Elz11226

Im having trouble installing bitdefender now, wen i boot up windows regular, bitdefender freezes up when it unpacking the installation files, and when i try in safe mode, it tells me that i have to log on as administrator, this is so frustrating smh, so should i just proceed with the webcleanit step?

ComboFix 13-02-03.03 - Elz 02/05/2013 22:17:28.1.2 - x86 Running from: c:\documents and settings\Elz.RUBEN\Desktop\Combo-Fix.exe . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\1358319543.bdinstall.bin c:\documents and settings\All Users\Application Data\1359167320.bdinstall.bin c:\documents and settings\All Users\Application Data\1359167886.bdinstall.bin c:\documents and settings\All Users\Application Data\1359168513.1172.bin c:\documents and settings\All Users\Application Data\1359168513.1204.bin c:\documents and settings\All Users\Application Data\1359168513.1680.bin c:\documents and settings\All Users\Application Data\1359168513.580.bin c:\documents and settings\All Users\Application Data\1359168513.588.bin c:\documents and settings\All Users\Application Data\1359168513.604.bin c:\documents and settings\All Users\Application Data\1359168603.bdinstall.bin c:\documents and settings\All Users\Application Data\1359655148.3596.bin c:\documents and settings\All Users\Application Data\1359655191.1644.bin c:\documents and settings\All Users\Application Data\1359655372.2068.bin c:\documents and settings\All Users\Application Data\1359655490.1868.bin c:\documents and settings\All Users\Application Data\1359655676.2264.bin c:\documents and settings\All Users\Application Data\1359657931.bdinstall.bin c:\documents and settings\Elz\WINDOWS c:\program files\Internet Explorer\SET1023.tmp c:\program files\Internet Explorer\SET1024.tmp c:\program files\Internet Explorer\SET1025.tmp c:\program files\Internet Explorer\SET4C.tmp c:\program files\Internet Explorer\SET4D.tmp c:\program files\Internet Explorer\SET4E.tmp c:\program files\Internet Explorer\SETEC.tmp c:\program files\Internet Explorer\SETED.tmp c:\program files\Internet Explorer\SETEE.tmp c:\windows\system32\SET1028.tmp c:\windows\system32\SET1029.tmp c:\windows\system32\SET102A.tmp c:\windows\system32\SET102B.tmp c:\windows\system32\SET102C.tmp c:\windows\system32\SET102D.tmp c:\windows\system32\SET102E.tmp c:\windows\system32\SET102F.tmp c:\windows\system32\SET1030.tmp c:\windows\system32\SET1031.tmp c:\windows\system32\SET1032.tmp c:\windows\system32\SET1033.tmp c:\windows\system32\SET1034.tmp c:\windows\system32\SET1035.tmp c:\windows\system32\SET1036.tmp c:\windows\system32\SET1037.tmp c:\windows\system32\SET1038.tmp c:\windows\system32\SET1039.tmp c:\windows\system32\SET103B.tmp c:\windows\system32\SET103C.tmp c:\windows\system32\SET103D.tmp c:\windows\system32\SET103E.tmp c:\windows\system32\SET103F.tmp c:\windows\system32\SET1040.tmp c:\windows\system32\SET1041.tmp c:\windows\system32\SET1042.tmp c:\windows\system32\SET1043.tmp c:\windows\system32\SET1044.tmp c:\windows\system32\SET1045.tmp c:\windows\system32\SET1046.tmp c:\windows\system32\SET1047.tmp c:\windows\system32\SET1048.tmp c:\windows\system32\SET1049.tmp c:\windows\system32\SET104A.tmp c:\windows\system32\SET104B.tmp c:\windows\system32\SET104C.tmp c:\windows\system32\SET104D.tmp c:\windows\system32\SET104E.tmp c:\windows\system32\SET104F.tmp c:\windows\system32\SET1050.tmp c:\windows\system32\SET1051.tmp c:\windows\system32\SET1052.tmp c:\windows\system32\SET1053.tmp c:\windows\system32\SET1054.tmp c:\windows\system32\SET51.tmp c:\windows\system32\SET52.tmp c:\windows\system32\SET53.tmp c:\windows\system32\SET54.tmp c:\windows\system32\SET55.tmp c:\windows\system32\SET56.tmp c:\windows\system32\SET57.tmp c:\windows\system32\SET58.tmp c:\windows\system32\SET59.tmp c:\windows\system32\SET5A.tmp c:\windows\system32\SET5B.tmp c:\windows\system32\SET5C.tmp c:\windows\system32\SET5D.tmp c:\windows\system32\SET5E.tmp c:\windows\system32\SET5F.tmp c:\windows\system32\SET60.tmp c:\windows\system32\SET61.tmp c:\windows\system32\SET62.tmp c:\windows\system32\SET64.tmp c:\windows\system32\SET65.tmp c:\windows\system32\SET66.tmp c:\windows\system32\SET67.tmp c:\windows\system32\SET68.tmp c:\windows\system32\SET69.tmp c:\windows\system32\SET6A.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SET6C.tmp c:\windows\system32\SET6D.tmp c:\windows\system32\SET6E.tmp c:\windows\system32\SET6F.tmp c:\windows\system32\SET70.tmp c:\windows\system32\SET71.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET73.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET76.tmp c:\windows\system32\SET77.tmp c:\windows\system32\SET78.tmp c:\windows\system32\SET79.tmp c:\windows\system32\SET7A.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\SET7C.tmp c:\windows\system32\SET7D.tmp . . ((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))) . . 2013-01-31 22:53 . 2013-01-31 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WinZip 2013-01-31 18:50 . 2013-01-31 18:50 -------- d-----w- c:\program files\Bitdefender 2013-01-26 04:43 . 2013-01-26 04:43 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-01-26 04:41 . 2013-01-26 04:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-26 04:41 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-26 02:40 . 2013-01-26 02:40 -------- d-----w- c:\program files\Max Uninstaller 2013-01-25 04:11 . 2013-01-25 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2013-01-23 02:28 . 2013-01-23 02:28 -------- d-----w- c:\windows\ERUNT 2013-01-22 20:29 . 2013-01-23 02:28 -------- d-----w- C:\JRT 2013-01-20 17:09 . 2013-01-20 17:10 -------- d-----w- C:\RK_Quarantine 2013-01-20 01:46 . 2013-01-20 01:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-16 16:29 . 2013-01-16 16:29 -------- d-----w- c:\windows\system32\Bitdefender 2013-01-16 08:13 . 2013-01-16 08:13 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\HPAppData 2013-01-16 07:28 . 2013-01-16 07:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan 2013-01-16 07:13 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2013-01-16 07:05 . 2013-01-16 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2013-01-16 07:05 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll 2013-01-16 07:05 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2013-01-16 07:04 . 2013-01-16 07:04 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\Bitdefender 2013-01-15 08:15 . 2013-01-31 18:46 -------- d-----w- c:\program files\Common Files\Bitdefender 2013-01-15 07:37 . 2013-01-16 05:46 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\QuickScan 2013-01-15 07:07 . 2013-01-15 07:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2013-01-15 03:53 . 2013-01-15 03:56 -------- d-----w- c:\program files\trend micro 2013-01-15 03:53 . 2013-01-15 03:57 -------- d-----w- C:\rsit 2013-01-15 03:43 . 2013-01-15 03:43 -------- d-----w- c:\program files\ERUNT 2013-01-15 01:37 . 2013-01-15 01:37 -------- d-----w- c:\documents and settings\Elz.RUBEN\Local Settings\Application Data\WinZip 2013-01-10 04:44 . 2013-01-10 04:44 -------- d-----w- c:\documents and settings\Elz.RUBEN\Local Settings\Application Data\Microsoft Help 2013-01-08 03:54 . 2013-01-08 03:54 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\OneTab 2013-01-08 03:50 . 2013-01-08 03:50 -------- d-----w- c:\program files\Media converter 2013-01-08 03:32 . 2013-01-08 03:32 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\Apple Computer 2013-01-08 03:30 . 2013-01-08 03:30 -------- d-----w- c:\documents and settings\Elz.RUBEN\Local Settings\Application Data\Apple Computer 2013-01-08 03:24 . 2013-01-08 03:24 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\DivX 2013-01-08 00:24 . 2013-01-08 04:31 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\Raptr 2013-01-08 00:24 . 2013-01-08 00:35 -------- d-----w- c:\program files\Raptr 2013-01-08 00:14 . 2013-01-08 00:14 -------- d-----w- c:\documents and settings\Elz.RUBEN\.swt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 00:32 . 2012-04-09 21:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-18 00:32 . 2011-06-23 04:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 10:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 10:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2013-01-19 02:38 . 2013-01-19 02:38 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Elz^Start Menu^Programs^Startup^santa.bat] path=c:\documents and settings\Elz\Start Menu\Programs\Startup\santa.bat backup=c:\windows\pss\santa.batStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2012-05-30 17:18 4331392 ----a-w- c:\program files\AIM\aim.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 22:36 30040 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-08-23 19:12 7630848 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-08-23 19:12 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-08-23 19:12 1617920 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 22:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2006-07-27 19:19 282624 ----a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid] 2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "NMIndexingService"=3 (0x3) "NBService"=3 (0x3) "MozillaMaintenance"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "LBTServ"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate1c9c61c80095910"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AdobeFlashPlayerUpdateSvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "e:\\iTunes.exe"= "e:\\Vuze\\Azureus.exe"= "c:\\Program Files\\Raptr\\raptr.exe"= "c:\\Program Files\\Raptr\\raptr_im.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Mozilla Firefox\\firefox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x] R2 gupdate1c9c61c80095910;Google Update Service (gupdate1c9c61c80095910);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] R3 nk_bus;Nokia USB Bus Service;c:\windows\system32\Drivers\nk_bus.sys [x] R3 nokusbser;Nokia USB Device;c:\windows\system32\DRIVERS\nokusbser.sys [x] R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [x] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:32] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 03:09] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 03:09] . . ------- Supplementary Scan ------- . mStart Page = about:blank TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - ProfilePath - c:\documents and settings\Elz.RUBEN\Application Data\Mozilla\Firefox\Profiles\jjgs72vl.default\ FF - ExtSQL: 2013-01-07 22:54; onetab@onetab.net; c:\program files\Mozilla Firefox\extensions\onetab@onetab.net . - - - - ORPHANS REMOVED - - - - . BHO-{65B3DC86-9758-3885-838F-8203FBC05440} - (no file) Notify-avgrsstarter - (no file) MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\Elz\Local Settings\Application Data\Akamai\netsession_win.exe MSConfigStartUp-AOL OCP - c:\documents and settings\Elz\Local Settings\Application Data\Apple\AOL OCP\yrdqs.dll MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe MSConfigStartUp-winlogon - c:\docume~1\Elz\LOCALS~1\Temp\nsi27B.tmp\winlogon.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-05 22:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\TEMP\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\0a\06\01\0f5\0bÚ" . Completion time: 2013-02-05 22:28:55 ComboFix-quarantined-files.txt 2013-02-06 03:28 . Pre-Run: 8,835,768,320 bytes free Post-Run: 9,284,562,944 bytes free . - - End Of File - - F587CEF6B4FCC51C75DBC8ADBDA31B13

im in the process of scanning using combo fix but unfortunately im not connected to the internet on my desktop so it wasnt able to download the windows recovery console

Yea im still here just very busy

So before i do this step, should i download bitdefender again?

23:50:17.0671 0656 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 23:50:17.0687 0656 ============================================================ 23:50:17.0687 0656 Current date / time: 2013/01/31 23:50:17.0687 23:50:17.0687 0656 SystemInfo: 23:50:17.0687 0656 23:50:17.0687 0656 OS Version: 5.1.2600 ServicePack: 3.0 23:50:17.0687 0656 Product type: Workstation 23:50:17.0687 0656 ComputerName: RUBEN 23:50:17.0687 0656 UserName: Administrator 23:50:17.0687 0656 Windows directory: C:\WINDOWS 23:50:17.0687 0656 System windows directory: C:\WINDOWS 23:50:17.0687 0656 Processor architecture: Intel x86 23:50:17.0687 0656 Number of processors: 2 23:50:17.0687 0656 Page size: 0x1000 23:50:17.0687 0656 Boot type: Safe boot with network 23:50:17.0687 0656 ============================================================ 23:50:18.0156 0656 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 23:50:18.0156 0656 Drive \Device\Harddisk1\DR8 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 23:50:18.0171 0656 ============================================================ 23:50:18.0171 0656 \Device\Harddisk0\DR0: 23:50:18.0171 0656 MBR partitions: 23:50:18.0171 0656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EFFAF 23:50:18.0171 0656 \Device\Harddisk1\DR8: 23:50:18.0171 0656 MBR partitions: 23:50:18.0171 0656 \Device\Harddisk1\DR8\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542 23:50:18.0171 0656 ============================================================ 23:50:19.0000 0656 E: <-> \Device\Harddisk1\DR8\Partition1 23:50:19.0406 0656 C: <-> \Device\Harddisk0\DR0\Partition1 23:50:19.0406 0656 ============================================================ 23:50:19.0406 0656 Initialize success 23:50:19.0406 0656 ============================================================

Rkill 2.4.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/31/2013 11:45:21 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Manual * Security Center (wscsvc) is not Running. Startup Type set to: Automatic * Automatic Updates (wuauserv) is not Running. Startup Type set to: Automatic Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * Cannot edit the HOSTS file. * Permissions Fixed. Administrators can now edit the HOSTS file. * HOSTS file entries found: 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 20 out of 15336 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 01/31/2013 11:46:10 PM Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)

I uninstalled bitdefender to reinstall it but now i have no internet connection smh

sorry i havent had time because of work and school, i will update u tomorrow definitely

im running chameleon right now, how long does it actually take to kill the "malicious processes" because i don't kno if its actually doing anything, i've used 3 chameleons so far and they've been saying the same thing, the TFC didn't work btw

wen i was running TFC, it freezes wen it reaches to another user smh, so that's the step that i stopped at, i didn't try to run MBAM chameleon yet

# AdwCleaner v2.108 - Logfile created 01/24/2013 at 23:14:13 # Updated 24/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - RUBEN # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner(1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job File Deleted : C:\WINDOWS\Tasks\YourFile Update.job Folder Deleted : C:\Documents and Settings\Elz.RUBEN.000\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Elz.RUBEN\Application Data\SwvUpdater Folder Deleted : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\FCTB Folder Deleted : C:\Documents and Settings\Kevin\Application Data\Search Settings Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Documents and Settings\Elz.RUBEN\Application Data\Mozilla\Firefox\Profiles\jjgs72vl.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Elz.RUBEN.000\Application Data\Mozilla\Firefox\Profiles\lk0stkoq.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\prefs.js Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false); File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\532p25lf.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [4099 octets] - [23/01/2013 22:18:36] AdwCleaner[s1].txt - [4080 octets] - [24/01/2013 23:14:13] ########## EOF - C:\AdwCleaner[s1].txt - [4140 octets] ##########

Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Bitdefender Internet Security 2013 `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy CCleaner JavaFX 2.0.2 JavaFX 2.0.2 SDK Java 6 Update 29 Java 6 Update 21 Java 7 Update 9 Java SE Development Kit 7 Update 2 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (18.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 22:18:36 # Updated 21/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - RUBEN # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\WINDOWS\Tasks\AmiUpdXp.job File Found : C:\WINDOWS\Tasks\YourFile Update.job Folder Found : C:\Documents and Settings\Elz.RUBEN.000\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\Elz.RUBEN\Application Data\SwvUpdater Folder Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\FCTB Folder Found : C:\Documents and Settings\Kevin\Application Data\Search Settings Folder Found : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Found : HKLM\Software\Viewpoint Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Documents and Settings\Elz.RUBEN\Application Data\Mozilla\Firefox\Profiles\jjgs72vl.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Elz.RUBEN.000\Application Data\Mozilla\Firefox\Profiles\lk0stkoq.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\prefs.js Found : user_pref("extensions.vshare@toolbar.update.enabled", false); File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\532p25lf.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [3970 octets] - [23/01/2013 22:18:36] ########## EOF - C:\AdwCleaner[R1].txt - [4030 octets] ##########

the only log that i have saved from rogue killer is from the first time couple of steps that you posted, other than that.....nothing, and i'll proceed with the other steps and let you know how it goes