w- c:\windows\SysWow64\CNC495L.dll
2013-01-07 23:36 . 2010-03-18 22:13 1354240 ----a-w- c:\windows\system32\CNC495C.dll
2013-01-07 23:36 . 2010-03-18 22:13 112128 ----a-w- c:\windows\system32\CNC495I.dll
2013-01-07 23:36 . 2010-03-18 22:11 106496 ----a-w- c:\windows\SysWow64\CNC495U.dll
2013-01-07 23:36 . 2008-08-25 23:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2013-01-07 23:36 . 2008-08-25 23:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2013-01-04 18:03 . 2013-01-04 18:03 -------- d-----w- c:\program files (x86)\Microsoft
2013-01-04 18:03 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-04 18:03 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-04 18:03 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-04 18:03 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-04 18:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-04 18:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-04 18:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-04 18:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-04 18:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-04 18:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-04 18:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-04 17:51 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-04 17:50 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-01-04 17:48 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-01-04 17:48 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-01-04 17:19 . 2013-01-04 17:19 -------- d-----w- c:\program files\CCleaner
2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-04 16:59 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\users\Owner\AppData\Local\Google
2013-01-04 16:45 . 2013-01-04 17:05 4096000 ----a-w- c:\program files (x86)\GUTBE31.tmp
2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\program files (x86)\Google
2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\program files (x86)\GUMBE21.tmp
2013-01-04 16:44 . 2013-01-17 14:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-04 16:44 . 2013-01-04 16:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 03:18 . 2012-12-24 12:17 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 03:18 . 2012-01-17 15:03 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 22:31 . 2012-01-16 19:42 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-14 07:06 . 2012-12-13 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 08:00 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 08:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 08:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 11:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 11:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 11:40 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 11:40 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-05-19 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 bcmaeoah;bcmaeoah;c:\windows\system32\drivers\bcmaeoah.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1255736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-09-17 14328]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-08-24 1885792]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-09-17 25080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-24 03:18]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 16:45]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 16:45]
.
2013-01-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-24 21:38]
.
2012-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3re8mv4r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e9,ec,d5,2d,c8,dd,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2013-01-23 16:01:43 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-23 21:01
.
Pre-Run: 566,230,769,664 bytes free
Post-Run: 565,531,602,944 bytes free
.
- - End Of File - - E381A9BD455785C927AF2E40987E4063
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
OK I read the fine print and rebooted the system. LOL sorry. Now I can get on the internet.
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file here.
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-23 18:43:20
-----------------------------
18:43:20.244 OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:20.244 Number of processors: 2 586 0x602
18:43:20.244 ComputerName: OWNER-PC UserName: Owner
18:43:23.773 Initialize success
18:43:39.935 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
18:43:39.939 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 11
18:43:39.941 Device \Driver\amdsata -> MajorFunction fffffa8004c7b5e8
18:43:39.944 Disk 0 MBR read successfully
18:43:39.948 Disk 0 MBR scan
18:43:39.950 Disk 0 unknown MBR code
18:43:39.962 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:43:39.973 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596887 MB offset 206848
18:43:40.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13491 MB offset 1222631424
18:43:40.030 Disk 0 scanning C:\Windows\system32\drivers
18:43:47.447 Service scanning
18:44:00.670 Modules scanning
18:44:00.681 Disk 0 trace - called modules:
18:44:00.688 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys >>UNKNOWN [0xfffffa8004c7b5e8]<<
18:44:01.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045d3060]
18:44:01.024 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80036ee040]
18:44:01.029 5 amdxata.sys[fffff880010bf7a8] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8004559820]
18:44:01.035 \Driver\amdsata[0xfffffa8004c152b0] -> IRP_MJ_CREATE -> 0xfffffa8004c7b5e8
18:44:01.050 Scan finished successfully
18:44:25.215 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:44:25.223 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
It would not let me open the MBR.dat file. So I will try to attach it. If that is OK
 

dneighbor

Thread Starter
Joined
Dec 20, 2010
Messages
423
OK Boy having a heck of a time with the fine print today LOL. I finally got that you wanted me to click on the ( Here ) and post it. So I did that
Malware Submission Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top