Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Evil dllhost.exe multiple COM surrogate eating up 100% disk space Windows 8


  • Please log in to reply
9 replies to this topic

#1 hoboedd

hoboedd

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 08 October 2014 - 06:17 PM

Hey our computer has been misbehaving the last week or two and I finally got down to trying to find the source of the problem. We ran Spyhunter4, Webroot and Malwarebytes without much success other than Malwarebytes constantly popping up a small window in the bottom right hand side of the screen saying that it has blocked outbound actions by various IP and ports, including fff5ee.com. The disk space in the task manager shows multiple COM Surrogate32 and is 96-100%. Could really use some help the disk space makes doing anything impossible.



BC AdBot (Login to Remove)

 


#2 hoboedd

hoboedd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 08 October 2014 - 07:22 PM

Did I post this in the right forum?



#3 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:06:32 AM

Posted 08 October 2014 - 07:34 PM

Yes you did.

 

STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select Run as administrator to run the program.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
  

 

STEP 2
iAdP9bf.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Right-Click MBAR.exe and select Run as administrator to run the program.
  • Follow the prompts to update the program and scan your computer. 
  • Upon completion, click Cleanup and reboot your computer. 
  • After the reboot, rerun the program to verify no threats remain. If threats are still detected, click the Cleanup button once more. 
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the program. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click List of found threats.... If no threats were found, skip the next two bullet points. 
  • Click Export to text file... and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to Uninstall Application on Close and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 4
rzqZvBe.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the program.
  • Check the following items:
    • njvAG80.png
    • 6N6QY9z.png
    • zmWTIXg.png
    • VAFn5gg.png
    • AtULTyM.png
    • 4roTXa5.png
    • kLju9nY.png
    • chxHkm0.png
    • 6KiAnDw.png
    • bKYHfhP.png
    • rO2mCup.png & Ii0HSu5.png
    • fd89mAB.png
    • vz7b54X.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • MBAM log (from your previous scan)
  • mbar log
  • system log
  • ESET log
  • Result.txt

Edited by Kirbyofdeath, 09 October 2014 - 11:38 AM.


#4 hoboedd

hoboedd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 09 October 2014 - 05:00 PM

Alrighty sorry that took about 10 hours for the ESET.  The Mbar didn't find anything, and Im not sure that's the cause, but a system log was created while the mbar log was nowhere to be found. I also am having issues finding the MBAM which I presume is from Malwarebytes? None were found by malwarebytes either though.

 

# AdwCleaner v3.311 - Report created 08/10/2014 at 20:43:03
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jennie - ALEJANDRO
# Running from : C:\Users\Jennie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Amazon\ABB

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

*************************

AdwCleaner[R0].txt - [699 octets] - [08/10/2014 20:40:04]
AdwCleaner[R1].txt - [758 octets] - [08/10/2014 20:42:40]
AdwCleaner[S0].txt - [682 octets] - [08/10/2014 20:43:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [741 octets] ##########

 

 

 

 

 

 

 

 

----------------------------------------------------------------------------------------------------------------------------------------------------

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17088

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 12798005248, free: 9222459392

Downloaded database version: v2014.10.08.11
Downloaded database version: v2014.10.08.01
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17088

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 12798005248, free: 9832873984

Downloaded database version: v2014.10.08.11
Downloaded database version: v2014.10.08.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C5180630

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2666638035
    GPT Header CurrentLba = 1 BackupLba 3907029167
    GPT Header FirstUsableLba 34  LastUsableLba 3907029134
    GPT Header Guid f18c6fb5-8a90-46d3-a84e-b8f4b8d5c922
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2666638035
    Backup GPT header CurrentLba = 3907029167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 3907029134
    Backup GPT header Guid f18c6fb5-8a90-46d3-a84e-b8f4b8d5c922
    Backup GPT header Contains 128 partition entries starting at LBA 3907029135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 43495922-80c1-492f-912-82f796fa9536
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                                    

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 6342380d-6714-45d7-9397-813a7f5a8a2
    FirstLBA 2050048  Last LBA 2582527
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID a20f1e8d-d5f3-44e6-a192-b694a04d2784
    FirstLBA 2582528  Last LBA 3606527
    Attributes 1
    Partition Name                                    

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID ba2b309f-6ace-4418-aa5-ab743a7dd82
    FirstLBA 3606528  Last LBA 3868671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 9553c991-a333-47d2-80fd-5d80668b83d
    FirstLBA 3868672  Last LBA 3855828991
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 6dc3c476-fd67-41d2-86d1-1580c69aac63
    FirstLBA 3855828992  Last LBA 3907028991
    Attributes 1
    Partition Name                                    

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Scan finished

 

 

 

 

 

 

 

 

-----------------------------------------------------------------------------------------------

 

 

 

 

C:\Users\Jennie\AppData\Local\Temp\a2c\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALL3BPL6\8f9246d3jnm[1].htm JS/Kryptik.ASL trojan
C:\Users\Jennie\AppData\Local\Temp\c6c8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALL3BPL6\imp2us[1].htm HTML/Iframe.B.Gen virus
C:\Users\Jennie\AppData\LocalLow\jabhgol.dll Win32/TrojanDownloader.Tracur.AK trojan
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\ysc0.dll a variant of Win32/Poweliks.B Trojan

 

 

 

 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Jennie (administrator) on 09-10-2014 at 16:45:45
Running from "C:\Users\Jennie\Desktop"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Alejandro
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 24-FD-52-A6-D3-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 24-FD-52-A6-D3-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6566:12a7:d3a4:db38%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.124(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, October 8, 2014 8:44:23 PM
   Lease Expires . . . . . . . . . . : Friday, October 10, 2014 10:50:11 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 354745682
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5D-A0-6F-D4-3D-7E-AA-D7-8A
   DNS Servers . . . . . . . . . . . : 172.16.12.1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-3D-7E-AA-D7-8A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:c83:200c:3f57:fe83(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c83:200c:3f57:fe83%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{0A33B2DB-74C3-4591-9F90-9E21E94EF38E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  172.16.12.1

Name:    google.com
Addresses:  2607:f8b0:4000:804::1007
   74.125.227.129
   74.125.227.135
   74.125.227.132
   74.125.227.128
   74.125.227.136
   74.125.227.134
   74.125.227.130
   74.125.227.137
   74.125.227.142
   74.125.227.131
   74.125.227.133

Pinging google.com [74.125.227.132] with 32 bytes of data:
Reply from 74.125.227.132: bytes=32 time=17ms TTL=54
Reply from 74.125.227.132: bytes=32 time=17ms TTL=54

Ping statistics for 74.125.227.132:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 17ms, Average = 17ms
Server:  UnKnown
Address:  172.16.12.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=62ms TTL=46
Reply from 98.138.253.109: bytes=32 time=62ms TTL=46

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 62ms, Average = 62ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...24 fd 52 a6 d3 79 ......Microsoft Wi-Fi Direct Virtual Adapter
 15...24 fd 52 a6 d3 79 ......Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
 12...d4 3d 7e aa d7 8a ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.124     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.124    281
    192.168.1.124  255.255.255.255         On-link     192.168.1.124    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.124    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.124    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.124    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 17    306 2001::/32                On-link
 17    306 2001:0:9d38:6ab8:c83:200c:3f57:fe83/128
                                    On-link
 15    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::c83:200c:3f57:fe83/128
                                    On-link
 15    281 fe80::6566:12a7:d3a4:db38/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/09/2014 04:45:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x81c
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/09/2014 04:44:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x5e40
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/09/2014 04:44:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x5708
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/09/2014 04:39:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x4b20
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (10/09/2014 04:38:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
Exception code: 0xc0000005
Fault offset: 0x00061830
Faulting process id: 0x58bc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/09/2014 04:19:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: MSHTML.dll, version: 10.0.9200.17088, time stamp: 0x53eeeef8
Exception code: 0xc00000fd
Fault offset: 0x0006a86c
Faulting process id: 0x33b8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/09/2014 04:17:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
Exception code: 0xc0000005
Fault offset: 0x00061830
Faulting process id: 0x2178
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/09/2014 04:05:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: d3d11.dll, version: 6.2.9200.16420, time stamp: 0x505a95af
Exception code: 0xc00000fd
Fault offset: 0x0000b069
Faulting process id: 0x5914
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/09/2014 04:03:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
Exception code: 0xc0000005
Fault offset: 0x00061830
Faulting process id: 0x1d3c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/09/2014 03:57:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: MSHTML.dll, version: 10.0.9200.17088, time stamp: 0x53eeeef8
Exception code: 0xc00000fd
Fault offset: 0x0006a86c
Faulting process id: 0xff0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (10/09/2014 04:45:03 PM) (Source: DCOM) (User: ALEJANDRO)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 04:44:32 PM) (Source: DCOM) (User: ALEJANDRO)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 04:43:23 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:54710

Error: (10/09/2014 04:43:03 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/09/2014 04:43:03 PM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/09/2014 04:39:38 PM) (Source: DCOM) (User: ALEJANDRO)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 03:41:17 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/09/2014 11:05:20 AM) (Source: DCOM) (User: ALEJANDRO)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 10:52:58 AM) (Source: DCOM) (User: ALEJANDRO)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/09/2014 10:50:04 AM) (Source: Service Control Manager) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.

Microsoft Office Sessions:
=========================
Error: (10/09/2014 04:45:47 PM) (Source: Application Error)(User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac0000005000000000000549181c01cfe40a62477a0aC:\windows\system32\rundll32.exeC:\windows\SYSTEM32\ntdll.dlla067b846-4ffd-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:44:32 PM) (Source: Application Error)(User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac000000500000000000054915e4001cfe40a35eff813C:\windows\system32\rundll32.exeC:\windows\SYSTEM32\ntdll.dll74049956-4ffd-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:44:01 PM) (Source: Application Error)(User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac00000050000000000005491570801cfe40a21bdcc8fC:\windows\system32\rundll32.exeC:\windows\SYSTEM32\ntdll.dll617989c7-4ffd-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:39:08 PM) (Source: Application Error)(User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac000000500000000000054914b2001cfe4097481fce8C:\windows\system32\rundll32.exeC:\windows\SYSTEM32\ntdll.dllb28ac2e7-4ffc-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:38:41 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.1691253645e25c00000050006183058bc01cfe40964adc0adC:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlla2a7ce59-4ffc-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:19:45 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375010888aMSHTML.dll10.0.9200.1708853eeeef8c00000fd0006a86c33b801cfe406af0560a2C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\MSHTML.dllfda95c47-4ff9-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:17:14 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.1691253645e25c000000500061830217801cfe40665358b89C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dlla335d3f2-4ff9-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:05:05 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375010888ad3d11.dll6.2.9200.16420505a95afc00000fd0000b069591401cfe404569eaff6C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\d3d11.dllf0f95f0b-4ff7-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 04:03:24 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.1691253645e25c0000005000618301d3c01cfe404760948e4C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\ntdll.dllb4abf076-4ff7-11e4-bea0-d43d7eaad78a

Error: (10/09/2014 03:57:52 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.165375010888aMSHTML.dll10.0.9200.1708853eeeef8c00000fd0006a86cff001cfe4039968bdd3C:\Program Files\Internet Explorer\iexplore.exeC:\windows\SYSTEM32\MSHTML.dlleeb75605-4ff6-11e4-bea0-d43d7eaad78a

 

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{28981D56-C55A-4972-998F-823590FD43A2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 45246 - Intel)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6917 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6917 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0924 - Lenovo)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0208 - REALTEK Semiconductor Corp.)
RegHunter (HKLM\...\{F94A63D7-9A61-403B-8F6F-90B1BF77211A}) (Version: 1.3.3.1613 - Enigma Software Group USA, LLC)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.131 - Webroot)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

========================= Devices: ================================

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 12205.13 MB
Available physical RAM: 7544.55 MB
Total Pagefile: 13933.13 MB
Available Pagefile: 8269.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.65 MB

========================= Partitions: =====================================

1 Drive c: (Windows8_OS) (Fixed) (Total:1836.76 GB) (Free:1702.11 GB) NTFS

========================= Users: ========================================

User accounts for \\ALEJANDRO

Administrator            Guest                    Jennie                  

========================= Restore Points ==================================

**** End of log ****


Edited by hoboedd, 09 October 2014 - 05:05 PM.


#5 hoboedd

hoboedd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 09 October 2014 - 11:08 PM

I post that correctly or did you want them in files?



#6 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:06:32 AM

Posted 10 October 2014 - 12:01 PM

Yeah you posted them correctly.

 

Empty your temp folders using TFC (Temporary File Cleaner)

  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.


#7 hoboedd

hoboedd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 14 October 2014 - 03:36 PM

Hey we did this and things got much worse, is there a next step?



#8 hoboedd

hoboedd
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 14 October 2014 - 04:47 PM

We ran TFC and after it finished we restarted the computer. Now it bluescreens if you stay on the computer for too long and continuously loses internet connection. The Comsurrogate 32 is still eating 100% of the disk space and 100% of the cpu. It makes using the computer completely impossible for the most part. Also a message keeps popping up saying "Security Settings Wont Allow you to download this" when absolutely nothing is open or running. Please help save our computer its only a year old ):

Spyhunter 4, CCCleaner, and Webroot are still not detecting anything wrong with the computer. ):



#9 Kirbyofdeath

Kirbyofdeath

  • Members
  • 459 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on Earth
  • Local time:06:32 AM

Posted 14 October 2014 - 07:12 PM

If you can, upload the minidumps located in C:\windows\Minidumps.

 

Let's try to run steps one to three in my first post.



#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 AM

Posted 14 October 2014 - 07:28 PM

Sorry to jump in, but continuing in this section will unlikely yield a successful result. 
hoboedd, you're infected with Poweliks, a rootkit which opens a backdoor on the compromised machine. 
 
Due to the nature of the infection, the following warning must be issued. 
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

 

Tools capable of removing this infection are not permitted here. I would suggest creating a new topic in the Virus and Malware Removal section if you wish to proceed. It is simply unpractical to deal with such a sophisticated infection using the limited tools available in Am I Infected?.

 

Before creating your topic, please read the Preparation Guide. Include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


Edited by LiquidTension, 14 October 2014 - 07:31 PM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users