Elz11226
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Elz11226
-
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
Im having trouble installing bitdefender now, wen i boot up windows regular, bitdefender freezes up when it unpacking the installation files, and when i try in safe mode, it tells me that i have to log on as administrator, this is so frustrating smh, so should i just proceed with the webcleanit step? -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
ComboFix 13-02-03.03 - Elz 02/05/2013 22:17:28.1.2 - x86 Running from: c:\documents and settings\Elz.RUBEN\Desktop\Combo-Fix.exe . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\1358319543.bdinstall.bin c:\documents and settings\All Users\Application Data\1359167320.bdinstall.bin c:\documents and settings\All Users\Application Data\1359167886.bdinstall.bin c:\documents and settings\All Users\Application Data\1359168513.1172.bin c:\documents and settings\All Users\Application Data\1359168513.1204.bin c:\documents and settings\All Users\Application Data\1359168513.1680.bin c:\documents and settings\All Users\Application Data\1359168513.580.bin c:\documents and settings\All Users\Application Data\1359168513.588.bin c:\documents and settings\All Users\Application Data\1359168513.604.bin c:\documents and settings\All Users\Application Data\1359168603.bdinstall.bin c:\documents and settings\All Users\Application Data\1359655148.3596.bin c:\documents and settings\All Users\Application Data\1359655191.1644.bin c:\documents and settings\All Users\Application Data\1359655372.2068.bin c:\documents and settings\All Users\Application Data\1359655490.1868.bin c:\documents and settings\All Users\Application Data\1359655676.2264.bin c:\documents and settings\All Users\Application Data\1359657931.bdinstall.bin c:\documents and settings\Elz\WINDOWS c:\program files\Internet Explorer\SET1023.tmp c:\program files\Internet Explorer\SET1024.tmp c:\program files\Internet Explorer\SET1025.tmp c:\program files\Internet Explorer\SET4C.tmp c:\program files\Internet Explorer\SET4D.tmp c:\program files\Internet Explorer\SET4E.tmp c:\program files\Internet Explorer\SETEC.tmp c:\program files\Internet Explorer\SETED.tmp c:\program files\Internet Explorer\SETEE.tmp c:\windows\system32\SET1028.tmp c:\windows\system32\SET1029.tmp c:\windows\system32\SET102A.tmp c:\windows\system32\SET102B.tmp c:\windows\system32\SET102C.tmp c:\windows\system32\SET102D.tmp c:\windows\system32\SET102E.tmp c:\windows\system32\SET102F.tmp c:\windows\system32\SET1030.tmp c:\windows\system32\SET1031.tmp c:\windows\system32\SET1032.tmp c:\windows\system32\SET1033.tmp c:\windows\system32\SET1034.tmp c:\windows\system32\SET1035.tmp c:\windows\system32\SET1036.tmp c:\windows\system32\SET1037.tmp c:\windows\system32\SET1038.tmp c:\windows\system32\SET1039.tmp c:\windows\system32\SET103B.tmp c:\windows\system32\SET103C.tmp c:\windows\system32\SET103D.tmp c:\windows\system32\SET103E.tmp c:\windows\system32\SET103F.tmp c:\windows\system32\SET1040.tmp c:\windows\system32\SET1041.tmp c:\windows\system32\SET1042.tmp c:\windows\system32\SET1043.tmp c:\windows\system32\SET1044.tmp c:\windows\system32\SET1045.tmp c:\windows\system32\SET1046.tmp c:\windows\system32\SET1047.tmp c:\windows\system32\SET1048.tmp c:\windows\system32\SET1049.tmp c:\windows\system32\SET104A.tmp c:\windows\system32\SET104B.tmp c:\windows\system32\SET104C.tmp c:\windows\system32\SET104D.tmp c:\windows\system32\SET104E.tmp c:\windows\system32\SET104F.tmp c:\windows\system32\SET1050.tmp c:\windows\system32\SET1051.tmp c:\windows\system32\SET1052.tmp c:\windows\system32\SET1053.tmp c:\windows\system32\SET1054.tmp c:\windows\system32\SET51.tmp c:\windows\system32\SET52.tmp c:\windows\system32\SET53.tmp c:\windows\system32\SET54.tmp c:\windows\system32\SET55.tmp c:\windows\system32\SET56.tmp c:\windows\system32\SET57.tmp c:\windows\system32\SET58.tmp c:\windows\system32\SET59.tmp c:\windows\system32\SET5A.tmp c:\windows\system32\SET5B.tmp c:\windows\system32\SET5C.tmp c:\windows\system32\SET5D.tmp c:\windows\system32\SET5E.tmp c:\windows\system32\SET5F.tmp c:\windows\system32\SET60.tmp c:\windows\system32\SET61.tmp c:\windows\system32\SET62.tmp c:\windows\system32\SET64.tmp c:\windows\system32\SET65.tmp c:\windows\system32\SET66.tmp c:\windows\system32\SET67.tmp c:\windows\system32\SET68.tmp c:\windows\system32\SET69.tmp c:\windows\system32\SET6A.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SET6C.tmp c:\windows\system32\SET6D.tmp c:\windows\system32\SET6E.tmp c:\windows\system32\SET6F.tmp c:\windows\system32\SET70.tmp c:\windows\system32\SET71.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET73.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET76.tmp c:\windows\system32\SET77.tmp c:\windows\system32\SET78.tmp c:\windows\system32\SET79.tmp c:\windows\system32\SET7A.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\SET7C.tmp c:\windows\system32\SET7D.tmp . . ((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))) . . 2013-01-31 22:53 . 2013-01-31 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WinZip 2013-01-31 18:50 . 2013-01-31 18:50 -------- d-----w- c:\program files\Bitdefender 2013-01-26 04:43 . 2013-01-26 04:43 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-01-26 04:41 . 2013-01-26 04:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-26 04:41 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-26 02:40 . 2013-01-26 02:40 -------- d-----w- c:\program files\Max Uninstaller 2013-01-25 04:11 . 2013-01-25 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2013-01-23 02:28 . 2013-01-23 02:28 -------- d-----w- c:\windows\ERUNT 2013-01-22 20:29 . 2013-01-23 02:28 -------- d-----w- C:\JRT 2013-01-20 17:09 . 2013-01-20 17:10 -------- d-----w- C:\RK_Quarantine 2013-01-20 01:46 . 2013-01-20 01:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-16 16:29 . 2013-01-16 16:29 -------- d-----w- c:\windows\system32\Bitdefender 2013-01-16 08:13 . 2013-01-16 08:13 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\HPAppData 2013-01-16 07:28 . 2013-01-16 07:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan 2013-01-16 07:13 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2013-01-16 07:05 . 2013-01-16 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2013-01-16 07:05 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll 2013-01-16 07:05 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2013-01-16 07:04 . 2013-01-16 07:04 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\Bitdefender 2013-01-15 08:15 . 2013-01-31 18:46 -------- d-----w- c:\program files\Common Files\Bitdefender 2013-01-15 07:37 . 2013-01-16 05:46 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\QuickScan 2013-01-15 07:07 . 2013-01-15 07:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2013-01-15 03:53 . 2013-01-15 03:56 -------- d-----w- c:\program files\trend micro 2013-01-15 03:53 . 2013-01-15 03:57 -------- d-----w- C:\rsit 2013-01-15 03:43 . 2013-01-15 03:43 -------- d-----w- c:\program files\ERUNT 2013-01-15 01:37 . 2013-01-15 01:37 -------- d-----w- c:\documents and settings\Elz.RUBEN\Local Settings\Application Data\WinZip 2013-01-10 04:44 . 2013-01-10 04:44 -------- d-----w- c:\documents and settings\Elz.RUBEN\Local Settings\Application Data\Microsoft Help 2013-01-08 03:54 . 2013-01-08 03:54 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\OneTab 2013-01-08 03:50 . 2013-01-08 03:50 -------- d-----w- c:\program files\Media converter 2013-01-08 03:32 . 2013-01-08 03:32 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\Apple Computer 2013-01-08 03:30 . 2013-01-08 03:30 -------- d-----w- c:\documents and settings\Elz.RUBEN\Local Settings\Application Data\Apple Computer 2013-01-08 03:24 . 2013-01-08 03:24 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\DivX 2013-01-08 00:24 . 2013-01-08 04:31 -------- d-----w- c:\documents and settings\Elz.RUBEN\Application Data\Raptr 2013-01-08 00:24 . 2013-01-08 00:35 -------- d-----w- c:\program files\Raptr 2013-01-08 00:14 . 2013-01-08 00:14 -------- d-----w- c:\documents and settings\Elz.RUBEN\.swt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 00:32 . 2012-04-09 21:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-18 00:32 . 2011-06-23 04:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 10:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 10:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2013-01-19 02:38 . 2013-01-19 02:38 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Elz^Start Menu^Programs^Startup^santa.bat] path=c:\documents and settings\Elz\Start Menu\Programs\Startup\santa.bat backup=c:\windows\pss\santa.batStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2012-05-30 17:18 4331392 ----a-w- c:\program files\AIM\aim.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-11-28 19:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 22:36 30040 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-08-23 19:12 7630848 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-08-23 19:12 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-08-23 19:12 1617920 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 22:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2006-07-27 19:19 282624 ----a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid] 2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "NMIndexingService"=3 (0x3) "NBService"=3 (0x3) "MozillaMaintenance"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "LBTServ"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate1c9c61c80095910"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "avg8wd"=2 (0x2) "avg8emc"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AdobeFlashPlayerUpdateSvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "e:\\iTunes.exe"= "e:\\Vuze\\Azureus.exe"= "c:\\Program Files\\Raptr\\raptr.exe"= "c:\\Program Files\\Raptr\\raptr_im.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Mozilla Firefox\\firefox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 . R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x] R2 gupdate1c9c61c80095910;Google Update Service (gupdate1c9c61c80095910);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] R3 nk_bus;Nokia USB Bus Service;c:\windows\system32\Drivers\nk_bus.sys [x] R3 nokusbser;Nokia USB Device;c:\windows\system32\DRIVERS\nokusbser.sys [x] R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [x] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:32] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 03:09] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 03:09] . . ------- Supplementary Scan ------- . mStart Page = about:blank TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - ProfilePath - c:\documents and settings\Elz.RUBEN\Application Data\Mozilla\Firefox\Profiles\jjgs72vl.default\ FF - ExtSQL: 2013-01-07 22:54; onetab@onetab.net; c:\program files\Mozilla Firefox\extensions\onetab@onetab.net . - - - - ORPHANS REMOVED - - - - . BHO-{65B3DC86-9758-3885-838F-8203FBC05440} - (no file) Notify-avgrsstarter - (no file) MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\Elz\Local Settings\Application Data\Akamai\netsession_win.exe MSConfigStartUp-AOL OCP - c:\documents and settings\Elz\Local Settings\Application Data\Apple\AOL OCP\yrdqs.dll MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe MSConfigStartUp-winlogon - c:\docume~1\Elz\LOCALS~1\Temp\nsi27B.tmp\winlogon.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-05 22:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\TEMP\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\0a\06\01\0f5\0bÚ" . Completion time: 2013-02-05 22:28:55 ComboFix-quarantined-files.txt 2013-02-06 03:28 . Pre-Run: 8,835,768,320 bytes free Post-Run: 9,284,562,944 bytes free . - - End Of File - - F587CEF6B4FCC51C75DBC8ADBDA31B13 -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
im in the process of scanning using combo fix but unfortunately im not connected to the internet on my desktop so it wasnt able to download the windows recovery console -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
Yea im still here just very busy -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
So before i do this step, should i download bitdefender again? -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
23:50:17.0671 0656 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 23:50:17.0687 0656 ============================================================ 23:50:17.0687 0656 Current date / time: 2013/01/31 23:50:17.0687 23:50:17.0687 0656 SystemInfo: 23:50:17.0687 0656 23:50:17.0687 0656 OS Version: 5.1.2600 ServicePack: 3.0 23:50:17.0687 0656 Product type: Workstation 23:50:17.0687 0656 ComputerName: RUBEN 23:50:17.0687 0656 UserName: Administrator 23:50:17.0687 0656 Windows directory: C:\WINDOWS 23:50:17.0687 0656 System windows directory: C:\WINDOWS 23:50:17.0687 0656 Processor architecture: Intel x86 23:50:17.0687 0656 Number of processors: 2 23:50:17.0687 0656 Page size: 0x1000 23:50:17.0687 0656 Boot type: Safe boot with network 23:50:17.0687 0656 ============================================================ 23:50:18.0156 0656 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 23:50:18.0156 0656 Drive \Device\Harddisk1\DR8 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 23:50:18.0171 0656 ============================================================ 23:50:18.0171 0656 \Device\Harddisk0\DR0: 23:50:18.0171 0656 MBR partitions: 23:50:18.0171 0656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EFFAF 23:50:18.0171 0656 \Device\Harddisk1\DR8: 23:50:18.0171 0656 MBR partitions: 23:50:18.0171 0656 \Device\Harddisk1\DR8\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542 23:50:18.0171 0656 ============================================================ 23:50:19.0000 0656 E: <-> \Device\Harddisk1\DR8\Partition1 23:50:19.0406 0656 C: <-> \Device\Harddisk0\DR0\Partition1 23:50:19.0406 0656 ============================================================ 23:50:19.0406 0656 Initialize success 23:50:19.0406 0656 ============================================================ -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
Rkill 2.4.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/31/2013 11:45:21 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Manual * Security Center (wscsvc) is not Running. Startup Type set to: Automatic * Automatic Updates (wuauserv) is not Running. Startup Type set to: Automatic Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * Cannot edit the HOSTS file. * Permissions Fixed. Administrators can now edit the HOSTS file. * HOSTS file entries found: 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 20 out of 15336 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 01/31/2013 11:46:10 PM Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s) -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
I uninstalled bitdefender to reinstall it but now i have no internet connection smh -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
sorry i havent had time because of work and school, i will update u tomorrow definitely -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
im running chameleon right now, how long does it actually take to kill the "malicious processes" because i don't kno if its actually doing anything, i've used 3 chameleons so far and they've been saying the same thing, the TFC didn't work btw -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
wen i was running TFC, it freezes wen it reaches to another user smh, so that's the step that i stopped at, i didn't try to run MBAM chameleon yet -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
# AdwCleaner v2.108 - Logfile created 01/24/2013 at 23:14:13 # Updated 24/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - RUBEN # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner(1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job File Deleted : C:\WINDOWS\Tasks\YourFile Update.job Folder Deleted : C:\Documents and Settings\Elz.RUBEN.000\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Elz.RUBEN\Application Data\SwvUpdater Folder Deleted : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\FCTB Folder Deleted : C:\Documents and Settings\Kevin\Application Data\Search Settings Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Documents and Settings\Elz.RUBEN\Application Data\Mozilla\Firefox\Profiles\jjgs72vl.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Elz.RUBEN.000\Application Data\Mozilla\Firefox\Profiles\lk0stkoq.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\prefs.js Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false); File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\532p25lf.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [4099 octets] - [23/01/2013 22:18:36] AdwCleaner[s1].txt - [4080 octets] - [24/01/2013 23:14:13] ########## EOF - C:\AdwCleaner[s1].txt - [4140 octets] ########## -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Bitdefender Internet Security 2013 `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy CCleaner JavaFX 2.0.2 JavaFX 2.0.2 SDK Java 6 Update 29 Java 6 Update 21 Java 7 Update 9 Java SE Development Kit 7 Update 2 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (18.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
# AdwCleaner v2.107 - Logfile created 01/23/2013 at 22:18:36 # Updated 21/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - RUBEN # Boot Mode : Safe mode with networking # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\WINDOWS\Tasks\AmiUpdXp.job File Found : C:\WINDOWS\Tasks\YourFile Update.job Folder Found : C:\Documents and Settings\Elz.RUBEN.000\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\Elz.RUBEN\Application Data\SwvUpdater Folder Found : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\FCTB Folder Found : C:\Documents and Settings\Kevin\Application Data\Search Settings Folder Found : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Found : HKLM\Software\Viewpoint Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Documents and Settings\Elz.RUBEN\Application Data\Mozilla\Firefox\Profiles\jjgs72vl.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Elz.RUBEN.000\Application Data\Mozilla\Firefox\Profiles\lk0stkoq.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ruwcgrkb.default\prefs.js Found : user_pref("extensions.vshare@toolbar.update.enabled", false); File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\532p25lf.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [3970 octets] - [23/01/2013 22:18:36] ########## EOF - C:\AdwCleaner[R1].txt - [4030 octets] ########## -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
the only log that i have saved from rogue killer is from the first time couple of steps that you posted, other than that.....nothing, and i'll proceed with the other steps and let you know how it goes -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
i was also unsure if i disabled bitdefender properly, because the instructions that you posted were old -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
i tried the rogue killer step multiple times and there's no log that saves after i restart the computer, so i didn't go any further...any ideas? -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
I dunno what happened, after the first step was completed, i couldnt open firefox or any folders, so i did step 2 in safe mode with networking, worked ok but step 3 gave me an issue, when i right clicked run as administrator it said "a device attached to the system is not functioning" -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
info.txt logfile of random's system information tool 1.09 2013-01-14 22:57:06 ======Uninstall list====== -->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\InstallShield Installation Information\{8988FBB3-F662-4BC8-94DE-FD764FAA1C9E}\setup.exe -runfromtemp -l0x0009 -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA} AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A} Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1 Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678} Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C} Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D} Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972} Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090} Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1 Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6} Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin Adobe Illustrator CS4-->C:\Program Files\Common Files\Adobe\Installers\2a31ae7a5c43ff52d8577782dd34e04\Setup.exe --uninstall=1 Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807} Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217} Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C} Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1} Adobe InDesign CS4-->C:\Program Files\Common Files\Adobe\Installers\1710d324011afc3e7658e969025f4ba\Setup.exe --uninstall=1 Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA} Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD} Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD} Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171} Adobe Setup-->MsiExec.exe /I{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D} Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B} Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} AIM 7-->C:\Program Files\AIM\uninst.exe AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe Apple Mobile Device Support-->MsiExec.exe /I{459699C3-9430-4381-964B-4248D87B49F9} AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} Cisco Connect-->"C:\Program Files\Cisco Systems\Cisco Connect\Cisco Connect.exe" -uninstall Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" Dell Resource CD-->MsiExec.exe /X{2764CA82-DFB9-4498-AF85-719340BF5305} DivX Plus DirectShow Filters-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Document Manager 1.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Update-->MsiExec.exe /X{787D1A33-A97B-4245-87C0-7174609A540C} Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217007FF} Java™ 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021F0} Java™ 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java™ SE Development Kit 7 Update 2-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0170020} JavaFX 2.0.2 SDK-->MsiExec.exe /X{2222706F-666A-4037-7777-202328764D10} JavaFX 2.0.2-->MsiExec.exe /X{1111706F-666A-4037-7777-202328764D10} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes Anti-Malware version 1.70.0.1100-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media converter-->"C:\Program Files\Media converter\unins000.exe" Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox 18.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat OneTab-->C:\Documents and Settings\Elz.RUBEN\Application Data\OneTab\uninstall.exe OZ776 SCR CardBus V1.1.3.6-->C:\Program Files\InstallShield Installation Information\{0A649E72-DB35-4C54-968E-CECAECA7E293}\setup.exe -runfromtemp -l0x0409 PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9} PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition -->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2722913)-->"C:\WINDOWS\ie8updates\KB2722913-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe" Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe" Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe" Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe" Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe" Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe" Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe" Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe" Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe" Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe" Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe" Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe" Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe" Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe" Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe" Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe" Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe" Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe" Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe" Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe" Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe" Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe" Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe" Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe" Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe" Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe" Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe" Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe" Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe" Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe" Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe" Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe" Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe" Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe" Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe" Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe" Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe" Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe" Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe" Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe" Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe" Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe" Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe" Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe" Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe" Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe" Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe" Security Update for Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe" Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe" Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe" Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe" Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe" Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe" Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe" Security Update for Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe" Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe" Security Update for Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe" Security Update for Windows XP (KB2705219)-->"C:\WINDOWS\$NtUninstallKB2705219$\spuninst\spuninst.exe" Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe" Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe" Security Update for Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe" Security Update for Windows XP (KB2718523)-->"C:\WINDOWS\$NtUninstallKB2718523$\spuninst\spuninst.exe" Security Update for Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe" Security Update for Windows XP (KB2723135)-->"C:\WINDOWS\$NtUninstallKB2723135$\spuninst\spuninst.exe" Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe" Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe" Security Update for Windows XP (KB2731847)-->"C:\WINDOWS\$NtUninstallKB2731847$\spuninst\spuninst.exe" Security Update for Windows XP (KB2753842)-->"C:\WINDOWS\$NtUninstallKB2753842$\spuninst\spuninst.exe" Security Update for Windows XP (KB2753842-v2)-->"C:\WINDOWS\$NtUninstallKB2753842-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2757638)-->"C:\WINDOWS\$NtUninstallKB2757638$\spuninst\spuninst.exe" Security Update for Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe" Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe" Security Update for Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe" Security Update for Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe" Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {ED38F8A3-4F61-494E-8BCA-E3AC7760C924} Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe" Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe" Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe" Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe" Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe" Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe" Update for Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe" Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE} VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} VoiceOver Kit-->MsiExec.exe /I{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA} Vuze-->E:\Vuze\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Xvid Video Codec-->C:\Program Files\Xvid\uninstall.exe ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AVG Anti-Virus ======System event log====== Computer Name: RUBEN Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 140430 Source Name: Service Control Manager Time Written: 20121226115358.000000-300 Event Type: error User: Computer Name: RUBEN Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 140427 Source Name: Service Control Manager Time Written: 20121226115127.000000-300 Event Type: error User: Computer Name: RUBEN Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 140424 Source Name: Service Control Manager Time Written: 20121226115126.000000-300 Event Type: error User: Computer Name: RUBEN Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 140421 Source Name: Service Control Manager Time Written: 20121226115126.000000-300 Event Type: error User: Computer Name: RUBEN Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 140418 Source Name: Service Control Manager Time Written: 20121226115126.000000-300 Event Type: error User: =====Application event log===== Computer Name: RUBEN Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk. Record Number: 33069 Source Name: crypt32 Time Written: 20121019162421.000000-240 Event Type: error User: Computer Name: RUBEN Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk. Record Number: 33068 Source Name: crypt32 Time Written: 20121019162421.000000-240 Event Type: error User: Computer Name: RUBEN Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk. Record Number: 33065 Source Name: crypt32 Time Written: 20121019162421.000000-240 Event Type: error User: Computer Name: RUBEN Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk. Record Number: 33064 Source Name: crypt32 Time Written: 20121019162421.000000-240 Event Type: error User: Computer Name: RUBEN Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk. Record Number: 33061 Source Name: crypt32 Time Written: 20121019162421.000000-240 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=6b01 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "asl.log"=Destination=file;OnFirstLog=command,environment "CLASSPATH"=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre7\lib\ext\QTJava.zip -----------------EOF----------------- Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG 8.5 `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner JavaFX 2.0.2 JavaFX 2.0.2 SDK Java™ 6 Update 29 Java™ 6 Update 21 Java 7 Update 9 Java™ SE Development Kit 7 Update 2 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (18.0) ````````Process Check: objlist.exe by Laurent```````` AVG avgrsx.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` <?xml version="1.0" encoding="utf-8"?> <?xml-stylesheet type="text/xsl" href="C:\Program Files\Bitdefender\Bitdefender 2013\ondemand.xsl"?> <ScanSession creator="Bitdefender Internet Security 2013" name="_QuickScan" installPath="C:\Program Files\Bitdefender\Bitdefender 2013\" creationDate="Wednesday, January 16, 2013 2:28:43 AM" originalPath="C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\da29f7c8-23b1-4974-8d11-209959ac694b\1358321302_1_01.xml" > <ScanSettings statisticsRefreshInterval="1000" scanSpeed="1.000000" lowPriority="0" enableExclusions="1" enableTaskExclusions="0" scanAdware="1" scanSpyware="1" scanApplications="1" scanDialers="1" scanKeyloggers="1" scanFiles="1" scanAllFiles="1" scanProgramsOnly="1" useCustomPrograms="0" customPrograms="" scanUserDefined="0" scanPacked="1" scanArchives="0" useSmartScan="1" scanEmails="0" scanRootkits="0" scanAllRootkits="0" scanBoot="0" scanMemory="0" scanRegistry="0" quickScan="1" quickScanMemory="1" quickScanAutoruns="1" quickScanPlugins="1" scanCookies="0" shutdownAfter="0" passwordPrompt="0" onlyAllowedActions="1" deepArchiveScan="0" maxArchiveLevel="15" maxArchiveSize="0" infectedAction1="1" infectedAction2="1" suspectAction1="1" suspectAction2="1" rootkitAction="1" userDefinedExtensions="" > <ScanPaths> </ScanPaths> <ExcludedPaths> </ExcludedPaths> <ExcludedExtensions> </ExcludedExtensions> </ScanSettings> <EngineSummary totalSignatures="8618380" /> <ScanSummary scannedArchives="0" scannedPacked="0" startTime="1358321302" duration="20859" > <TypeSummary type="1" scanned="0" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="4" scanned="0" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="0" scanned="742" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="5" scanned="0" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="2" scanned="0" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="3" scanned="0" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> <TypeSummary type="6" scanned="0" infected="0" suspicious="0" disinfected="0" deleted="0" moved="0" moved_reboot="0" delete_reboot="0" renamed="0" hidden="0" /> </ScanSummary> <ScanDetails> <UnresolvedDetails> </UnresolvedDetails> <ResolvedDetails> </ResolvedDetails> <IgnoredDetails> </IgnoredDetails> <QuickScanDetails> </QuickScanDetails> <NotScannedDetails skipped="0" ioerrors="0" archiveBombs="0" passwordProtected="0" > </NotScannedDetails> </ScanDetails> </ScanSession> RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Elz [Admin rights] Mode : Scan -- Date : 01/16/2013 02:41:57 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [TASK][sUSP PATH] AmiUpdXp.job : C:\Documents and Settings\Elz.RUBEN\Application Data\SwvUpdater\Updater.exe -> FOUND [iFEO] HKLM\[...]\ctfmon.exe : Debugger (C:\WINDOWS\system32\ctfmon_tk.exe) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30A060) SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30ABCA) SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30DABA) SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30C346) SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30B894) SSDT[41] : NtCreateKey @ 0x806240F6 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30CA3E) SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30AE20) SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30AED6) SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30B1BE) SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC3099D0) SSDT[66] : NtDeviceIoControlFile @ 0x80579268 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30CBAE) SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC310F48) SSDT[84] : NtFsControlFile @ 0x8057929C -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30CE66) SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30A4D6) SSDT[105] : NtMakeTemporaryObject @ 0x805BC5DC -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30D862) SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30B68C) SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC3109A0) SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30AF90) SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC310C50) SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC309EE4) SSDT[180] : NtQueueApcThread @ 0x805D2756 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30ACF2) SSDT[193] : NtReplaceKey @ 0x806261CA -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30D6B0) SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30C4B4) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30BE48) SSDT[204] : NtRestoreKey @ 0x80625AD6 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30D73A) SSDT[210] : NtSecureConnectPort @ 0x805A3D6C -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30C8CE) SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC309B40) SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30D60A) SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30A6D0) SSDT[249] : NtShutdownSystem @ 0x80612FAE -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30D7CC) SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC309DBC) SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC309C96) SSDT[255] : NtSystemDebugControl @ 0x806180CA -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30AAFC) SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC310898) SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC31113A) SSDT[262] : NtUnloadDriver @ 0x80584306 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30D8F8) SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC309854) S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30943C) S_SSDT[322] : NtUserCallNoParam -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC309644) S_SSDT[323] : NtUserCallOneParam -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC309596) S_SSDT[347] : NtUserDdeSetQualityOfService -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC3093A2) S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30933E) S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC3091D0) S_SSDT[416] : NtUserGetKeyState -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30916C) S_SSDT[460] : NtUserMessageCall -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC308E76) S_SSDT[475] : NtUserPostMessage -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC308C7C) S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC308CFC) S_SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC308EFE) S_SSDT[502] : NtUserSendInput -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC308C2A) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30827C) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (\??\C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys @ 0xAC30870A) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160812AS +++++ --- User --- [MBR] 2346c5f9a4c8929a893344f1c62c8a6f [bSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 149471 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 306198900 | Size: 3074 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01162013_02d0241.txt >> RKreport[1]_S_01162013_02d0241.txt -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
when i say freezing, i mean that malwarebytes crashes on a certain file when it reaches it and these are all the logs as requested: Logfile of random's system information tool 1.09 (written by random/random) Run by Elz at 2013-01-14 22:54:44 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 8 GB (5%) free of 149 GB Total RAM: 1982 MB (34% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:56:59 PM, on 1/14/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\PROGRA~1\WINZIP\wzqkpick.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Documents and Settings\Elz.RUBEN\My Documents\Downloads\RSIT.exe C:\Program Files\trend micro\Elz.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: OneTab Add-on - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Documents and Settings\Elz.RUBEN\Application Data\OneTab\OneTab.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {65B3DC86-9758-3885-838F-8203FBC05440} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file) O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Google Update Service (gupdate1c9c61c80095910) (gupdate1c9c61c80095910) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe -- End of file - 7644 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\AmiUpdXp.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\YourFile Update.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Elz.RUBEN\Application Data\Mozilla\Firefox\Profiles\jjgs72vl.default "{3f963a5b-e555-4543-90e2-c3908898db71}"=C:\Program Files\AVG\AVG8\Firefox "{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video "{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa "jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.5.502.135 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"=DivX Plus Web Player "Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0] "Description"=DivX® Player Plugin for VOD Content "Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] "Description"=DivX VOD Helper Plug-in "Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2] "Description"=Java™ Deployment Toolkit "Path"=C:\WINDOWS\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/vbp;version=0.9.17] "Description"=Veetle Broadcaster Plugin "Path"=C:\Program Files\Veetle\VLCBroadcast\npvbp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ onetab@onetab.net {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll npCouponPrinter.xpt nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ npCouponPrinter.dll npDivxPlayerPlugin.dll npdnu.dll npdnu.xpt npdnupdater2.dll npdnupdater2.xpt NPOFF12.DLL nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll nsIDivxPlayerPlugin.xpt QuickTimePlugin.class C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml babylon.xml bing.xml eBay.xml google.xml Search_Results.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}] OneTab Add-on - C:\Documents and Settings\Elz.RUBEN\Application Data\OneTab\OneTab.dll [2012-11-12 381440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}] DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07 3118976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}] DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07 3118976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65B3DC86-9758-3885-838F-8203FBC05440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-24 449512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-12-14 512360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] C:\Program Files\AIM\aim.exe [2012-05-30 4331392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] C:\Documents and Settings\Elz\Local Settings\Application Data\Akamai\netsession_win.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL OCP] C:\Documents and Settings\Elz\Local Settings\Application Data\Apple\AOL OCP\yrdqs.dll,DllRegisterServer [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2011-10-17 2042208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-08-23 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe [2006-07-27 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon] C:\DOCUME~1\Elz\LOCALS~1\Temp\nsi27B.tmp\winlogon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid] C:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-07-20 813584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] C:\PROGRA~1\WinZip\WZQKPICK.EXE [2011-02-14 608584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Elz^Start Menu^Programs^Startup^santa.bat] C:\Documents and Settings\Elz\Start Menu\Programs\Startup\santa.bat [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 "ose"=3 "odserv"=3 "NVSvc"=2 "NMIndexingService"=3 "NBService"=3 "MozillaMaintenance"=3 "Microsoft Office Groove Audit Service"=3 "LBTServ"=3 "JavaQuickStarterService"=2 "idsvc"=3 "gupdatem"=3 "gupdate1c9c61c80095910"=2 "FLEXnet Licensing Service"=3 "Bonjour Service"=2 "avg8wd"=2 "avg8emc"=2 "Apple Mobile Device"=2 "AdobeFlashPlayerUpdateSvc"=3 C:\Documents and Settings\All Users\Start Menu\Programs\Startup WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-07-30 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe" "C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe" "C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM" "C:\Documents and Settings\Elz\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\BrowserPlusService.exe"="C:\Documents and Settings\Elz\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\BrowserPlusService.exe:*:Disabled:BrowserPlusCore" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\Program Files\Java\jre6\bin\javaws.exe"="C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java™ Web Start Launcher" "C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe"="C:\Documents and Settings\All Users\Application Data\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" "C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire" "C:\Program Files\TuneUpMedia\TuneUpApp.exe"="C:\Program Files\TuneUpMedia\TuneUpApp.exe:*:Disabled:TuneUpApp" "C:\Program Files\FrostWire 5\FrostWire.exe"="C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire" "C:\Documents and Settings\Elz\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Elz\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win" "C:\Documents and Settings\Kevin\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\Kevin\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\NetBeans 7.1\bin\netbeans.exe"="C:\Program Files\NetBeans 7.1\bin\netbeans.exe:*:Enabled:netbeans" "C:\Documents and Settings\Elz\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Elz\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox" "C:\Documents and Settings\Elz\Local Settings\Temp\7zS7FC9\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Elz\Local Settings\Temp\7zS7FC9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS" "C:\Documents and Settings\Elz\Local Settings\Temp\7zS0946\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Elz\Local Settings\Temp\7zS0946\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze" "E:\iTunes.exe"="E:\iTunes.exe:*:Enabled:iTunes" "E:\Vuze\Azureus.exe"="E:\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze" "C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Desktop App" "C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe] "Debugger="C:\WINDOWS\system32\ctfmon_tk.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=l3codecp.acm "wave1"=serwvdrv.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "mixer1"=wdmaud.drv "msacm.ac3filter"=ac3filter.acm "vidc.DIVX"=DivX.dll "vidc.yv12"=DivX.dll "vidc.XVID"=xvidvfw.dll ======List of files/folders created in the last 1 month====== 2013-01-14 22:53:14 ----D---- C:\Program Files\trend micro 2013-01-14 22:53:13 ----D---- C:\rsit 2013-01-14 22:45:13 ----D---- C:\WINDOWS\ERDNT 2013-01-14 22:43:41 ----D---- C:\Program Files\ERUNT 2013-01-10 21:14:33 ----A---- C:\WINDOWS\ntbtlog.txt 2013-01-10 16:39:36 ----D---- C:\Program Files\Mozilla Firefox 2013-01-09 23:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$ 2013-01-07 22:54:56 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\OneTab 2013-01-07 22:52:55 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\SwvUpdater 2013-01-07 22:50:33 ----D---- C:\Program Files\Media converter 2013-01-07 22:32:35 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Apple Computer 2013-01-07 22:24:11 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\DivX 2013-01-07 19:24:05 ----D---- C:\Program Files\Raptr 2013-01-07 19:24:05 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Raptr 2013-01-07 16:02:38 ----A---- C:\WINDOWS\SchedLgU.Txt 2013-01-07 14:33:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2013-01-07 14:33:48 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2013-01-04 19:36:07 ----D---- C:\Program Files\Cisco Systems 2013-01-04 19:31:01 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco Systems 2013-01-03 22:17:14 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Malwarebytes 2013-01-03 21:27:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-01-03 21:27:19 ----D---- C:\WINDOWS\system32\LogFiles 2013-01-03 14:25:26 ----D---- C:\Program Files\CCleaner 2013-01-03 14:10:04 ----SHD---- C:\WINDOWS\TEMP 2012-12-26 12:06:13 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Azureus 2012-12-26 00:35:50 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Adobe 2012-12-25 11:45:05 ----DC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2012-12-25 11:42:57 ----DC---- C:\WINDOWS\$NtUninstallWudf01000$ 2012-12-23 23:41:34 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Macromedia 2012-12-23 23:39:16 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Mozilla 2012-12-23 23:33:10 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Microsoft 2012-12-23 23:15:31 ----D---- C:\Documents and Settings\Elz.RUBEN\Application Data\Identities 2012-12-21 10:09:11 ----N---- C:\WINDOWS\system32\spmsg.dll 2012-12-21 10:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$ 2012-12-18 12:50:49 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2012-12-17 22:56:20 ----D---- C:\WINDOWS\system32\drivers\umdf 2012-12-17 22:56:08 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ ======List of files/folders modified in the last 1 month====== 2013-01-14 22:53:15 ----D---- C:\WINDOWS\Prefetch 2013-01-14 22:53:14 ----D---- C:\Program Files 2013-01-14 22:53:01 ----D---- C:\WINDOWS\system32\drivers 2013-01-14 22:45:13 ----D---- C:\WINDOWS 2013-01-10 21:37:58 ----D---- C:\Program Files\Mozilla Maintenance Service 2013-01-10 00:05:05 ----D---- C:\WINDOWS\Microsoft.NET 2013-01-10 00:05:02 ----RSD---- C:\WINDOWS\assembly 2013-01-09 23:58:12 ----SHD---- C:\WINDOWS\Installer 2013-01-09 23:58:11 ----HD---- C:\Config.Msi 2013-01-09 23:57:59 ----D---- C:\WINDOWS\system32 2013-01-09 23:57:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2013-01-09 23:57:37 ----D---- C:\WINDOWS\WinSxS 2013-01-09 23:46:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-01-09 23:38:23 ----HD---- C:\WINDOWS\inf 2013-01-09 23:38:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2013-01-09 23:33:58 ----D---- C:\WINDOWS\Debug 2013-01-09 23:33:55 ----A---- C:\WINDOWS\system32\MRT.exe 2013-01-09 19:27:50 ----HD---- C:\WINDOWS\$hf_mig$ 2013-01-09 19:27:48 ----D---- C:\WINDOWS\system32\CatRoot2 2013-01-07 22:54:52 ----SD---- C:\WINDOWS\Tasks 2013-01-07 16:03:37 ----D---- C:\WINDOWS\SoftwareDistribution 2013-01-03 13:08:36 ----SHD---- C:\RECYCLER 2013-01-02 23:40:51 ----D---- C:\Documents and Settings 2013-01-02 21:56:06 ----HD---- C:\$AVG8.VAULT$ 2012-12-26 12:28:15 ----D---- C:\Program Files\VSO 2012-12-26 11:53:57 ----D---- C:\Program Files\Apple Software Update 2012-12-26 11:51:14 ----D---- C:\Program Files\Common Files\Apple 2012-12-26 11:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-26 01:05:33 ----D---- C:\WINDOWS\system32\CatRoot 2012-12-26 00:37:46 ----D---- C:\WINDOWS\system32\config 2012-12-26 00:37:29 ----D---- C:\WINDOWS\system32\wbem 2012-12-26 00:37:29 ----D---- C:\WINDOWS\Registration 2012-12-26 00:37:07 ----D---- C:\Program Files\Windows Media Player 2012-12-25 18:44:30 ----A---- C:\WINDOWS\win.ini 2012-12-25 18:44:18 ----D---- C:\WINDOWS\Help 2012-12-25 12:20:32 ----D---- C:\WINDOWS\system32\drivers\etc 2012-12-23 23:23:48 ----D---- C:\Program Files\Common Files 2012-12-20 21:48:19 ----A---- C:\WINDOWS\NeroDigital.ini 2012-12-17 23:06:19 ----D---- C:\Program Files\Common Files\Akamai 2012-12-17 22:47:30 ----D---- C:\WINDOWS\security 2012-12-17 19:32:55 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-12-16 07:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2009-05-04 12552] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-05 721904] R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-30 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-30 27784] R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-04 108552] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R2 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys [] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [2009-06-17 40720] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [2009-06-17 10384] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704] S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904] S1 OMCI;OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [] S3 ao85jkqe;ao85jkqe; C:\WINDOWS\system32\drivers\ao85jkqe.sys [] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568] S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 nk_bus;Nokia USB Bus Service; C:\WINDOWS\System32\Drivers\nk_bus.sys [2007-08-10 22144] S3 nokusbser;Nokia USB Device; C:\WINDOWS\system32\DRIVERS\nokusbser.sys [2008-06-07 103552] S3 PbsAuDrv;PolderbitS Audio Driver; C:\WINDOWS\system32\drivers\pbsaudrv.sys [] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-04-26 47360] S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-09-28 44544] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-05-09 40704] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-24 161768] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 gupdate1c9c61c80095910;Google Update Service (gupdate1c9c61c80095910); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-25 133104] S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-05-09 6656] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-25 133104] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 250808] S4 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-30 908056] S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-30 297752] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-04 655624] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-10 115760] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715] S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
thank u for the reply, i'm gonna do this step by step and post my results and this is the file that freezes c:\DOCUMENTS AND SETTINGS\KEVIN\Local Settings\Temporary Internet Files\Content.IE5\499HZYGK\system[1].css -
My computer is infected, need help!
Elz11226 replied to Elz11226's topic in Resolved Malware Removal Logs
can i please get some help?? it will be greatly appreciated, i have run out of solutions -
i recently just made an account on here because i seriously need help removing whatever it is on my computer. i've been using malwarebytes anti-malware but everytime it reaches a certain file, it freezes, i've did a whole bunch of research to try and figure out why, but i've been unsucessful, any help will be greatly appreciated . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 4500_Help AC3Filter (remove only) Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 Professional Adobe Flash CS4 STI-en Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Importer Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Reader 9.5.1 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AIM 7 AIMTunes AMD Processor Driver Apple Application Support Apple Mobile Device Support AVG 8.5 BPD_HPSU bpd_scan BPDSoftware BPDSoftware_Ini Broadcom 440x 10/100 Integrated Controller Broadcom Management Programs BufferChm CCleaner CDDRV_Installer Cisco Connect Conexant D850 56K V.9x DFVc Modem Connect Coupon Printer for Windows CustomerResearchQFolder Dell Resource CD Destination Component DeviceDiscovery DeviceManagementQFolder Digital Line Detect DivX Converter DivX Plus DirectShow Filters DivX Version Checker DocMgr DocProc DocProcQFolder Download Updater (AOL LLC) DVD Decrypter (Remove Only) DVD Shrink 3.2 EPSON Printer Software erLT eSupportQFolder Fax Google Update Helper GPBaseService GPBaseService2 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 10.0 HP Document Manager 1.0 HP Imaging Device Functions 10.0 HP Officejet J4500 Series HP Photosmart Essential 2.5 HP Smart Web Printing 4.60 HP Update HPProductAssistant HPSSupply J4500 Java 7 Update 9 Java Auto Updater Java™ 6 Update 21 Java™ 6 Update 29 Java™ SE Development Kit 7 Update 2 JavaFX 2.0.2 JavaFX 2.0.2 SDK KhalInstallWrapper kuler Logitech SetPoint Magic ISO Maker v5.5 (build 0272) Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Media converter Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ Run Time Lib Setup MobileMe Control Panel Mozilla Firefox 18.0 (x86 en-US) Mozilla Maintenance Service MSVCSetup MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser neroxml NVIDIA Drivers OCR Software by I.R.I.S. 10.0 OneTab OZ776 SCR CardBus V1.1.3.6 PDF Settings CS4 Photoshop Camera Raw Pixel Bender Toolkit PowerDVD ProductContext PSSWCORE QuickTime Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies SigmaTel Audio SmartWebPrinting Software Version Updater SolutionCenter Spybot - Search & Destroy Status Suite Shared Configuration CS4 Toolbox TrayApp Trillian Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.4053 VideoToolkit01 VoiceOver Kit Vuze WebFldrs XP WebReg Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows XP Service Pack 3 WinRAR archiver WinZip 15.0 Xvid Video Codec . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by Elz at 22:14:56 on 2013-01-10 . ============== Running Processes ================ . C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: OneTab Add-on: {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - c:\documents and settings\elz.ruben\application data\onetab\OneTab.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: {65B3DC86-9758-3885-838F-8203FBC05440} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - <orphaned> BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [userFaultCheck] c:\windows\system32\dumprep 0 -u mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: NameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{95C29C43-4EF6-44D3-AA4D-CCFD11958F22} : DHCPNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs= SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll IFEO: ctfmon.exe - c:\windows\system32\ctfmon_tk.exe Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\elz.ruben\application data\mozilla\firefox\profiles\jjgs72vl.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\NPSWF32.dll FF - ExtSQL: 2013-01-07 22:54; onetab@onetab.net; c:\program files\mozilla firefox\extensions\onetab@onetab.net . ============= SERVICES / DRIVERS =============== . R? avg8emc;AVG8 E-mail Scanner R? avg8wd;AVG8 WatchDog R? gupdate1c9c61c80095910;Google Update Service (gupdate1c9c61c80095910) R? MBAMSwissArmy;MBAMSwissArmy R? nk_bus;Nokia USB Bus Service R? nokusbser;Nokia USB Device R? PbsAuDrv;PolderbitS Audio Driver S? AvgLdx86;AVG AVI Loader Driver x86 S? AvgMfx86;AVG On-access Scanner Minifilter Driver x86 S? AvgRkx86;avgrkx86.sys S? AvgTdiX;AVG8 Network Redirector S? LBeepKE;LBeepKE S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-01-10 20:09:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-10 04:44:00 -------- d-----w- c:\documents and settings\elz.ruben\local settings\application data\Microsoft Help 2013-01-08 03:54:56 -------- d-----w- c:\documents and settings\elz.ruben\application data\OneTab 2013-01-08 03:52:55 -------- d-----w- c:\documents and settings\elz.ruben\application data\SwvUpdater 2013-01-08 03:50:33 -------- d-----w- c:\program files\Media converter 2013-01-08 03:30:06 -------- d-----w- c:\documents and settings\elz.ruben\local settings\application data\Apple Computer 2013-01-08 00:24:05 -------- d-----w- c:\program files\Raptr 2013-01-08 00:24:05 -------- d-----w- c:\documents and settings\elz.ruben\application data\Raptr 2013-01-08 00:14:15 -------- d-----w- c:\documents and settings\elz.ruben\.swt 2013-01-07 19:33:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-07 19:33:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 00:36:07 -------- d-----w- c:\program files\Cisco Systems 2013-01-05 00:31:01 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems 2013-01-04 03:17:14 -------- d-----w- c:\documents and settings\elz.ruben\application data\Malwarebytes 2013-01-04 02:27:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-01-04 02:27:19 -------- d-----w- c:\windows\system32\LogFiles 2013-01-03 19:25:26 -------- d-----w- c:\program files\CCleaner 2012-12-28 02:57:25 -------- d-----w- c:\documents and settings\elz.ruben\local settings\application data\Adobe 2012-12-26 17:06:13 -------- d-----w- c:\documents and settings\elz.ruben\application data\Azureus 2012-12-26 16:53:55 -------- d-----w- c:\documents and settings\elz.ruben\local settings\application data\Apple 2012-12-26 05:37:29 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-12-26 05:37:29 -------- d-----w- c:\windows\system32\wbem\Repository 2012-12-24 04:39:16 -------- d-----w- c:\documents and settings\elz.ruben\local settings\application data\Mozilla 2012-12-24 04:15:23 -------- d-sh--w- c:\documents and settings\elz.ruben\IETldCache 2012-12-24 04:13:38 -------- d-----w- c:\documents and settings\elz.ruben\local settings\application data\Microsoft . ==================== Find3M ==================== . 2012-12-18 00:32:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-18 00:32:55 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 15:50:16 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 22:15:41.92 ===============