1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Got a rootkit (Trojan: DOS/Alureon.A ) Please Help Me

Discussion in 'Virus & Other Malware Removal' started by dneighbor, Jan 19, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Got a rootkit (Trojan: DOS/Alureon.A ) Ran Superanti Spyware Scan and Malewarebites scan and Windows Security Essentials. Tried to turn on defender but system will not let me. Tried to make a offline boot disc with defender but can't do that either. Any help I sure would be greatfull. Thanks Don
     
  2. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:35:34 AM, on 1/19/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Users\Owner\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
    O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\RunOnce: [Application Restart #7] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11431 bytes
     
  3. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Owner at 8:36:26 on 2013-01-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1467 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRunOnce: [Application Restart #7] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
    mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{25D81EBF-1A16-453A-9E33-FEE822589865} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3re8mv4r.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\nphdplg.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 MpKslacd878dc;MpKslacd878dc;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\MpKslacd878dc.sys [2013-1-19 35664]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-23 202752]
    R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-7-9 21560]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2009-8-23 17992]
    R3 AVerAVF2;AVerAVF2;C:\Windows\System32\drivers\AVerAVF2.sys [2010-11-11 1212416]
    R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2009-9-16 14328]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-8-24 1885792]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\System32\drivers\NW1950.sys [2009-9-16 25080]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-23 233472]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-8-23 34872]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-23 35104]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-4 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-4 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-16 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-19 05:51:34 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\offreg.dll
    2013-01-19 05:51:33 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\MpKslacd878dc.sys
    2013-01-19 02:41:54 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{805E16D0-7EDC-49B8-89BA-F9A0B01CCD46}\gapaengine.dll
    2013-01-19 02:41:51 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7C8D49F-FC45-4458-808E-B4393F551956}\mpengine.dll
    2013-01-19 02:40:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2013-01-19 02:40:28 -------- d-----w- C:\Program Files\Microsoft Security Client
    2013-01-19 02:36:22 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7AD23175-FBC0-4A8F-BACB-E08820D8298B}\mpengine.dll
    2013-01-18 21:06:29 20480 ----a-w- C:\Windows\svchost.exe
    2013-01-09 18:47:37 -------- d-----w- C:\ProgramData\CanonIJPLM
    2013-01-09 18:44:30 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX
    2013-01-09 18:44:23 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
    2013-01-09 18:44:23 -------- d--h--w- C:\ProgramData\CanonEPP
    2013-01-09 18:44:15 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
    2013-01-09 18:41:01 -------- d-----w- C:\ProgramData\CanonIJMSetup
    2013-01-09 18:40:50 -------- d-----w- C:\Program Files\Common Files\CANON
    2013-01-09 18:40:42 -------- d-----w- C:\ProgramData\CanonIJWSpt
    2013-01-09 18:38:54 -------- d-----w- C:\Program Files\Canon
    2013-01-09 18:38:09 87040 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA9.DLL
    2013-01-09 18:38:09 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA9.DLL
    2013-01-09 18:37:50 361472 ----a-w- C:\Windows\System32\CNMLMA9.DLL
    2013-01-09 18:37:38 248320 ----a-w- C:\Windows\System32\CNMIUA9.DLL
    2013-01-09 18:37:19 37376 ----a-w- C:\Windows\System32\CNMN6UI.DLL
    2013-01-09 18:37:19 -------- d-----w- C:\Windows\System32\STRING
    2013-01-09 18:37:18 327680 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
    2013-01-09 18:36:25 -------- d-----w- C:\Program Files (x86)\Canon
    2013-01-09 12:47:43 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 12:47:43 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 12:43:52 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-09 12:43:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 12:43:28 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 12:43:27 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 12:43:27 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 12:11:19 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 12:11:18 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 12:09:09 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-07 23:36:26 348672 ----a-w- C:\Windows\System32\CNC495L.dll
    2013-01-07 23:36:26 307200 ----a-w- C:\Windows\SysWow64\CNC495L.dll
    2013-01-07 23:36:26 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
    2013-01-07 23:36:26 1354240 ----a-w- C:\Windows\System32\CNC495C.dll
    2013-01-07 23:36:26 112128 ----a-w- C:\Windows\System32\CNC495I.dll
    2013-01-07 23:36:26 106496 ----a-w- C:\Windows\SysWow64\CNC495U.dll
    2013-01-07 23:36:25 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
    2013-01-04 18:03:46 -------- d-----w- C:\Program Files (x86)\Microsoft
    2013-01-04 18:03:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2013-01-04 18:03:07 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2013-01-04 18:03:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2013-01-04 18:03:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-01-04 18:00:25 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2013-01-04 18:00:25 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2013-01-04 18:00:24 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2013-01-04 18:00:24 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2013-01-04 18:00:17 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2013-01-04 18:00:17 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2013-01-04 18:00:17 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2013-01-04 17:51:58 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2013-01-04 17:50:22 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2013-01-04 17:48:59 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2013-01-04 17:48:59 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2013-01-04 17:19:15 -------- d-----w- C:\Program Files\CCleaner
    2013-01-04 16:59:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2013-01-04 16:59:20 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-04 16:59:18 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-04 16:59:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-04 16:59:05 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
    2013-01-04 16:45:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-04 16:45:06 -------- d-----w- C:\Users\Owner\AppData\Local\Google
    2013-01-04 16:45:03 4096000 ----a-w- C:\Program Files (x86)\GUTBE31.tmp
    2013-01-04 16:45:03 -------- d-----w- C:\Program Files (x86)\GUMBE21.tmp
    2013-01-04 16:44:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-01-04 16:44:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-12-24 16:21:28 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia
    2012-12-24 12:17:28 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-21 08:00:35 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 08:00:34 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 08:00:33 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 08:00:32 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 03:18:06 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ============= FINISH: 8:37:06.99 ===============
     
  4. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/16/2012 1:56:43 PM
    System Uptime: 1/19/2013 12:51:04 AM (8 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | JESSE
    Processor: AMD Athlon(tm) II X2 240e Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 527.641 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Description: HP Integrated Module with Bluetooth 2.1 + EDR Wireless Technology
    Device ID: USB\VID_0A5C&PID_21B1\00247EFBC6AC
    Manufacturer: Broadcom
    Name: HP Integrated Module with Bluetooth 2.1 + EDR Wireless Technology
    PNP Device ID: USB\VID_0A5C&PID_21B1\00247EFBC6AC
    Service: BTHUSB
    .
    ==== System Restore Points ===================
    .
    RP105: 1/2/2013 6:01:53 PM - Windows Update
    RP106: 1/4/2013 12:57:58 PM - Windows Update
    RP107: 1/6/2013 7:00:02 PM - Windows Backup
    RP108: 1/8/2013 6:22:03 AM - Windows Update
    RP109: 1/10/2013 3:00:14 AM - Windows Update
    RP110: 1/13/2013 7:00:02 PM - Windows Backup
    RP111: 1/15/2013 6:45:22 PM - HPSF Restore Point
    RP112: 1/16/2013 7:01:52 AM - Windows Update
    RP113: 1/18/2013 9:36:01 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    1701 A.D.
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    Amazing Adventures Around the World
    Amazing Adventures The Caribbean Secret
    Amazing Adventures The Lost Tomb
    AMD USB Filter Driver
    ATI Catalyst Install Manager
    Big Fish Games: Game Manager
    Bing Desktop
    Bluetooth by hp
    Buttons & OSDs control application gen3
    Canon Easy-PhotoPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.0
    Canon MP495 series MP Drivers
    Canon MP495 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    DirectX for Managed Code Update (Summer 2004)
    Escape Whisper Valley
    Google Update Helper
    Hardware Diagnostic Tools
    HP Advisor
    HP Customer Experience Enhancements
    HP Desktop Keyboard
    HP Games
    HP MediaSmart DVD
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP TouchSmart
    HP TouchSmart Browser
    HP TouchSmart Calendar
    HP TouchSmart Canvas
    HP TouchSmart Clock
    HP TouchSmart Link
    HP TouchSmart Live TV
    HP TouchSmart Movie Themes
    HP TouchSmart Music/Photo/Video
    HP TouchSmart Netflix
    HP TouchSmart Notes
    HP TouchSmart RecipeBox
    HP TouchSmart RSS
    HP TouchSmart Tutorials
    HP TouchSmart Twitter
    HP TouchSmart Weather
    HP TouchSmart Webcam
    HP Update
    HPAsset component for HP Active Support Library
    Hulu Desktop
    Java Auto Updater
    Java(TM) 6 Update 30
    LabelPrint
    Legends of Discovery
    LightScribe System Software
    Mahjongg Master 5
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Touch Pack for Windows 7
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.0
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files&reg;: Escape from Ravenhearst&#8482; Collector's Edition
    Mystery Case Files: Huntsville &#8482;
    OpenOffice.org 3.3
    PokerStars.net
    Power2Go
    PowerDirector
    PowerRecover
    Redemption Cemetery: Children's Plight
    Redemption Cemetery: Curse of the Raven
    Skype Click to Call
    Skype&#8482; 6.0
    SoundMAX
    SUPERAntiSpyware
    Update Installer for WildTangent Games App
    Virtual Earth 3D (Beta)
    WildTangent Games App (HP Games)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/18/2013 9:50:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/18/2013 9:50:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/18/2013 9:50:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/18/2013 3:03:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/18/2013 2:09:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 2:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/18/2013 2:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/18/2013 2:09:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/18/2013 2:09:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/18/2013 2:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/18/2013 2:08:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
    1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 2:08:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 2:08:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2013 2:08:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2013 12:54:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 12:52:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/18/2013 12:51:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2013 12:49:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/18/2013 12:49:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/18/2013 12:49:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 9:50:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/17/2013 9:50:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 9:50:15 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 9:40:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 9:40:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 9:40:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/17/2013 9:39:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
    1/17/2013 9:39:54 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.141.3531.0;1.141.3531.0 Engine version: 1.1.9002.0
    1/17/2013 9:36:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/17/2013 9:36:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 9:36:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 7:45:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/17/2013 7:45:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 7:45:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 10:10:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/17/2013 10:10:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/17/2013 10:10:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/16/2013 11:24:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/16/2013 11:24:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/16/2013 11:24:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/16/2013 10:26:10 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.141.3531.0;1.141.3531.0 Engine version: 1.1.9002.0
    1/15/2013 10:21:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/15/2013 10:21:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/15/2013 10:21:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/15/2013 10:04:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/15/2013 10:04:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    1/15/2013 10:04:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/14/2013 6:21:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/14/2013 6:21:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/14/2013 2:21:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/14/2013 2:21:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/14/2013 10:23:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    1/14/2013 10:23:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    1/14/2013 10:21:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/14/2013 10:04:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/13/2013 2:13:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/13/2013 10:04:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/13/2013 10:04:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/12/2013 10:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    1/12/2013 10:03:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3531.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    .
    ==== End Of File ===========================
     
  5. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-19 08:42:15
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000054 SAMSUNG_ rev.1AA0 596.17GB
    Running: 1h2l847u.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwloapow.sys


    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2400:3576] 00000000710eb684
    Thread C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2400:3776] 00000000707c838a
    Thread c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [3348:3184] 000000006f59786a
    Thread c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [3348:2704] 00000000100219d0
    Thread c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2720:3620] 0000000076f32e25
    Thread c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2720:5128] 0000000076f33e45
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4232] 000007fef3f3cc10
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4236] 000007fef3dfb564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4244] 000007fef3dfb564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4248] 000007fef3dfb564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4256] 000007fef3dfb564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4260] 000007fef3dfb564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4264] 000007fef3f0f718
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4272] 000007fef3dfb564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4276] 000007fef3dfb564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4280] 000007fef3df143c
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:4360] 000007fef4436050
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224:7384] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4312] 000007fef3f3cc10
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4316] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4320] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4328] 000007fef3f0f718
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4348] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4352] 000007fef4436050
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4372] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4376] 000007fef7a42a7c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4384] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4392] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4404] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4448] 000007fef3df143c
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:4460] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:1268] 000007fef3dfb564
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296:6472] 000007fef3dfb564
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5048:3852] 000007fef7a42a7c
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4532] 000000006158628d
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7428] 00000000615852c2
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6540] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4124] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5344] 00000000716562ee
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7756] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6892] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4656] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7804] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:3832] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:3884] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6008] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:8048] 0000000076f32e25
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:2940] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:6952] 00000000712927e1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:8036] 0000000076f37111
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4948] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7968] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:860] 000000006c0832fb
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5492] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1996] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4580] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1984] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5436] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7016] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:308] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:2564] 0000000076f33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7332] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:5724] 000000006d329827
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4080] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4936] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:4100] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7028] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1484] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7716] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:1420] 0000000074f4d864
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7864] 0000000076f33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:7508] 0000000076f33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6316:2180] 000000006a6ec724
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:3708] 00000000615852c2
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:3508] 000000006073eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:2612] 000000006073eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:5792] 0000000076f32e25
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6060] 0000000076f33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:2688] 000000006073eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:5456] 000000006073eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6664] 00000000712927e1
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:3180] 0000000076f37111
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6980] 0000000076f33e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [7096:6572] 0000000076f33e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2400] 0000000073030000
    Library ? (*** suspicious ***) @ c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4224] 000007fefdac0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4296] 000007fefdac0000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5048] 000007feeb420000
    Library \\.\globalroot\systemroot\svchost.exe (*** suspicious ***) @ \\.\globalroot\systemroot\svchost.exe [7904] 0000000000270000

    ---- EOF - GMER 2.0 ----
     
  6. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
  7. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome.

    Lets try Combofix.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    4. Double click on combofix.exe & follow the prompts.
    5. Install the Recovery Console if prompted.
    6. When finished, it will produce a report for you.
    7. Please post the "C:\ComboFix.txt" .
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  8. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Ran combo Fix. It produced a report fine. How ever when I went to get back on the net to post the report.
    I clicked on Firefox and Explorer and a box came up Saying " Illegal operation attempted on registry key that has been marked for deletion." An I cant get to the internet. Not sure what to do next. I am using another machine to post this. I did not touch the machine after combofix started until the report came up.
     
  9. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Here is the Combofix report

    ComboFix 13-01-23.01 - Owner 01/23/2013 15:48:37.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2354 [GMT -5:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Roaming\Island
    c:\users\Owner\AppData\Roaming\Island\space.rgt
    c:\windows\inf\autorun.inf
    c:\windows\inf\win32
    c:\windows\inf\win32\0x0404.ini
    c:\windows\inf\win32\0x0405.ini
    c:\windows\inf\win32\0x0406.ini
    c:\windows\inf\win32\0x0407.ini
    c:\windows\inf\win32\0x0408.ini
    c:\windows\inf\win32\0x0409.ini
    c:\windows\inf\win32\0x040a.ini
    c:\windows\inf\win32\0x040b.ini
    c:\windows\inf\win32\0x040c.ini
    c:\windows\inf\win32\0x040e.ini
    c:\windows\inf\win32\0x0410.ini
    c:\windows\inf\win32\0x0411.ini
    c:\windows\inf\win32\0x0412.ini
    c:\windows\inf\win32\0x0413.ini
    c:\windows\inf\win32\0x0414.ini
    c:\windows\inf\win32\0x0415.ini
    c:\windows\inf\win32\0x0416.ini
    c:\windows\inf\win32\0x0418.ini
    c:\windows\inf\win32\0x0419.ini
    c:\windows\inf\win32\0x041a.ini
    c:\windows\inf\win32\0x041d.ini
    c:\windows\inf\win32\0x041f.ini
    c:\windows\inf\win32\0x0804.ini
    c:\windows\inf\win32\0x0816.ini
    c:\windows\inf\win32\1028.mst
    c:\windows\inf\win32\1029.mst
    c:\windows\inf\win32\1030.mst
    c:\windows\inf\win32\1031.mst
    c:\windows\inf\win32\1032.mst
    c:\windows\inf\win32\1033.mst
    c:\windows\inf\win32\1034.mst
    c:\windows\inf\win32\1035.mst
    c:\windows\inf\win32\1036.mst
    c:\windows\inf\win32\1038.mst
    c:\windows\inf\win32\1040.mst
    c:\windows\inf\win32\1041.mst
    c:\windows\inf\win32\1042.mst
    c:\windows\inf\win32\1043.mst
    c:\windows\inf\win32\1044.mst
    c:\windows\inf\win32\1045.mst
    c:\windows\inf\win32\1046.mst
    c:\windows\inf\win32\1048.mst
    c:\windows\inf\win32\1049.mst
    c:\windows\inf\win32\1050.mst
    c:\windows\inf\win32\1053.mst
    c:\windows\inf\win32\1055.mst
    c:\windows\inf\win32\2052.mst
    c:\windows\inf\win32\2070.mst
    c:\windows\inf\win32\BBalloon.dll
    c:\windows\inf\win32\brcmVista\bcbthid32.cat
    c:\windows\inf\win32\brcmVista\bcbthid32.inf
    c:\windows\inf\win32\brcmVista\bcbtums-win7x86-brcm.cat
    c:\windows\inf\win32\brcmVista\Bcbtums-Win7x86-brcm.inf
    c:\windows\inf\win32\brcmVista\btusbflt.sys
    c:\windows\inf\win32\brcmVista\DPInst.exe
    c:\windows\inf\win32\brcmWin7\bcbthid32.cat
    c:\windows\inf\win32\brcmWin7\bcbthid32.inf
    c:\windows\inf\win32\brcmWin7\bcbtums-win7x86-brcm.cat
    c:\windows\inf\win32\brcmWin7\Bcbtums-Win7x86-brcm.inf
    c:\windows\inf\win32\brcmWin7\btusbflt.sys
    c:\windows\inf\win32\brcmWin7\DPInst.exe
    c:\windows\inf\win32\BtSetup.dll
    c:\windows\inf\win32\BTW.msi
    c:\windows\inf\win32\btw_ci.dll
    c:\windows\inf\win32\btwaudio.cat
    c:\windows\inf\win32\btwaudio.inf
    c:\windows\inf\win32\btwaudio.sys
    c:\windows\inf\win32\btwavdt.cat
    c:\windows\inf\win32\btwavdt.inf
    c:\windows\inf\win32\btwavdt.sys
    c:\windows\inf\win32\btwl2cap.cat
    c:\windows\inf\win32\btwl2cap.inf
    c:\windows\inf\win32\BTWL2CAP.sys
    c:\windows\inf\win32\BtwMM.exe
    c:\windows\inf\win32\btwprofpack.dll
    c:\windows\inf\win32\btwrchid.cat
    c:\windows\inf\win32\btwrchid.inf
    c:\windows\inf\win32\btwrchid.sys
    c:\windows\inf\win32\BtwRSupport.dll
    c:\windows\inf\win32\Data1.cab
    c:\windows\inf\win32\Inst.exe
    c:\windows\inf\win32\instmsia.exe
    c:\windows\inf\win32\instmsiw.exe
    c:\windows\inf\win32\Setup.exe
    c:\windows\inf\win32\Setup.ini
    c:\windows\inf\win32\svcpack\SvcPack.ini
    c:\windows\svchost.exe
    c:\windows\SysWow64\pt
    c:\windows\SysWow64\pt\Lagoon.resources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_ACPIService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-23 20:55 . 2013-01-23 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-19 02:41 . 2013-01-19 02:41 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{805E16D0-7EDC-49B8-89BA-F9A0B01CCD46}\gapaengine.dll
    2013-01-19 02:41 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-19 02:40 . 2013-01-19 02:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2013-01-19 02:40 . 2013-01-19 02:40 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-19 02:36 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AD23175-FBC0-4A8F-BACB-E08820D8298B}\mpengine.dll
    2013-01-09 18:47 . 2013-01-10 08:20 -------- d-----w- c:\programdata\CanonIJPLM
    2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX
    2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonIJEPPEX2
    2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonEPP
    2013-01-09 18:44 . 2013-01-09 18:44 -------- d--h--w- c:\programdata\CanonIJMyPrinter
    2013-01-09 18:41 . 2013-01-09 18:41 -------- d-----w- c:\programdata\CanonIJMSetup
    2013-01-09 18:40 . 2013-01-09 18:40 -------- d-----w- c:\program files\Common Files\CANON
    2013-01-09 18:40 . 2013-01-09 18:40 -------- d-----w- c:\programdata\CanonIJWSpt
    2013-01-09 18:38 . 2013-01-09 18:38 -------- d-----w- c:\program files\Canon
    2013-01-09 18:38 . 2013-01-09 18:38 -------- d--h--w- c:\programdata\CanonBJ
    2013-01-09 18:38 . 2010-08-25 10:00 87040 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPA9.DLL
    2013-01-09 18:38 . 2010-08-25 10:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDA9.DLL
    2013-01-09 18:38 . 2013-01-09 18:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2013-01-09 18:37 . 2010-08-25 10:00 361472 ----a-w- c:\windows\system32\CNMLMA9.DLL
    2013-01-09 18:37 . 2010-03-11 07:57 248320 ----a-w- c:\windows\system32\CNMIUA9.DLL
    2013-01-09 18:37 . 2013-01-09 18:37 -------- d-----w- c:\windows\system32\STRING
    2013-01-09 18:37 . 2010-02-05 09:37 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
    2013-01-09 18:37 . 2010-02-05 09:37 327680 ----a-w- c:\windows\system32\CNMN6PPM.DLL
    2013-01-09 18:36 . 2013-01-09 18:49 -------- d-----w- c:\program files (x86)\Canon
    2013-01-09 12:47 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 12:47 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 12:43 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 12:43 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 12:43 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 12:43 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 12:43 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 12:11 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 12:11 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 12:09 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-07 23:36 . 2010-03-19 00:26 348672 ----a-w- c:\windows\system32\CNC495L.dll
    2013-01-07 23:36 . 2010-03-19 00:25 307200 ----a-w- c:\windows\SysWow64\CNC495L.dll
    2013-01-07 23:36 . 2010-03-18 22:13 1354240 ----a-w- c:\windows\system32\CNC495C.dll
    2013-01-07 23:36 . 2010-03-18 22:13 112128 ----a-w- c:\windows\system32\CNC495I.dll
    2013-01-07 23:36 . 2010-03-18 22:11 106496 ----a-w- c:\windows\SysWow64\CNC495U.dll
    2013-01-07 23:36 . 2008-08-25 23:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
    2013-01-07 23:36 . 2008-08-25 23:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
    2013-01-04 18:03 . 2013-01-04 18:03 -------- d-----w- c:\program files (x86)\Microsoft
    2013-01-04 18:03 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-01-04 18:03 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-01-04 18:03 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-01-04 18:03 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-01-04 18:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-01-04 18:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-01-04 18:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-01-04 18:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-01-04 18:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-01-04 18:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2013-01-04 18:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-01-04 17:51 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2013-01-04 17:50 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
    2013-01-04 17:48 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2013-01-04 17:48 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2013-01-04 17:19 . 2013-01-04 17:19 -------- d-----w- c:\program files\CCleaner
    2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-04 16:59 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-04 16:59 . 2013-01-04 16:59 -------- d-----w- c:\users\Owner\AppData\Local\Programs
    2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\users\Owner\AppData\Local\Google
    2013-01-04 16:45 . 2013-01-04 17:05 4096000 ----a-w- c:\program files (x86)\GUTBE31.tmp
    2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\program files (x86)\Google
    2013-01-04 16:45 . 2013-01-04 16:45 -------- d-----w- c:\program files (x86)\GUMBE21.tmp
    2013-01-04 16:44 . 2013-01-17 14:53 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-01-04 16:44 . 2013-01-04 16:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-09 03:18 . 2012-12-24 12:17 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 03:18 . 2012-01-17 15:03 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 22:31 . 2012-01-16 19:42 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-16 17:11 . 2012-12-21 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-11-14 07:06 . 2012-12-13 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 08:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 08:00 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 08:00 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 08:00 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 08:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 08:00 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 08:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 08:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 11:41 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 11:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-02 05:59 . 2012-12-12 11:40 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 11:40 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-05-19 2363392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-07-15 715264]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
    "Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-07-03 212992]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 bcmaeoah;bcmaeoah;c:\windows\system32\drivers\bcmaeoah.sys [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-16 1255736]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
    S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-07-09 21560]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [2010-11-11 1212416]
    S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-09-17 14328]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-08-24 1885792]
    S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-09-17 25080]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-24 03:18]
    .
    2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 16:45]
    .
    2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-04 16:45]
    .
    2013-01-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
    - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-24 21:38]
    .
    2012-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=crossfire&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3re8mv4r.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
    1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:e9,ec,d5,2d,c8,dd,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-23 16:01:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-23 21:01
    .
    Pre-Run: 566,230,769,664 bytes free
    Post-Run: 565,531,602,944 bytes free
    .
    - - End Of File - - E381A9BD455785C927AF2E40987E4063
     
  10. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    OK I read the fine print and rebooted the system. LOL sorry. Now I can get on the internet.
     
  11. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan

    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply

    [​IMG]

    The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file here.
     
  12. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-23 18:43:20
    -----------------------------
    18:43:20.244 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:43:20.244 Number of processors: 2 586 0x602
    18:43:20.244 ComputerName: OWNER-PC UserName: Owner
    18:43:23.773 Initialize success
    18:43:39.935 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
    18:43:39.939 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 11
    18:43:39.941 Device \Driver\amdsata -> MajorFunction fffffa8004c7b5e8
    18:43:39.944 Disk 0 MBR read successfully
    18:43:39.948 Disk 0 MBR scan
    18:43:39.950 Disk 0 unknown MBR code
    18:43:39.962 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:43:39.973 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596887 MB offset 206848
    18:43:40.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13491 MB offset 1222631424
    18:43:40.030 Disk 0 scanning C:\Windows\system32\drivers
    18:43:47.447 Service scanning
    18:44:00.670 Modules scanning
    18:44:00.681 Disk 0 trace - called modules:
    18:44:00.688 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys >>UNKNOWN [0xfffffa8004c7b5e8]<<
    18:44:01.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045d3060]
    18:44:01.024 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80036ee040]
    18:44:01.029 5 amdxata.sys[fffff880010bf7a8] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8004559820]
    18:44:01.035 \Driver\amdsata[0xfffffa8004c152b0] -> IRP_MJ_CREATE -> 0xfffffa8004c7b5e8
    18:44:01.050 Scan finished successfully
    18:44:25.215 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    18:44:25.223 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
     
  13. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    It would not let me open the MBR.dat file. So I will try to attach it. If that is OK
     
  14. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    ant upload it says "Upload Errors MBR.dat:
    Invalid File
     
  15. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    OK Boy having a heck of a time with the fine print today LOL. I finally got that you wanted me to click on the ( Here ) and post it. So I did that
    Malware Submission Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - rootkit (Trojan Alureon
  1. lunarlander
    Replies:
    5
    Views:
    320
  2. ricincalifornia
    Replies:
    2
    Views:
    248
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085930

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice