Wow. This is terrible. The most malicous virus I've ever seen...
I downloaded a file, not so suspiceus. Since it was .exe file, and to be sure - I scanned it with my AV (KIS 7.0 - Kaspersky Internet Security)
The file came out clean. I clicked on it, and for a moment - nothing happend.THEN - the storm begin...
Kaspersky pops up with a message about this file changing somthing (dont remmeber exactly what). I immedietly clicked on 'Terminate'.
Then I got another pop-up from KIS, about that I should roll-back to the state it was b4 the file was exuctable. Of course, I choosed 'Roll-back'
Then, all of a sudden - my PC began to shot itself down. It closed all the programs, and seems to do a complete shot-down.I reseted it just to find out:
When I log-on to Win - KIS won't load up as it use to do. Just missing from the background. wont work anz more.
When I tried to operate it manually by clicking on the avp.exe file - ive got a message - this file is not legal in win32 - or something like that...
When I tried to search the internet for HiJackThis - Just writing this word in the explorer - cause the explorer to crash, no matter if it was IE, FF, or even Maxthon.
When I tried to load the PC in SAFE MODE - it crashed and started over again. Non-Safe mode works just fine.
When I Alt-Ctrl-Del - I found somtimes wired filenames appearing for seconds, like 2423235.exeAnyway - I manage to load the PC through old-german-rescuse-disc I found in my home, called Windows-XP-Virus-Editon.
I scanned the PC with AntiVir & BitDefender, both updated virus sign., but came out with nothing.
More than that - When I scanned with SpyBotS&D- After 10 sec the scan was stopped, claiming User Aborted - Even I didnt touched anything!!I consider myself as someone who something or two about computers, and mangaed to handle complicated situtations, but this time its seems that im in real ****.
Any Help on how to move on will most appriciate!!
Do not restart the computer once you run Rkill or the baddie will restart. You may need to download these to a usb drive or cd and run it on the infected computer but first try to run it from the infected computer.
Please download Rkill from the following link.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next reply.
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Please download Malwarebytes' Anti-Malware from one of these sites:Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.
1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.Please run RSIT.exe by random/random and post its logs.
Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.
1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.
Allrighty then. Lets go to work. So: 1. Rkill just opens Cmd line, and writes:
"Terminating known malware processes. Please be patient." then its closed. No help over there..2. exeHelper Log:
exeHelper by Raktor Build 20091220 Run at 19:30:32 on 01/03/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--3. Mbam - Hey, I got the same problem as HiJackThis. Can't even d/l it.
(The first link cause my IE to crush, secnod is the same. If I right-clicked and trying to Save As - I got HTML page..)4. RSIT logs:
log.txt:Logfile of random's system information tool 1.06 (written by random/random) Run by איציק at 2010-01-03 19:40:01 Microsoft Windows XP Professional Service Pack 3 System drive C: has 63 GB (53%) free of 117 GB Total RAM: 1534 MB (65% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\User_Feed_Synchronization-{85CEB32C-C352-4797-BAC4-DBA4267C1DDA}.job C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-03 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-03 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f228c6a4-a593-4017-944c-4e7958fb3177}] Radio G Toolbar - C:\Program Files\Radio_G\tbRad0.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {f228c6a4-a593-4017-944c-4e7958fb3177} - Radio G Toolbar - C:\Program Files\Radio_G\tbRad0.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2010-01-03 218376] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2009-12-21 611712] "UIUCU"=C:\DOCUME~1\262D~1\LOCALS~1\Temp\UIUCU.EXE [2003-10-30 532480] "Fax Machine"= [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-03 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2004-04-17 863232] "uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-11-27 289584] "Zeldar"=C:\DOCUME~1\262D~1\LOCALS~1\Temp\c.exe [] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2010-01-03 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2007-06-28 206088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableCMD"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 "DisableTaskMgr"=0 "DisableCMD"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 "NoFolderOptions"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoSetActiveDesktop"= "NoActiveDesktopChanges"= "NoFolderOptions"= "NoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" ======List of files/folders created in the last 1 months====== 2010-01-03 19:40:01 ----D---- C:\rsit 2010-01-03 19:40:01 ----D---- C:\Program Files\trend micro 2010-01-03 18:57:03 ----D---- C:\WINDOWS\Sun 2010-01-03 18:54:57 ----A---- C:\WINDOWS\system32\javaws.exe 2010-01-03 18:54:57 ----A---- C:\WINDOWS\system32\javaw.exe 2010-01-03 18:54:57 ----A---- C:\WINDOWS\system32\java.exe 2010-01-03 18:54:57 ----A---- C:\WINDOWS\system32\deploytk.dll 2010-01-03 18:54:23 ----D---- C:\Program Files\Java 2010-01-03 18:50:57 ----D---- C:\Documents and Settings\איציק\Application Data\Sun 2010-01-03 18:07:47 ----D---- C:\Program Files\NortonInstaller 2010-01-03 18:07:47 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller 2010-01-03 17:59:40 ----D---- C:\Program Files\ESET 2010-01-03 17:53:08 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-01-03 17:53:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-03 12:42:44 ----HD---- C:\WINDOWS\PIF 2010-01-03 12:33:37 ----HD---- C:\Documents and Settings\איציק\Application Data\m 2010-01-03 12:22:02 ----A---- C:\WINDOWS\ban_list.txt 2010-01-03 12:19:06 ----D---- C:\WINDOWS\LastGood.Tmp 2010-01-03 12:14:23 ----HD---- C:\Documents and Settings\איציק\Application Data\drivers 2010-01-03 11:18:08 ----D---- C:\Program Files\Microsoft ActiveSync 2009-12-28 19:59:29 ----D---- C:\Documents and Settings\איציק\Application Data\Help 2009-12-28 00:39:25 ----A---- C:\WINDOWS\cdsetup.INI 2009-12-28 00:21:56 ----A---- C:\WINDOWS\InfModM.ini 2009-12-28 00:21:09 ----A---- C:\WINDOWS\ModemLog_SoftV90 Voice Speakerphone Modem.txt 2009-12-28 00:20:26 ----A---- C:\WINDOWS\wgedit.ini 2009-12-28 00:20:08 ----D---- C:\Program Files\PhoneTools 2009-12-27 22:59:51 ----A---- C:\WINDOWS\IsUninst.exe 2009-12-27 22:04:23 ----D---- C:\Program Files\MSXML 4.0 2009-12-27 12:20:57 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-27 06:37:03 ----D---- C:\Program Files\Windows Sidebar 2009-12-27 06:31:12 ----D---- C:\Program Files\Nero 2009-12-27 04:24:18 ----D---- C:\Documents and Settings\איציק\Application Data\Nero 2009-12-27 04:03:49 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2009-12-27 04:03:48 ----D---- C:\Program Files\Common Files\Nero 2009-12-27 03:45:08 ----A---- C:\WINDOWS\system32\CSMTPAPI.DLL 2009-12-27 03:45:08 ----A---- C:\WINDOWS\system32\CSMSGAPI.DLL 2009-12-27 03:45:07 ----A---- C:\WINDOWS\system32\MSVCR71.DLL 2009-12-27 03:45:07 ----A---- C:\WINDOWS\system32\MSVCP71.DLL 2009-12-27 03:45:06 ----A---- C:\WINDOWS\system32\mdmparm.dll 2009-12-27 03:45:04 ----A---- C:\WINDOWS\system32\FMjr10.dll 2009-12-27 03:45:04 ----A---- C:\WINDOWS\system32\ClassXps.dll 2009-12-27 03:45:03 ----A---- C:\WINDOWS\system32\TWNPRO3.DLL 2009-12-27 03:45:03 ----A---- C:\WINDOWS\system32\TWNLIB3.DLL 2009-12-27 03:45:03 ----A---- C:\WINDOWS\system32\ClassX.dll 2009-12-27 03:45:00 ----D---- C:\Program Files\Fax Machine 2009-12-27 03:40:17 ----D---- C:\cabs 2009-12-26 23:51:51 ----D---- C:\Documents and Settings\איציק\Application Data\dvdcss 2009-12-26 22:39:08 ----D---- C:\PTPManual 2009-12-21 13:52:43 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet 2009-12-21 12:55:06 ----D---- C:\Program Files\Common Files\Macrovision Shared 2009-12-17 21:55:43 ----D---- C:\Documents and Settings\איציק\Application Data\Mozilla 2009-12-17 21:55:29 ----D---- C:\Program Files\Mozilla Firefox 2009-12-17 21:48:33 ----D---- C:\Documents and Settings\איציק\Application Data\MxBoost 2009-12-17 21:47:58 ----D---- C:\Program Files\Maxthon2 2009-12-16 16:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-16 16:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2009-12-16 16:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-16 16:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-16 16:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-16 16:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ ======List of files/folders modified in the last 1 months====== 2010-01-03 19:40:01 ----RD---- C:\Program Files 2010-01-03 19:39:46 ----D---- C:\Temp 2010-01-03 19:34:45 ----D---- C:\WINDOWS\Temp 2010-01-03 19:03:53 ----D---- C:\Program Files\eMule 2010-01-03 18:57:06 ----SHD---- C:\WINDOWS\Installer 2010-01-03 18:57:03 ----D---- C:\WINDOWS 2010-01-03 18:54:57 ----D---- C:\WINDOWS\system32 2010-01-03 18:30:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2010-01-03 18:22:39 ----D---- C:\WINDOWS\system32\drivers 2010-01-03 17:59:43 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-03 17:52:27 ----D---- C:\WINDOWS\Prefetch 2010-01-03 17:47:28 ----D---- C:\Documents and Settings\איציק\Application Data\uTorrent 2010-01-03 17:47:08 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-03 13:16:52 ----D---- C:\Documents and Settings\איציק\Application Data\vlc 2010-01-03 12:24:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-03 12:18:23 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2010-01-03 11:19:48 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-03 11:19:41 ----HD---- C:\WINDOWS\inf 2010-01-03 11:18:10 ----D---- C:\WINDOWS\Help 2010-01-03 11:18:09 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-01-02 18:49:12 ----D---- C:\Program Files\SpeedFan 2010-01-01 08:40:46 ----A---- C:\mashovdata.txt 2010-01-01 08:38:16 ----D---- C:\Program Files\Mashov 2009-12-27 23:26:13 ----D---- C:\Program Files\Common Files\Adobe 2009-12-27 22:04:35 ----D---- C:\WINDOWS\WinSxS 2009-12-27 18:22:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-12-27 04:03:48 ----D---- C:\Program Files\Common Files 2009-12-23 09:59:20 ----D---- C:\Documents and Settings\איציק\Application Data\Adobe 2009-12-21 23:58:41 ----D---- C:\Program Files\Adobe 2009-12-21 23:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-12-21 13:05:56 ----RSD---- C:\WINDOWS\Fonts 2009-12-20 22:21:27 ----SD---- C:\WINDOWS\Tasks 2009-12-16 19:54:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-16 19:53:07 ----D---- C:\WINDOWS\AppPatch 2009-12-16 19:53:07 ----D---- C:\Program Files\Internet Explorer 2009-12-16 16:11:21 ----A---- C:\WINDOWS\imsins.BAK 2009-12-16 16:11:09 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-10 01:11:19 ----SD---- C:\Documents and Settings\איציק\Application Data\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 39936] R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2004-08-28 33995] R1 sK9Ou0s;sK9Ou0s; \??\C:\WINDOWS\system32\srosa2.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-04-13 11868] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-13 700928] R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2008-04-13 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2008-04-13 220032] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2008-04-13 685056] S1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 a9ljrzua;a9ljrzua; C:\WINDOWS\system32\drivers\a9ljrzua.sys [] S3 a9ljrzua;a9ljrzua; C:\WINDOWS\system32\drivers\a9ljrzua.sys [] S3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-03 153376] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2010-01-03 218376] S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-21 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
info.txt:
info.txt logfile of random's system information tool 1.06 2010-01-03 19:40:09 ======Uninstall list====== -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A} Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS4 Support-->MsiExec.exe /I{F3516236-39D6-408B-8B74-FF3CC820D1F9} Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\d294333b24d5fce391218703a8cf24f\Setup.exe --uninstall=1 Adobe Photoshop CS4-->MsiExec.exe /I{5D701497-6FF2-4C66-B2CF-5999F8F952B7} Adobe Photoshop CS4-->MsiExec.exe /I{73EA5E4D-7C65-48DC-91C9-7B20A6BC6FAF} Adobe Reader 9.1 - Hebrew-->MsiExec.exe /I{AC76BA86-7AD7-1037-7B44-A91000000001} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{A9D76B5B-4E7F-4E75-A211-604DDE6C1D40} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{78C2BDCD-79EB-4151-A113-C06E9A9678D6} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D} BSPlayer-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe" Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} CoreAVC Professional Edition (remove only)-->"C:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe" Data Access Objects (DAO) 3.5-->C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL1.isu DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF} ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Fax Machine 4.33-->"C:\Program Files\Fax Machine\unins000.exe" GetRight-->C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Intel(R) PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1 Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} K-Lite Codec Pack 5.4.4 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} Maxthon2-->C:\Program Files\Maxthon2\MaxthonUINST.exe Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040D-0000-0000000FF1CE} /uninstall {C4FDF834-B4AF-4B5E-8901-5146204B58CC} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-040D-0000-0000000FF1CE} /uninstall {A5B40B57-F7E1-4C88-A3A4-D1E1C07F023F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-0015-040D-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-0016-040D-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-0114-040D-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-0044-040D-0000-0000000FF1CE} Microsoft Office OneNote MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-00A1-040D-0000-0000000FF1CE} Microsoft Office Outlook MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-001A-040D-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-0018-040D-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Hebrew) 2007-->MsiExec.exe /X{90120000-001F-040D-0000-0000000FF1CE} Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE} Microsoft Office Proofing (Hebrew) 2007-->MsiExec.exe /X{90120000-002C-040D-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040D-0000-0000000FF1CE} /uninstall {D51DB996-6D46-4195-B495-5E96F61A3CB9} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {57A92C5E-E76A-49CC-9EC2-A7B6CE1255EA} Microsoft Office Publisher MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-0019-040D-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-006E-040D-0000-0000000FF1CE} Microsoft Office Word MUI (Hebrew) 2007-->MsiExec.exe /X{90120000-001B-040D-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0} Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL" Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3} Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C} Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139} Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF} Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F} Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2} NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8} NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Outlook Express Quick Backup-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Outlook Express Quick Backup\ST6UNST.LOG" PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} PhoneTools-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PhoneTools\Uninst.isu" -c"C:\Program Files\PhoneTools\uninst.dll Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} Radio_G Toolbar-->C:\PROGRA~1\Radio_G\UNWISE.EXE /U C:\PROGRA~1\Radio_G\INSTALL.LOG Responsa CD14-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B263BCE-F0D6-4B84-83DC-BF4C699BF3DA}\SETUP.EXE" -l0x9 -uninst Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Suite Shared Configuration CS4-->MsiExec.exe /I{3D45A3B6-BC6D-4F7A-B311-2C4773530D68} The Torah Bookshelf-->C:\WINDOWS\iun506.exe C:\Program Files\The Torah Bookshelf\irunin.ini TLN eMule Booster MOD-->"C:\WINDOWS\TLN eMule Booster MOD\uninstall.exe" "/U:C:\Program Files\eMule\irunin.xml" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0} VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" WinSoftME-->MsiExec.exe /I{304C91E3-C95D-4785-8EA8-5AAAA88FA3B4} ארכיונר WinRAR-->C:\Program Files\WinRAR\uninstall.exe מנבסון 4.1-->"C:\Program Files\מנבסון\unins000.exe" עדכון אבטחה עבור Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" עדכון אבטחה עבור Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" עדכון אבטחה עבור Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" עדכון אבטחה עבור Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" עדכון עבור Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe" עדכון עבור Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" עדכון עבור Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" תיקון חם עבור Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" תיקון חם עבור Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" תיקון חם עבור Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" תיקון חם עבור Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" תיקון חם עבור Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 activate.adobe.com ======Security center information====== AV: Kaspersky Internet Security FW: Kaspersky Internet Security ======System event log====== Computer Name: BACKS Event Code: 1002 Message: The IP address lease 10.0.0.1 for the Network Card with network address 000CF1C03394 has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message). Record Number: 213 Source Name: Dhcp Time Written: 20091117140501.000000+120 Event Type: error User: Computer Name: BACKS Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: ohci1394 Record Number: 196 Source Name: Service Control Manager Time Written: 20091117140002.000000+120 Event Type: error User: Computer Name: BACKS Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000CF1C03394. The following error occurred: הפעולה בוטלה על-ידי המשתמש. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 195 Source Name: Dhcp Time Written: 20091117135946.000000+120 Event Type: warning User: Computer Name: BACKS Event Code: 1007 Message: Your computer has automatically configured the IP address for the Network Card with network address 000CF1C03394. The IP address being used is 169.254.207.55. Record Number: 185 Source Name: Dhcp Time Written: 20091117000428.000000+120 Event Type: warning User: Computer Name: BACKS Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 000CF1C03394. The following error occurred: פגה תקופת פסק הזמן של הסמאפור. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 183 Source Name: Dhcp Time Written: 20091117000426.000000+120 Event Type: warning User: =====Application event log===== Computer Name: BACKS Event Code: 60 Message: ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001 Record Number: 394 Source Name: WinMgmt Time Written: 20091202224120.000000+120 Event Type: warning User: Computer Name: BACKS Event Code: 1000 Message: תקלה ביישום , גירסה 0.0.0.0, תקלה במודול ntdll.dll, גירסה 5.1.2600.5755, כתובת התקלה 0x000012b0. Record Number: 391 Source Name: Application Error Time Written: 20091202223614.000000+120 Event Type: error User: Computer Name: BACKS Event Code: 1002 Message: יישום לא מגיב Mashov.exe, גירסה 1.0.0.0, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Record Number: 352 Source Name: Application Hang Time Written: 20091129140836.000000+120 Event Type: error User: Computer Name: BACKS Event Code: 1004 Message: תקלה ביישום winlogon.exe, גירסה 0.0.0.0, תקלה במודול ntdll.dll, גירסה 5.1.2600.5755, כתובת התקלה 0x000012b0. Record Number: 351 Source Name: Application Error Time Written: 20091129085831.000000+120 Event Type: error User: Computer Name: BACKS Event Code: 60 Message: ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001 Record Number: 350 Source Name: WinMgmt Time Written: 20091129083814.000000+120 Event Type: warning User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0303 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------
Did you rename malwarebytes before you downloaded it If not go to add/remove programs and uninstall it then redownload and rename it before you download it. If Malwarebytes installed but will not run navigate to this folder:
C:\Programs Files\Malwarebytes' AntiMalware
Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.
Also try Hijack This in this similar manner.
Download the "HijackThis" Installer from this link:
Hijack ThisRename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
Ad Choices