Inactive Crawler

jacott · 2012/03/15

[Inactive] Crawler

Details you requested as follows:
Malware/Virus Removal

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME-AAE6C65E95 [administrator]

Protection: Disabled

12/03/2012 16:05:14
mbam-log-2012-03-12 (16-05-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314561
Time elapsed: 2 hour(s), 48 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-14 16:49:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAJB-00J3A0 rev.01.03E01
Running: x1vs2xum[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afwcrfoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwAllocateUserPhysicalPages [0xED5B6FAA]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwAllocateVirtualMemory [0xED5AFE1E]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwAreMappedFilesTheSame [0xED5B70BD]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAssignProcessToJobObject [0xF74FF7E0]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwCreateKey [0xED5B05F4]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwCreateProcess [0xED5B09C8]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwCreateSection [0xED5B0B27]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwCreateThread [0xF74FF860]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwDebugActiveProcess [0xF74FF6E0]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwDeleteKey [0xED5B1045]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwDeleteValueKey [0xED5B1133]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwDuplicateObject [0xF74FF440]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwExtendSection [0xED5B1548]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwMapUserPhysicalPages [0xED5B777D]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwMapViewOfSection [0xED5B2023]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwOpenProcess [0xED5B26B3]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwOpenSection [0xED5B27BC]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwOpenThread [0xF74FFAF0]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwProtectVirtualMemory [0xED5B2D04]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwQuerySection [0xED5B3A1F]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwReadVirtualMemory [0xED5B4488]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwRenameKey [0xED5D3004]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwReplaceKey [0xED5B472A]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwSetContextThread [0xF74FF760]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwSetInformationKey [0xED5B5121]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwSetInformationProcess [0xED5B523D]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwSetValueKey [0xED5B5A07]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwSystemDebugControl [0xF74FFEA0]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwTerminateProcess [0xED5B5E41]
SSDT WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwTerminateThread [0xF74FF970]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwUnmapViewOfSection [0xED5B61AD]
SSDT \SystemRoot\system32\DRIVERS\NSKernel.sys (NovaShield Kernel Module /NovaShield, Inc.) ZwWriteVirtualMemory [0xED5B66B5]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 88 804E26F4 1 Byte [AA]
.text ntoskrnl.exe!_abnormal_termination + 90 804E26FC 12 Bytes [1E, FE, 5A, ED, BD, 70, 5B, ...]
.text ntoskrnl.exe!_abnormal_termination + 108 804E2774 2 Bytes [C8, 09]
.text ntoskrnl.exe!_abnormal_termination + 10B 804E2777 1 Byte [ED]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017420 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 10017360 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 100172F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 100170E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D9E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017200 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10017160 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 100172A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DAA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 100170A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000DA20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 100171B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 10016D90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10017120 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 10017250 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016CA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012F10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10015F90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[540] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100186C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\WINDOWS\Explorer.EXE[736] SHLWAPI.dll!SHIsLowMemoryMachine + 6E02 77FBDD0B 5 Bytes JMP 10012CF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtAdjustPrivilegesToken 7C90CF0E 5 Bytes JMP 1000D910 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtAssignProcessToJobObject 7C90CF8E 5 Bytes JMP 10006FC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtConnectPort 7C90D04E 5 Bytes JMP 1000DF60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtCreateEvent 7C90D08E 5 Bytes JMP 10017BF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtCreateMutant 7C90D10E 5 Bytes JMP 10017C60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtCreatePort 7C90D13E 5 Bytes JMP 1000DD70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 10016E10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtCreateSemaphore 7C90D18E 5 Bytes JMP 10017CC0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 10006FA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtDelayExecution 7C90D20E 5 Bytes JMP 10017E50 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtDeleteKey 7C90D24E 5 Bytes JMP 10007040 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtDeleteValueKey 7C90D26E 5 Bytes JMP 10007020 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes JMP 1000D8D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtMakeTemporaryObject 7C90D4EE 5 Bytes JMP 10016DE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtOpenEvent 7C90D57E 5 Bytes JMP 10017D90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtOpenMutant 7C90D5DE 5 Bytes JMP 10017D30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtOpenProcess 7C90D5FE 5 Bytes JMP 10016F70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtOpenSemaphore 7C90D63E 5 Bytes JMP 10017DF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtOpenThread 7C90D65E 5 Bytes JMP 10006F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10006F80 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtRequestPort 7C90DACE 5 Bytes JMP 1000DDE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtRequestWaitReplyPort 7C90DADE 5 Bytes JMP 1000DFA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtSecureConnectPort 7C90DB7E 5 Bytes JMP 1000DE20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtSetContextThread 7C90DBAE 5 Bytes JMP 10006FE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 10007000 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtShutdownSystem 7C90DDEE 5 Bytes JMP 10017000 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtSystemDebugControl 7C90DE4E 5 Bytes JMP 1000D950 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtTerminateProcess 7C90DE6E 5 Bytes JMP 10012CA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 10006F60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtWaitForMultipleObjects 7C90DF3E 5 Bytes JMP 10017F20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtWaitForSingleObject 7C90DF4E 5 Bytes JMP 10017EA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10006F40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ntdll.dll!CsrClientCallServer 7C912241 5 Bytes JMP 1000DFE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] kernel32.dll!GetTickCount 7C80934A 5 Bytes JMP 10006E90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 10006EB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 1000D8A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017420 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 10017360 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 100172F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 10017570 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 100170E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D9E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017200 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 1000DB00 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10017160 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 100172A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DAA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 100170A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000DA20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 100171B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 10016D40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 10017600 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 10017690 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!MessageBeep 7E431F7B 5 Bytes JMP 1000DA60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10017120 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 10017510 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!MessageBoxTimeoutW 7E466383 5 Bytes JMP 10017470 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 10017250 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016CA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012F10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] GDI32.dll!MaskBlt 77F1A0C1 5 Bytes JMP 10016C10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 10016A60 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 1000D720 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 1000D7E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] GDI32.dll!PlgBlt 77F453B3 5 Bytes JMP 100169D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 100130A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10017930 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 10017750 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 100176F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 100177B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10017870 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 10013120 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!WmiExecuteMethodW 77E2BFB5 7 Bytes JMP 1000DC70 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10017AE0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10017A40 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 10017820 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] RPCRT4.dll!I_RpcSendReceive 77E7A7EB 5 Bytes JMP 1000DCF0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] RPCRT4.dll!NdrSendReceive 77E7A817 5 Bytes JMP 1000DD30 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] RPCRT4.dll!I_RpcSend 77E9FF64 5 Bytes JMP 1000DCB0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] WININET.dll!InternetCloseHandle 3D949098 5 Bytes JMP 1000E0C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] WININET.dll!InternetOpenA 3D95D6B8 5 Bytes JMP 1000E160 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1864] WININET.dll!InternetOpenUrlA 3D95F3CC 5 Bytes JMP 1000E100 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 10017420 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 10017360 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 100172F0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 100170E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 1000D9E0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 100173D0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 1000D990 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 10017200 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 10017160 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 100172A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 1000DAA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 100170A0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 1000DA20 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 100171B0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 10016D90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 10017120 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 10017250 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10016CA0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 10012F10 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10015F90 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100186C0 C:\WINDOWS\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F64B9182] \SystemRoot\system32\DRIVERS\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Tcpip \Device\Ip NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Tcp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Udp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 17:20:27
-----------------------------
17:20:27.062 OS Version: Windows 5.1.2600 Service Pack 3
17:20:27.062 Number of processors: 1 586 0x209
17:20:27.062 ComputerName: HOME-AAE6C65E95 UserName: Owner
17:20:28.765 Initialize success
17:22:19.890 AVAST engine defs: 12031400
17:22:39.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:22:39.843 Disk 0 Vendor: WDC_WD2500AAJB-00J3A0 01.03E01 Size: 238475MB BusType: 3
17:22:40.046 Disk 0 MBR read successfully
17:22:40.046 Disk 0 MBR scan
17:22:40.125 Disk 0 Windows XP default MBR code
17:22:40.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:22:40.390 Disk 0 scanning sectors +488376000
17:22:40.718 Disk 0 scanning C:\WINDOWS\system32\drivers
17:23:42.593 Service scanning
17:24:13.109 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
17:24:16.250 Modules scanning
17:25:06.718 Disk 0 trace - called modules:
17:25:06.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
17:25:07.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8630aab8]
17:25:07.281 3 CLASSPNP.SYS[f7636fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8637c2a0]
17:25:07.281 5 ACPI.sys[f758d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637b940]
17:25:07.984 AVAST engine scan C:\WINDOWS
17:27:06.140 AVAST engine scan C:\WINDOWS\system32
17:43:01.531 AVAST engine scan C:\WINDOWS\system32\drivers
17:44:44.125 AVAST engine scan C:\Documents and Settings\Owner
18:17:15.812 AVAST engine scan C:\Documents and Settings\All Users
18:27:07.546 Scan finished successfully
18:40:39.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat "
18:40:39.531 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt "

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 17:20:27
-----------------------------
17:20:27.062 OS Version: Windows 5.1.2600 Service Pack 3
17:20:27.062 Number of processors: 1 586 0x209
17:20:27.062 ComputerName: HOME-AAE6C65E95 UserName: Owner
17:20:28.765 Initialize success
17:22:19.890 AVAST engine defs: 12031400
17:22:39.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:22:39.843 Disk 0 Vendor: WDC_WD2500AAJB-00J3A0 01.03E01 Size: 238475MB BusType: 3
17:22:40.046 Disk 0 MBR read successfully
17:22:40.046 Disk 0 MBR scan
17:22:40.125 Disk 0 Windows XP default MBR code
17:22:40.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:22:40.390 Disk 0 scanning sectors +488376000
17:22:40.718 Disk 0 scanning C:\WINDOWS\system32\drivers
17:23:42.593 Service scanning
17:24:13.109 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
17:24:16.250 Modules scanning
17:25:06.718 Disk 0 trace - called modules:
17:25:06.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
17:25:07.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8630aab8]
17:25:07.281 3 CLASSPNP.SYS[f7636fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8637c2a0]
17:25:07.281 5 ACPI.sys[f758d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637b940]
17:25:07.984 AVAST engine scan C:\WINDOWS
17:27:06.140 AVAST engine scan C:\WINDOWS\system32
17:43:01.531 AVAST engine scan C:\WINDOWS\system32\drivers
17:44:44.125 AVAST engine scan C:\Documents and Settings\Owner
18:17:15.812 AVAST engine scan C:\Documents and Settings\All Users
18:27:07.546 Scan finished successfully
18:40:39.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat "
18:40:39.531 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt "
18:46:24.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat "
18:46:24.843 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt "

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 17:20:27
-----------------------------
17:20:27.062 OS Version: Windows 5.1.2600 Service Pack 3
17:20:27.062 Number of processors: 1 586 0x209
17:20:27.062 ComputerName: HOME-AAE6C65E95 UserName: Owner
17:20:28.765 Initialize success
17:22:19.890 AVAST engine defs: 12031400
17:22:39.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:22:39.843 Disk 0 Vendor: WDC_WD2500AAJB-00J3A0 01.03E01 Size: 238475MB BusType: 3
17:22:40.046 Disk 0 MBR read successfully
17:22:40.046 Disk 0 MBR scan
17:22:40.125 Disk 0 Windows XP default MBR code
17:22:40.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:22:40.390 Disk 0 scanning sectors +488376000
17:22:40.718 Disk 0 scanning C:\WINDOWS\system32\drivers
17:23:42.593 Service scanning
17:24:13.109 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
17:24:16.250 Modules scanning
17:25:06.718 Disk 0 trace - called modules:
17:25:06.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
17:25:07.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8630aab8]
17:25:07.281 3 CLASSPNP.SYS[f7636fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8637c2a0]
17:25:07.281 5 ACPI.sys[f758d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637b940]
17:25:07.984 AVAST engine scan C:\WINDOWS
17:27:06.140 AVAST engine scan C:\WINDOWS\system32
17:43:01.531 AVAST engine scan C:\WINDOWS\system32\drivers
17:44:44.125 AVAST engine scan C:\Documents and Settings\Owner
18:17:15.812 AVAST engine scan C:\Documents and Settings\All Users
18:27:07.546 Scan finished successfully
18:40:39.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat "
18:40:39.531 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt "
18:46:24.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat "
18:46:24.843 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt "
18:57:48.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat "
18:57:48.515 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt "

jacott · 2012/03/15

Crawler (page 2)

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:06:10 on 2012-03-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.456 [GMT 0:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
FW: BullGuard Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\SvcHost.exe -k BullGuard_Main
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
svchost.exe
C:\WINDOWS\System32\SvcHost.exe -k BullGuard
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bt.yahoo.com/
uWindow Title = Windows Internet Explorer provided by BT Yahoo!
uSearchAssistant =
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=44c2510f000000000000001109456fcc&tlver=1.4.19.14& affID=17163
uURLSearchHooks: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip courier\wzwmcie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
EB: BT Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
uRun: [SpeedUpMyPC] "c:\progra~1\uniblue\speedupmypc\launcher.exe" -d 20000
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe "
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe "
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot
mRun: [EPSON PictureMate] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I0P1.EXE" /P17 "EPSON PictureMate" /O6 "USB003" /M "PictureMate "
mRun: [SoundMan] "SOUNDMAN.EXE "
mRun: [McciTrayApp] "c:\program files\btbb_wcm\McciTrayApp.exe "
mRun: [btbb_wcm_McciTrayApp] "c:\program files\btbb_wcm\McciTrayApp.exe "
mRun: [ "SOUNDMAN] "SOUNDMAN.EXE "
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe "
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp image zone fast start.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kaspersky security scan.lnk - c:\program files\kaspersky security scan\KSS.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip quick pick.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoFolderOption = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\BGLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294755598343
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} - hxxps://s.userzoom.com/s/UserZoom.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{86AF8AD8-19DA-4DC5-8B6D-A12C01203862} : DhcpNameServer = 192.168.1.254
Handler: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIEBHO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-12-17 109584]
R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2011-2-24 64608]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [2011-3-15 789448]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [2011-3-15 19272]
R2 BsBhvScan;BullGuard behavioural detection service;c:\program files\bullguard ltd\bullguard\BullGuardBhvScanner.exe [2011-3-15 338776]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2008-4-14 14336]
R2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-4-14 14336]
R2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-4-14 14336]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-4-14 14336]
R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2008-4-14 14336]
R2 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [2012-2-28 330584]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-27 652360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files\winzip system utilities suite\WINZIPSSDefragSrv.exe [2011-11-25 605512]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-12-17 659032]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-10-12 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-10-12 267624]
R3 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [2011-3-3 288600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-27 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 135664]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 135664]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-3-1 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-3-1 398720]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BgRaSvc;BgRaSvc;c:\program files\bullguard ltd\bullguard\support\BgRaSvc.exe [2011-3-3 125784]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-12 15:58:55 -------- d-----w- C:\Logs
2012-03-12 15:51:03 -------- d-----w- c:\documents and settings\all users\application data\FileCure
2012-03-12 15:50:57 -------- d-----w- c:\program files\ParetoLogic
2012-03-08 17:37:39 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip Courier
2012-03-08 16:48:56 -------- d-----w- c:\documents and settings\all users\application data\WinZipEC
2012-03-08 16:48:47 -------- d-----w- c:\program files\WinZip Courier
2012-03-08 16:48:37 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
2012-03-08 16:48:22 -------- d-----w- c:\program files\Conduit
2012-03-08 16:48:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZipBar
2012-03-08 16:48:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\Conduit
2012-03-08 16:48:10 -------- d-----w- c:\program files\WinZipBar
2012-03-08 14:58:13 -------- d-----w- c:\program files\Kaspersky Security Scan
2012-02-25 20:00:48 -------- d-----w- c:\documents and settings\all users\Uniblue
2012-02-16 18:59:30 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 18:59:30 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-16 18:55:42 -------- d-----w- c:\program files\Lavasoft
.
==================== Find3M ====================
.
2012-03-10 16:02:38 145592 ----a-w- c:\windows\system32\WRusr.dll
2012-03-10 14:11:52 109584 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-02-23 11:07:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-23 11:07:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-20 14:36:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 19:04:34 26112 ----a-w- c:\windows\system32\userinit.exe
2012-02-16 19:06:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 22:55:38 100184 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2011-12-22 16:46:36 82776 ----a-w- c:\windows\system32\BGLsp.dll
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 19:08:31.71 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/01/2011 11:02:58
System Uptime: 14/03/2012 13:12:54 (6 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2800/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is Removable
C: is FIXED (NTFS) - 233 GiB total, 194.036 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Wave Audio Mixer
Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Wave Audio Mixer
PNP Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: kmixer
.
==== System Restore Points ===================
.
RP372: 16/12/2011 09:39:42 - System Checkpoint
RP373: 17/12/2011 14:15:33 - Software Distribution Service 3.0
RP374: 17/12/2011 16:26:09 - PC Repair Doctor before Scan
RP375: 19/12/2011 11:04:27 - System Checkpoint
RP376: 20/12/2011 17:58:22 - System Checkpoint
RP377: 22/12/2011 09:46:08 - System Checkpoint
RP378: 23/12/2011 21:20:49 - System Checkpoint
RP379: 24/12/2011 23:40:12 - System Checkpoint
RP380: 26/12/2011 09:03:57 - System Checkpoint
RP381: 27/12/2011 20:45:44 - System Checkpoint
RP382: 29/12/2011 10:18:06 - System Checkpoint
RP383: 30/12/2011 22:25:49 - Software Distribution Service 3.0
RP384: 02/01/2012 11:32:08 - System Checkpoint
RP385: 04/01/2012 10:48:34 - System Checkpoint
RP386: 05/01/2012 17:08:53 - System Checkpoint
RP387: 09/01/2012 08:59:02 - System Checkpoint
RP388: 10/01/2012 09:03:17 - System Checkpoint
RP389: 13/01/2012 17:53:46 - System Checkpoint
RP390: 13/01/2012 22:32:17 - Software Distribution Service 3.0
RP391: 17/01/2012 08:55:30 - System Checkpoint
RP392: 20/01/2012 13:50:56 - Software Distribution Service 3.0
RP393: 22/01/2012 09:55:16 - System Checkpoint
RP394: 23/01/2012 11:31:37 - System Checkpoint
RP395: 24/01/2012 12:40:49 - System Checkpoint
RP396: 26/01/2012 17:49:22 - Removed SpyHunter
RP397: 26/01/2012 17:50:23 - Removed Survey Launcher
RP398: 26/01/2012 18:53:08 - PC Repair Doctor before Scan
RP399: 27/01/2012 22:10:36 - System Checkpoint
RP400: 30/01/2012 18:39:50 - System Checkpoint
RP401: 30/01/2012 19:12:23 - PC Repair Doctor before Scan
RP402: 01/02/2012 09:38:40 - Removed WinZip 16.0
RP403: 01/02/2012 09:39:20 - Installed WinZip 16.0
RP404: 04/02/2012 16:14:46 - PC Repair Doctor before Scan
RP405: 05/02/2012 16:39:49 - System Checkpoint
RP406: 07/02/2012 09:28:59 - System Checkpoint
RP407: 08/02/2012 14:40:36 - System Checkpoint
RP408: 10/02/2012 08:30:45 - System Checkpoint
RP409: 10/02/2012 20:48:39 - Installed QuickTime
RP410: 12/02/2012 11:59:00 - System Checkpoint
RP411: 12/02/2012 16:32:26 - PC Repair Doctor before Scan
RP412: 12/02/2012 17:09:13 - PC Repair Doctor before Scan
RP413: 14/02/2012 08:27:33 - System Checkpoint
RP414: 15/02/2012 08:44:32 - System Checkpoint
RP415: 16/02/2012 18:53:29 - Installed Ad-Aware
RP416: 16/02/2012 18:55:38 - Installed Ad-Aware
RP417: 16/02/2012 22:48:40 - Software Distribution Service 3.0
RP418: 17/02/2012 14:28:38 - Installed Ad-Aware
RP419: 17/02/2012 14:30:44 - Installed Ad-Aware
RP420: 17/02/2012 14:40:36 - Installed Lavasoft Registry Tuner
RP421: 18/02/2012 09:15:44 - Removed Ad-Aware
RP422: 18/02/2012 09:23:56 - Removed Ad-Aware
RP423: 18/02/2012 09:36:10 - Removed Lavasoft Registry Tuner
RP424: 20/02/2012 15:27:43 - PC Repair Doctor before Scan
RP425: 20/02/2012 16:40:05 - Removed Kaspersky Security Scan
RP426: 22/02/2012 10:01:20 - System Checkpoint
RP427: 23/02/2012 11:06:16 - Removed Java(TM) 6 Update 24
RP428: 23/02/2012 11:06:49 - Installed Java(TM) 6 Update 31
RP429: 25/02/2012 14:31:51 - System Checkpoint
RP430: 25/02/2012 20:02:20 - elephant
RP431: 27/02/2012 09:57:12 - System Checkpoint
RP432: 29/02/2012 10:41:16 - System Checkpoint
RP433: 02/03/2012 20:38:26 - System Checkpoint
RP434: 04/03/2012 10:20:39 - System Checkpoint
RP435: 07/03/2012 08:37:37 - System Checkpoint
RP436: 08/03/2012 14:40:57 - Removed WinZip 16.0
RP437: 08/03/2012 14:56:18 - Installed WinZip 16.0
RP438: 08/03/2012 16:30:31 - Removed WinZip 16.0
RP439: 08/03/2012 16:45:54 - Installed WinZip 16.0
RP440: 10/03/2012 10:31:03 - System Checkpoint
RP441: 11/03/2012 21:24:34 - PC Repair Doctor before Scan
RP442: 13/03/2012 10:52:30 - System Checkpoint
.
==== Installed Programs ======================
.
.
2570
2570_Help
2570Trb
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader X (10.1.2)
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Software Update
Ask Toolbar
Bookshelf 99 ENG
BT Broadband Desktop Help
BT Yahoo! Applications
BufferChm
BullGuard
CD and DVD Burner
Concise Oxford English Dictionary (Eleventh Edition)
Consumer Input Software (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
EPSON Attach To Email
EPSON Printer Software
EPSON Scan
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Manual
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB959765)
Hotfix for Windows XP (KB961118)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
iCare Data Recovery Professional 4.6.3.3
InstantShareAlert
InstantShareDevices
Intel(R) Extreme Graphics Driver
Internet Explorer (Enable DEP)
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Java(TM) 6 Update 31
JourneySoftware
JourneySoftwarePromo
Kaspersky Security Scan
Logitech Vid HD
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
MediaRECOVER
Merriam-Webster's Intermediate
MicroCapture 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Access 2000
Microsoft AutoRoute Express GB 2000
Microsoft AutoRoute v11.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Entertainment Pack: The Puzzle Collection
Microsoft Money
Microsoft Money System Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 97, Professional Edition
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Standard 9
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyTomTom 3.0.1.221
NewCopy_CDA
OLYMPUS Master 2
OpenOffice.org 3.3
Optimizer XP
PanoStandAlone
PaperPort Image Printer
PC Registry Cleaner
PC Repair Doctor Version 1.0
PhotoGallery
PM Reference Guide
PM Software Guide
PowerTools Lite 2011
ProductContextNPI
PureRadio v3.0
QuickTime
RandMap
Readme
Roxio PhotoSuite 5
SafeNSecure $TRIALSTR$
SafeNSecure Password Manager
Scan
ScannerCopy
ScanSoft PaperPort 11
Security Task Manager 1.8c
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Serif AlbumPlus 4
Serif DrawPlus 8
Serif DrawPlus 8 Resources
Serif MoviePlus 5
Serif MoviePlus 5 Resources
Serif PagePlus 11
Serif PagePlus 11 Resources
Serif PhotoPlus 11
Serif Premium Design Collection
SkinsHP1
SolutionCenter
Sonic CinePlayer DVD Pack
Sonic_PrimoSDK
SpoofStick for Internet Explorer 1.02
Status
SweetIM for Messenger 3.3
SweetIM Toolbar for Internet Explorer 3.9
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
TrayApp
TuneUp Companion 2.2.4
Ultimate Reference Suite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio C++ 9.0 Runtime
WebFldrs XP
WebReg
Webroot SecureAnywhere
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinZip 16.0
WinZip Courier
WinZip System Utilities Suite
WinZipBar Toolbar
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.

broni · 2012/03/15

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

You're not saying what are computer's problems.

You're running two AV programs, Webroot SecureAnywhere and BullGuard Antivirus.
You must uninstall one of them.

Log in or Sign up

Inactive Crawler

jacott Inactive Thread Starter

jacott Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Crawler

jacott Inactive Thread Starter

jacott Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches