Jump to content

Got something, can't get rid of it.


Recommended Posts

I have something causing Internet explorer to complain about certificate security errors, but the site isn't a secure site.  I've scaned with malwareByte and Symantec Endpoint and removed everything that look evil.  Scanned with HiJackThis and I've attached the log.  If anyone can tell me whatt he issue is, I'd appreciate it.  Thanks.

hijackthis.log

Link to post
Share on other sites

Welcome to the forum, there's some adware on the system and also these shouldn't be in your trusted zones:

O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.storageguardsoft.com

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I suggest you......please start HERE
Post back the 2 logs here.....DDS.txt and Attach.txt
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)
MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS.TXT:

 

DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.11.2
Run by HP_Administrator at 21:22:16 on 2013-10-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3567.2249 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *Disabled*
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehrec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.








BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\hp_administrator\local settings\application data\downloadterms\temp.dat
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\adobe acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
uRun: [TiVme Agent] c:\program files\kworld multimedia\tivme\ScheduleAgent.exe srec
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [.NET Cryptor] c:\program files\rustemsoft\skater .net obfuscator\Cryptor.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [Display] c:\program files\apc\powerchute personal edition\DataCollectionLauncher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\powerchute personal edition\Display.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: download.microsoft.com
Trusted Zone: imagesrvr.com
Trusted Zone: localhost
Trusted Zone: update.microsoft.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com











TCP: NameServer = 68.9.16.30 68.13.16.30
TCP: Interfaces\{2378654A-0EAD-4AC9-A0D6-9C1651306D08} : NameServer = 68.9.16.30,68.13.16.30
TCP: Interfaces\{2A331630-709B-4178-A399-C744A0A6948A} : DHCPNameServer = 68.9.16.30 68.9.16.25 68.100.16.30
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{FCF2138F-70D1-4989-B1E5-8E1108C6D56D} : NameServer = 68.9.16.30,68.13.16.30
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\quest software\toad for oracle 10\RNetPin.dll
Notify: NavLogon - <no file>
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\WinLogoutNotifier.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 192.168.10.16 DATABASE-WIN7
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\npasxf2e.default\

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true


FF - user.js: extensions.funmoods.id - 001731111393AE97
FF - user.js: extensions.funmoods.instlDay - 15604
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:3:27
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-5-17 756856]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2013-6-2 752128]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20130924.011\BHDrvx86.sys [2013-10-1 1002072]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-5-10 136312]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-2-8 3246040]
R2 APC Data Service;APC Data Service;c:\program files\apc\powerchute personal edition\dataserv.exe [2012-1-24 21880]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-20 54760]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-14 137224]
R2 SWAS_Core;SyncThru Web Admin Service;c:\program files\samsung network printer utilities\syncthru web admin service\SWAS.exe [2011-6-13 1449984]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-24 24652]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-2-8 167968]
R3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-29 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20131003.001\IDSXpx86.sys [2013-10-3 380824]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20131003.009\NAVENG.SYS [2013-10-3 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20131003.009\NAVEX15.SYS [2013-10-3 1612376]
S0 srkig;srkig;c:\windows\system32\drivers\emytx.sys --> c:\windows\system32\drivers\emytx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-16 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-23 701512]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-23 22856]
S3 sshvnic;SSH Virtual Network Adapter (sshvnic);c:\windows\system32\drivers\sshvnic5.sys --> c:\windows\system32\drivers\sshvnic5.sys [?]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-6-17 23984]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-3-29 2077840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-9 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DB2MGMTSVC_TACOM25;DB2 Management Service (TACOM25);c:\program files\quest software\toad for data analysts 2.5\sqllib\bin\db2mgmtsvc.exe [2009-2-20 38688]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-10-01 09:08:05    --------    d-----w-    C:\CASHomeImprovement
2013-09-13 11:19:54    --------    d-----w-    c:\program files\Uninstaller
2013-09-13 11:13:53    --------    d-----w-    c:\documents and settings\all users\application data\Conduit
2013-09-13 11:13:25    --------    d-----w-    c:\documents and settings\hp_administrator\local settings\application data\CRE
2013-09-13 11:13:24    --------    d-----w-    c:\documents and settings\hp_administrator\local settings\application data\Conduit
2013-09-13 11:13:23    --------    d-----w-    c:\program files\Conduit
2013-09-13 11:12:16    --------    d-----w-    c:\program files\common files\337
2013-09-13 11:10:54    --------    d-----w-    c:\program files\MyPC Backup
2013-09-13 11:10:04    --------    d-----w-    c:\program files\DefaultTab
2013-09-13 11:10:03    --------    d-----w-    c:\program files\Tuguu SL
2013-09-13 11:10:03    --------    d-----w-    c:\documents and settings\hp_administrator\application data\player
2013-09-13 11:08:19    --------    d-----w-    c:\documents and settings\hp_administrator\local settings\application data\DownloadTerms
.
==================== Find3M  ====================
.
2013-09-19 22:07:06    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 22:07:06    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 06:05:59    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-08-08 06:05:59    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-08-08 01:27:48    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-08 00:02:34    385024    ----a-w-    c:\windows\system32\html.iec
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 18:18:38    1543680    ----a-w-    c:\windows\system32\wmvdecod.dll
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
.
============= FINISH: 21:24:59.95 ===============
 

Link to post
Share on other sites

Attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2006 1:40:25 PM
System Uptime: 9/29/2013 11:41:59 PM (94 hours ago)
.
Motherboard: Hewlett-Packard |  | 0AA0h
Processor: Intel® Core2 Quad CPU    Q6600  @ 2.40GHz | XU1 PROCESSOR | 2400/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 199.398 GiB free.
D: is FIXED (FAT32) - 17 GiB total, 8.873 GiB free.
E: is CDROM ()
T: is NetworkDisk (NTFS) - 1863 GiB total, 924.873 GiB free.
W: is NetworkDisk (NTFS) - 233 GiB total, 212.125 GiB free.
X: is NetworkDisk (NTFS) - 373 GiB total, 338.689 GiB free.
Y: is NetworkDisk (NTFS) - 466 GiB total, 443.128 GiB free.
Z: is NetworkDisk (NTFS) - 186 GiB total, 126.062 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F13\4&385CCC60&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F13\4&385CCC60&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Enhanced Mulmedia PS/2 Keyboard
Device ID: ACPI\PNP0303\4&385CCC60&0
Manufacturer: HP
Name: Enhanced Mulmedia PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&385CCC60&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP681: 7/6/2013 11:52:47 AM - System Checkpoint
RP682: 7/7/2013 12:54:55 PM - System Checkpoint
RP683: 7/8/2013 1:54:25 PM - System Checkpoint
RP684: 7/9/2013 2:42:27 PM - System Checkpoint
RP685: 7/10/2013 3:42:31 PM - System Checkpoint
RP686: 7/11/2013 4:21:14 PM - Software Distribution Service 3.0
RP687: 7/12/2013 9:44:38 AM - Installed OBD-PC Link
RP688: 7/12/2013 1:17:17 PM - Installed OBD-PC Link
RP689: 7/13/2013 1:58:59 PM - System Checkpoint
RP690: 7/14/2013 3:10:28 PM - System Checkpoint
RP691: 7/15/2013 4:14:47 PM - System Checkpoint
RP692: 7/16/2013 5:10:44 PM - System Checkpoint
RP693: 7/17/2013 5:58:45 PM - System Checkpoint
RP694: 7/18/2013 8:43:34 PM - System Checkpoint
RP695: 7/19/2013 8:59:54 PM - System Checkpoint
RP696: 7/20/2013 10:17:26 PM - System Checkpoint
RP697: 7/21/2013 11:38:59 PM - System Checkpoint
RP698: 7/23/2013 12:09:06 AM - System Checkpoint
RP699: 7/24/2013 12:42:21 AM - System Checkpoint
RP700: 7/25/2013 1:42:23 AM - System Checkpoint
RP701: 7/25/2013 4:41:31 PM - Installed QuickTime
RP702: 7/25/2013 5:01:25 PM - Installed QuickTime
RP703: 7/26/2013 5:04:32 PM - System Checkpoint
RP704: 7/27/2013 5:11:42 PM - System Checkpoint
RP705: 7/28/2013 6:10:00 PM - System Checkpoint
RP706: 7/29/2013 6:42:23 PM - System Checkpoint
RP707: 7/30/2013 7:13:18 PM - System Checkpoint
RP708: 7/31/2013 8:32:58 PM - System Checkpoint
RP709: 8/1/2013 9:29:18 PM - System Checkpoint
RP710: 8/2/2013 9:47:57 PM - System Checkpoint
RP711: 8/3/2013 10:06:13 PM - System Checkpoint
RP712: 8/4/2013 10:14:12 PM - System Checkpoint
RP713: 8/5/2013 10:42:40 PM - System Checkpoint
RP714: 8/6/2013 10:49:10 PM - System Checkpoint
RP715: 8/7/2013 11:44:59 PM - System Checkpoint
RP716: 8/8/2013 11:54:05 PM - System Checkpoint
RP717: 8/10/2013 12:52:58 AM - System Checkpoint
RP718: 8/11/2013 12:58:22 AM - System Checkpoint
RP719: 8/12/2013 1:58:32 AM - System Checkpoint
RP720: 8/13/2013 2:58:29 AM - System Checkpoint
RP721: 8/14/2013 3:00:35 AM - Software Distribution Service 3.0
RP722: 8/15/2013 3:50:30 AM - System Checkpoint
RP723: 8/16/2013 4:04:00 AM - System Checkpoint
RP724: 8/17/2013 4:16:31 AM - System Checkpoint
RP725: 8/18/2013 5:16:33 AM - System Checkpoint
RP726: 8/19/2013 5:32:00 AM - System Checkpoint
RP727: 8/20/2013 5:38:38 AM - System Checkpoint
RP728: 8/21/2013 6:22:15 AM - System Checkpoint
RP729: 8/22/2013 7:33:18 AM - System Checkpoint
RP730: 8/23/2013 9:10:29 AM - System Checkpoint
RP731: 8/24/2013 9:42:24 AM - System Checkpoint
RP732: 8/25/2013 10:21:07 AM - System Checkpoint
RP733: 8/26/2013 11:21:10 AM - System Checkpoint
RP734: 8/27/2013 12:21:11 PM - System Checkpoint
RP735: 8/28/2013 3:00:40 AM - Software Distribution Service 3.0
RP736: 8/29/2013 3:21:15 AM - System Checkpoint
RP737: 8/30/2013 4:18:08 AM - System Checkpoint
RP738: 8/31/2013 5:18:10 AM - System Checkpoint
RP739: 9/1/2013 6:18:11 AM - System Checkpoint
RP740: 9/2/2013 7:18:16 AM - System Checkpoint
RP741: 9/3/2013 9:10:24 AM - System Checkpoint
RP742: 9/4/2013 10:11:05 AM - System Checkpoint
RP743: 9/5/2013 10:43:37 AM - System Checkpoint
RP744: 9/6/2013 11:47:14 AM - System Checkpoint
RP745: 9/7/2013 12:55:04 PM - System Checkpoint
RP746: 9/8/2013 2:01:15 PM - System Checkpoint
RP747: 9/9/2013 4:38:54 PM - System Checkpoint
RP748: 9/10/2013 5:21:51 PM - System Checkpoint
RP749: 9/11/2013 5:42:12 PM - System Checkpoint
RP750: 9/12/2013 6:41:10 PM - System Checkpoint
RP751: 9/13/2013 3:00:45 AM - Software Distribution Service 3.0
RP752: 9/13/2013 7:16:38 AM - Removed Oracle Data Provider for .NET Help
RP753: 9/13/2013 7:22:01 AM - Quitado VAFPlayer
RP754: 9/14/2013 7:25:54 AM - System Checkpoint
RP755: 9/15/2013 8:32:43 AM - System Checkpoint
RP756: 9/16/2013 9:14:33 AM - System Checkpoint
RP757: 9/17/2013 10:14:31 AM - System Checkpoint
RP758: 9/18/2013 11:14:33 AM - System Checkpoint
RP759: 9/19/2013 12:14:33 PM - System Checkpoint
RP760: 9/20/2013 1:51:30 PM - System Checkpoint
RP761: 9/21/2013 2:37:43 PM - System Checkpoint
RP762: 9/22/2013 3:37:43 PM - System Checkpoint
RP763: 9/23/2013 4:37:43 PM - System Checkpoint
RP764: 9/24/2013 5:41:03 PM - System Checkpoint
RP765: 9/25/2013 6:37:49 PM - System Checkpoint
RP766: 9/26/2013 7:37:51 PM - System Checkpoint
RP767: 9/27/2013 9:31:01 PM - System Checkpoint
RP768: 9/28/2013 9:37:54 PM - System Checkpoint
RP769: 9/30/2013 12:23:34 AM - System Checkpoint
RP770: 10/1/2013 12:48:11 AM - System Checkpoint
RP771: 10/2/2013 1:48:13 AM - System Checkpoint
RP772: 10/3/2013 2:48:09 AM - System Checkpoint
.
==== Installed Programs ======================
.
123 Movies2iPod uninstall
1400
1400_Help
1400Trb
32 Bit HP CIO Components Installer
ABBYY FineReader 9.0 Sprint
AC3Filter (remove only)
Acrobat.com
Acronis True Image Home
ActiveReports for .NET 3.0
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Agere Systems PCI-SV92PP Soft Modem
AIM 7
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bingo Track
BlackBerry Desktop Software 7.1
Bonjour
Broadcom Management Programs
Broadcom NetXtreme Ethernet Controller
BufferChm
CameraDrivers
CodeSite 3.0.1 Client Tools
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports for Visual Studio
CueTour
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
Dotfuscator Software Services - Community Edition
Download Updater (AOL LLC)
DownloadTerms
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
EPSON Scan
EPSON TWAIN 5
Fax
Fax_CDA
ffdshow v1.1.3996 [2011-10-13]
FullDPAppQFolder
Google Chrome
Google Update Helper
Graphic Workshop Professional
Hewlett-Packard ACLM.NET v1.1.0.0
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2813041)
Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2813041)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Game Console and games
HP Games 3.43.97
HP Imaging Device Functions 6.0
HP LaserJet Enterprise 500 color M551
HP My Display
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Rhapsody
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPLaserJetEnterprise500colorM551_HelpLearnCenter
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareAlert
InstantShareDevices
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
InterActual Player
Ipswitch WS_FTP 12
Java 7 Update 11
Java Auto Updater
Junk Mail filter update
Knowledge Xpert
Knowledge Xpert for Oracle Administration
Knowledge Xpert for PLSQL
Knowledge Xpert Oracle Common
KODAK Share Button App
LightScribe  1.4.62.1
Linksys VPN Client
LSI PCI-SV92PP Soft Modem
Malwarebytes Anti-Malware version 1.75.0.1300
MCE Configuration Reset
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET 2.0 AJAX Extensions 1.0
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Easy Assist v2
Microsoft Help Viewer 1.1
Microsoft IntelliPoint 5.4
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Software Update for Web Folders  (English) 14
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft VC90 CRT + OMP
Microsoft Visual C++  Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2005 Web Deployment Projects
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSDN Library for Visual Studio 2005
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
MySpaceIM
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
NVIDIA Control Panel 310.70
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.11.3
NVIDIA Update Components
OBD-PC Link
Octoshape add-in for Adobe Flash Player
OptionalContentQFolder
Oracle Data Provider for .NET Help
PanoStandAlone
PhotoGallery
PowerChute Personal Edition 3.0.2
ProductContext
PS2
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quest Application Integration Tool
Quest Installer
Quest Software Toad for Data Analysts 2.5
Quest SQL Optimizer 7.4.1 for Oracle Trial
Quest SQL Optimizer for Oracle
Quest SQL Optimizer for Oracle Common
Quest SQL Tuning for Oracle
QuickBooks Pro 2008
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Report Magic 2.20
Scan
ScannerCopy
SDK
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2251481)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2538218)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB2548826)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Service Pack 3 for SQL Server 2008 (KB2546951)
SetIP
SkinsHP1
Snood for Windows version 3.52-W
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic_PrimoSDK
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Status
Suite Specific
SupportSoft Assisted Service
swMSM
Symantec Endpoint Protection
SyncThru Web Admin Service
TeamViewer 6
TiVme Software
TMPGEnc DVD Author 1.5
Toad for Oracle
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972221)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
UrlScan 2.5
VideoCap ActiveX Control
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VSIP Interop Assembly Redist
WCF RIA Services V1.0 SP1
Web Deployment Tool
WebFldrs XP
WebReg
WinAVI Video Converter
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Tanks
XML Paper Specification Shared Components Pack 1.0
Yahoo! Internet Mail
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 4:23:13 PM, error: Schannel [36871]  - A fatal error occurred while creating an SSL server credential.
9/29/2013 7:05:19 AM, error: EventLog [6004]  - A driver packet received from the I/O subsystem was invalid.  The data is the packet.
9/29/2013 6:31:39 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/29/2013 6:31:21 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx86 eeCtrl Fips ftsata2 i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI SysPlant Tcpip
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error:  The dependency service or group failed to start.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 6:31:21 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/29/2013 6:30:45 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/29/2013 6:08:50 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ftsata2 i8042prt
9/29/2013 6:08:20 PM, error: Service Control Manager [7023]  - The Intel® Quick Resume Technology Drivers service terminated with the following error:  The system cannot find the file specified.
9/29/2013 11:48:08 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ftsata2 i8042prt iaStor IntelIde SI3112 ViaIde
9/29/2013 11:46:29 PM, error: Service Control Manager [7023]  - The Intel® Quick Resume Technology Drivers service terminated with the following error:  The system cannot find the file specified.
9/29/2013 1:57:15 PM, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
9/29/2013 1:57:15 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\system32\TAPI32.dll. Reference error message: The operation completed successfully. .
.
==== End Of File ===========================

 

Link to post
Share on other sites

RogueKiller:

 

RogueKiller V8.7.1 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 10/03/2013 21:31:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\Parameters : NameServer (68.9.16.30 68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{2378654A-0EAD-4AC9-A0D6-9C1651306D08} : NameServer (68.9.16.30,68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{FCF2138F-70D1-4989-B1E5-8E1108C6D56D} : NameServer (68.9.16.30,68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\Parameters : NameServer (68.9.16.30 68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{2378654A-0EAD-4AC9-A0D6-9C1651306D08} : NameServer (68.9.16.30,68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{FCF2138F-70D1-4989-B1E5-8E1108C6D56D} : NameServer (68.9.16.30,68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CS003\[...]\Parameters : NameServer (68.9.16.30 68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CS003\[...]\{2378654A-0EAD-4AC9-A0D6-9C1651306D08} : NameServer (68.9.16.30,68.13.16.30) -> FOUND
[DNS][PUM] HKLM\[...]\CS003\[...]\{FCF2138F-70D1-4989-B1E5-8E1108C6D56D} : NameServer (68.9.16.30,68.13.16.30) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x8A99C9D0)
[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x8A999688)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x8A90AAE0)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x8A1EA8F0)
[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x8B19A1F0)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x8A8FB858)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x8A1EA710)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x8A968678)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x8A1EA9D0)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x8A99E7C0)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x8A957990)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x8A8FB948)
[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x8A99C910)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8B0FF0B8)
[Address] SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x8A9DC3D8)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x8A8FB778)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x8A968D70)
[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x8B478D38)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x8A1EAE68)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x8A940590)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x8A1EA800)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x8A94C800)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x8A92A7D8)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x8A92A898)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x8A1EAD20)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x8A1EAF48)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x8A94C0A8)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x8B4C94C8)
[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x8A809458)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x8A9BB770)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x8A80C938)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A960A50)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8B100878)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A0B4340)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A1A3A10)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A0A91B0)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A0A21B8)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A0A51B8)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A0A31F8)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A0DFEE8)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A0AA1E8)
[inline] EAT @explorer.exe (NtCreateFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0440)
[inline] EAT @explorer.exe (NtCreateKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A047C)
[inline] EAT @explorer.exe (NtCreateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04B8)
[inline] EAT @explorer.exe (NtDeleteFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04F4)
[inline] EAT @explorer.exe (NtDeleteKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0620)
[inline] EAT @explorer.exe (NtDeleteValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0530)
[inline] EAT @explorer.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A056C)
[inline] EAT @explorer.exe (NtOpenFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05A8)
[inline] EAT @explorer.exe (NtOpenKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05E4)
[inline] EAT @explorer.exe (NtRenameKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A065C)
[inline] EAT @explorer.exe (NtSetInformationFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0698)
[inline] EAT @explorer.exe (NtSetValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A06D4)
[inline] EAT @explorer.exe (NtTerminateProcess) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0710)
[inline] EAT @explorer.exe (NtTerminateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A074C)
[inline] EAT @explorer.exe (ZwCreateFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0440)
[inline] EAT @explorer.exe (ZwCreateKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A047C)
[inline] EAT @explorer.exe (ZwCreateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04B8)
[inline] EAT @explorer.exe (ZwDeleteFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04F4)
[inline] EAT @explorer.exe (ZwDeleteKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0620)
[inline] EAT @explorer.exe (ZwDeleteValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0530)
[inline] EAT @explorer.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A056C)
[inline] EAT @explorer.exe (ZwOpenFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05A8)
[inline] EAT @explorer.exe (ZwOpenKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05E4)
[inline] EAT @explorer.exe (ZwRenameKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A065C)
[inline] EAT @explorer.exe (ZwSetInformationFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0698)
[inline] EAT @explorer.exe (ZwSetValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A06D4)
[inline] EAT @explorer.exe (ZwTerminateProcess) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0710)
[inline] EAT @explorer.exe (ZwTerminateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A074C)
[inline] EAT @firefox.exe (NtCreateFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0440)
[inline] EAT @firefox.exe (NtCreateKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A047C)
[inline] EAT @firefox.exe (NtCreateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04B8)
[inline] EAT @firefox.exe (NtDeleteFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04F4)
[inline] EAT @firefox.exe (NtDeleteKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0620)
[inline] EAT @firefox.exe (NtDeleteValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0530)
[inline] EAT @firefox.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05290048)
[inline] EAT @firefox.exe (NtOpenFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05A8)
[inline] EAT @firefox.exe (NtOpenKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05E4)
[inline] EAT @firefox.exe (NtRenameKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A065C)
[inline] EAT @firefox.exe (NtSetInformationFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0698)
[inline] EAT @firefox.exe (NtSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x0529012A)
[inline] EAT @firefox.exe (NtSetValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A06D4)
[inline] EAT @firefox.exe (NtTerminateProcess) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0710)
[inline] EAT @firefox.exe (NtTerminateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A074C)
[inline] EAT @firefox.exe (ZwCreateFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0440)
[inline] EAT @firefox.exe (ZwCreateKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A047C)
[inline] EAT @firefox.exe (ZwCreateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04B8)
[inline] EAT @firefox.exe (ZwDeleteFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A04F4)
[inline] EAT @firefox.exe (ZwDeleteKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0620)
[inline] EAT @firefox.exe (ZwDeleteValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0530)
[inline] EAT @firefox.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x05290048)
[inline] EAT @firefox.exe (ZwOpenFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05A8)
[inline] EAT @firefox.exe (ZwOpenKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A05E4)
[inline] EAT @firefox.exe (ZwRenameKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A065C)
[inline] EAT @firefox.exe (ZwSetInformationFile) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0698)
[inline] EAT @firefox.exe (ZwSetInformationProcess) : ntdll.dll -> HOOKED (Unknown @ 0x0529012A)
[inline] EAT @firefox.exe (ZwSetValueKey) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A06D4)
[inline] EAT @firefox.exe (ZwTerminateProcess) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A0710)
[inline] EAT @firefox.exe (ZwTerminateThread) : ntdll.dll -> HOOKED (C:\WINDOWS\System32\SYSFER.DLL @ 0x609A074C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
192.168.10.16 DATABASE-WIN7
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721050CLA362 +++++
--- User ---
[MBR] c9807f4f2c01c6671d289767c942ddaa
[bSP] 95995de672d4457588506fd3fcbc1b1f : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 459437 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 940927050 | Size: 17500 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10032013_213104.txt >>
 

Link to post
Share on other sites

First remove these from your Trusted Zone:

http://www.howtogeek.com/howto/windows-vista/backup-and-restore-internet-explorers-trusted-sites-list/

Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.storageguardsoft.com

-------------------------------------------------------------

Then.........will run some scans:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

No logs in c:\, bunch of stuff in c:\Qoobox.

 

Directory of C:\Qoobox

10/04/2013  10:08    <DIR>          .
10/04/2013  10:08    <DIR>          ..
10/04/2013  08:42    <DIR>          BackEnv
10/04/2013  09:00    <DIR>          LastRun
10/04/2013  09:03    <DIR>          Quarantine
10/04/2013  08:35    <DIR>          Test
10/04/2013  08:35    <DIR>          TestC
               1 File(s)              0 bytes
               7 Dir(s)  213,815,099,392 bytes free

Link to post
Share on other sites

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

OK....Next:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

AdwCleaner log (running Malwarebytes quickscan now):

 

# AdwCleaner v3.006 - Report created 04/10/2013 at 12:03:21
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - DELL-1440N-2
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Viewpoint Manager Service

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\tuguu sl
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Common Files\Viewpoint
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DownloadTerms
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
File Deleted : C:\Documents and Settings\All Users\Desktop\eBay.lnk
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\funmoods-speeddial.crx
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\npasxf2e.default\\invalidprefs.js
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\npasxf2e.default\searchplugins\search-the-web.xml
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\npasxf2e.default\searchplugins\vafmusic2-customized-web-search.xml
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\npasxf2e.default\user.js
File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Desk 365
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\npasxf2e.default\prefs.js ]

Line Deleted : user_pref("CT3294791_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379071563436,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hmpg", true);

Line Deleted : user_pref("extensions.funmoods.id", "001731111393AE97");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15604");
Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:3:27");
Line Deleted : user_pref("smartbar.machineId", "PI8PG3DQCK4AYELI/QTPIDP3U+IGKF/3IGON5++OW6T+CVCENBIGBX4ZOZQJIMQZLXWJXKIIEDX+HCRAQU51EQ");

[ File : C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\feat18c5.default\prefs.js ]


[ File : C:\Documents and Settings\ScottSr\Application Data\Mozilla\Firefox\Profiles\cqjhvsl3.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [14068 octets] - [04/10/2013 12:00:50]
AdwCleaner[s0].txt - [13929 octets] - [04/10/2013 12:03:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13990 octets] ##########
 

Link to post
Share on other sites

MalwareBytes scan complete, no issues found.  The system appears to be operating normally.  Thank you for all your help.

 

The log is below:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.29.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: DELL-1440N-2 [administrator]

10/4/2013 12:14:37
mbam-log-2013-10-04 (12-14-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 392893
Time elapsed: 40 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Great......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Done, here's the log:

 

Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Symantec Endpoint Protection   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Spybot - Search & Destroy
 Windows Defender    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 1.99.1    
 Java 7 Update 11  
 Java version out of Date!
 Adobe Flash Player     11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 11 <--------please update, should be Update 40
Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------------

Adobe Reader 10.1.8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

---------------------------------

Google Chrome 29.0.1547.66
Google Chrome 29.0.1547.76


Please update Google Chrome, should be Version 30.0.1599.69

Open up Chrome > Click on the 3 bars in the upper right hand corner
Click on About Google Chrome
If there's an update available it will automatically update

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.