Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI ransomware removed, can't start safe mode


  • Please log in to reply
16 replies to this topic

#1 sum-duhme

sum-duhme

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 19 February 2013 - 10:42 AM

A couple of weeks ago, I was assisting another workstation on FBI ransomware and inadvertently infected my laptop.  I was able to remove infected files (at least I hope I got them all).  Now when I attempt to boot in any of the safe modes I get a BSOD error 7B (virus) or at times error 7E (bios).  I'm relatively certain it is a registry issue.  

 

Dell Inspiron 1525

WinXP SP3

 

FRST report

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-02-2013 01
Ran by jim at 19-02-2013 10:26:30
Running from F:\
  Service Pack 3 (X86) OS Language: English(US) 
Attention: Could not load system hive.
 
Error:  The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
 
 
==================== One Month Created Files and Folders ========
 
2013-02-15 14:54 - 2013-02-15 15:32 - 00000450 ____A C:\Windows\DHCPUPG.LOG
2013-02-15 14:54 - 2013-02-15 15:32 - 00000416 ____A C:\Windows\WINNT32.LOG
2013-02-14 14:38 - 2013-02-14 14:45 - 00000840 ____A C:\Documents and Settings\jim\Desktop\CAMA Update.lnk
2013-02-14 14:38 - 2013-02-14 14:38 - 00001110 ____A C:\Documents and Settings\jim\Desktop\QM Online CAMA Update.lnk
2013-02-14 12:57 - 2013-02-14 12:57 - 00000072 ____A C:\SAFEBOOT_REPAIR.TXT
2013-02-14 09:06 - 2013-02-14 09:07 - 00008393 ____A C:\Windows\KB2797052-IE8.log
2013-02-14 09:06 - 2013-02-14 09:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2799494$
2013-02-14 08:33 - 2013-02-14 09:06 - 00013203 ____A C:\Windows\KB2799494.log
2013-02-13 16:01 - 2013-02-13 16:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-02-13 16:01 - 2013-02-13 16:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-02-13 16:01 - 2013-02-13 16:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-02-13 15:59 - 2013-02-13 16:00 - 00016785 ____A C:\Windows\KB2792100-IE8.log
2013-02-13 09:49 - 2013-02-13 09:49 - 00001736 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-02-13 08:41 - 2013-02-13 16:01 - 00016237 ____A C:\Windows\KB2778344.log
2013-02-13 08:40 - 2013-02-13 16:01 - 00015366 ____A C:\Windows\KB2802968.log
2013-02-13 08:38 - 2013-02-13 16:01 - 00015185 ____A C:\Windows\KB2780091.log
2013-02-12 16:21 - 2013-02-12 16:20 - 00106496 ____A C:\Windows\Minidump\Mini021213-01.dmp
2013-02-07 14:52 - 2013-02-07 14:52 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-02-07 14:36 - 2013-02-07 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Logitech
2013-02-05 15:39 - 2013-02-05 15:38 - 00106496 ____A C:\Windows\Minidump\Mini020513-01.dmp
2013-01-30 09:55 - 2013-02-19 10:26 - 00000000 ____D C:\FRST
2013-01-29 08:51 - 2013-01-29 08:51 - 00000000 ____D C:\Documents and Settings\jim\My Documents\Budget Requests
2013-01-24 08:27 - 2013-01-23 12:16 - 00065536 ___AH C:\Windows\Minidump\Mini012413-01.dmp
2013-01-23 16:21 - 2013-01-23 16:21 - 00002272 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-01-23 12:19 - 2013-01-23 12:19 - 00106496 ____A C:\Windows\Minidump\Mini012313-01.dmp
 
==================== One Month Modified Files and Folders ========
 
2013-02-19 10:26 - 2010-10-18 12:44 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-19 10:26 - 2008-12-18 08:50 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2013-02-19 10:07 - 2012-07-12 10:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-19 09:59 - 2008-12-23 15:43 - 00000590 ____A C:\Windows\hpbafd.ini
2013-02-19 09:26 - 2010-10-18 12:44 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-19 08:36 - 2008-04-25 04:17 - 00000000 ____D C:\Windows\security
2013-02-19 08:32 - 2012-03-30 14:15 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{33B9419F-6138-4A31-9439-E5A09E055509}.job
2013-02-19 08:32 - 2008-04-25 16:28 - 02019658 ____A C:\Windows\WindowsUpdate.log
2013-02-19 08:30 - 2008-04-25 11:16 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-02-19 08:30 - 2008-04-25 04:17 - 00000000 ____D C:\Windows\System32\inetsrv
2013-02-19 08:28 - 2012-03-05 15:38 - 00000296 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
2013-02-19 08:28 - 2010-08-23 07:48 - 00000274 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
2013-02-19 08:28 - 2008-04-25 04:25 - 00000159 ____A C:\Windows\wiadebug.log
2013-02-19 08:28 - 2008-04-25 04:25 - 00000049 ____A C:\Windows\wiaservc.log
2013-02-19 08:26 - 2012-03-05 14:16 - 00000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
2013-02-19 08:26 - 2011-01-31 11:07 - 00000294 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4084728313-1524007332-3262763513-500.job
2013-02-19 08:26 - 2010-09-13 14:37 - 00000294 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1751526032-396433644-1844936127-500.job
2013-02-19 08:26 - 2010-06-17 07:25 - 00000062 __ASH C:\Documents and Settings\jim\Local Settings\desktop.ini
2013-02-19 08:26 - 2008-04-25 16:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-19 08:25 - 2008-04-25 16:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-02-19 08:25 - 2008-04-25 16:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-02-15 16:22 - 2008-12-18 08:53 - 00000178 ___SH C:\Documents and Settings\jim\ntuser.ini
2013-02-15 16:22 - 2008-04-25 16:32 - 00032290 ____A C:\Windows\SchedLgU.Txt
2013-02-15 16:14 - 2012-03-30 15:10 - 00256306 ____A C:\Windows\setupapi.log
2013-02-15 15:56 - 2010-07-06 11:00 - 00000282 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
2013-02-15 15:32 - 2013-02-15 14:54 - 00000450 ____A C:\Windows\DHCPUPG.LOG
2013-02-15 15:32 - 2013-02-15 14:54 - 00000416 ____A C:\Windows\WINNT32.LOG
2013-02-15 12:00 - 2011-01-28 14:20 - 00000434 ____A C:\Windows\Tasks\FixCleaner Scan.job
2013-02-15 10:42 - 2009-01-12 10:21 - 00000000 ____D C:\Documents and Settings\jim\My Documents\excel
2013-02-15 10:40 - 2011-09-01 09:52 - 00000000 ____D C:\Documents and Settings\jim\My Documents\Access
2013-02-15 09:54 - 2011-01-04 11:42 - 00000026 ____A C:\Windows\BRPP2KA.INI
2013-02-15 09:28 - 2011-01-31 11:07 - 00000302 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4084728313-1524007332-3262763513-500.job
2013-02-14 15:37 - 2008-12-18 09:53 - 00000000 ____D C:\Documents and Settings\jim\Desktop\Copier Scan
2013-02-14 14:52 - 2008-12-08 20:46 - 00000000 ____D C:\Program Files\Citrix
2013-02-14 14:45 - 2013-02-14 14:38 - 00000840 ____A C:\Documents and Settings\jim\Desktop\CAMA Update.lnk
2013-02-14 14:38 - 2013-02-14 14:38 - 00001110 ____A C:\Documents and Settings\jim\Desktop\QM Online CAMA Update.lnk
2013-02-14 14:32 - 2011-09-08 13:40 - 00113224 ____A C:\Documents and Settings\jim\g2ax_customer_downloadhelper_win32_x86.exe
2013-02-14 14:32 - 2009-02-03 12:45 - 00000000 ____D C:\Documents and Settings\jim\Local Settings\Application Data\Citrix
2013-02-14 14:19 - 2009-01-12 10:57 - 00000000 ____D C:\Documents and Settings\jim\My Documents\Word
2013-02-14 12:57 - 2013-02-14 12:57 - 00000072 ____A C:\SAFEBOOT_REPAIR.TXT
2013-02-14 11:30 - 2012-03-05 15:38 - 00000322 ____A C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
2013-02-14 10:24 - 2008-04-25 16:34 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-14 10:16 - 2011-10-18 11:33 - 00000000 ____D C:\Documents and Settings\jim\.frostwire5
2013-02-14 09:07 - 2013-02-14 09:06 - 00008393 ____A C:\Windows\KB2797052-IE8.log
2013-02-14 09:07 - 2008-12-18 09:01 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-14 09:07 - 2008-04-25 04:22 - 02284454 ____A C:\Windows\FaxSetup.log
2013-02-14 09:07 - 2008-04-25 04:22 - 01164920 ____A C:\Windows\ocgen.log
2013-02-14 09:07 - 2008-04-25 04:22 - 01070602 ____A C:\Windows\tsoc.log
2013-02-14 09:07 - 2008-04-25 04:22 - 01055704 ____A C:\Windows\iis6.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00773519 ____A C:\Windows\comsetup.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00729916 ____A C:\Windows\msmqinst.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00477945 ____A C:\Windows\ntdtcsetup.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00401044 ____A C:\Windows\netfxocm.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00160692 ____A C:\Windows\MedCtrOC.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00127595 ____A C:\Windows\ocmsn.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00116016 ____A C:\Windows\msgsocm.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00112632 ____A C:\Windows\tabletoc.log
2013-02-14 09:07 - 2008-04-25 04:22 - 00001374 ____A C:\Windows\imsins.log
2013-02-14 09:06 - 2013-02-14 09:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2799494$
2013-02-14 09:06 - 2013-02-14 08:33 - 00013203 ____A C:\Windows\KB2799494.log
2013-02-14 09:06 - 2009-06-12 08:02 - 00000000 ____D C:\Windows\ie8updates
2013-02-14 09:06 - 2008-12-18 09:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-02-14 09:06 - 2008-12-08 20:41 - 00000000 ___HD C:\Windows\$hf_mig$
2013-02-14 09:06 - 2008-04-25 04:22 - 00001374 ____A C:\Windows\imsins.BAK
2013-02-14 09:03 - 2008-04-25 04:22 - 00630212 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-14 08:24 - 2008-04-25 04:21 - 00385608 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-13 16:01 - 2013-02-13 16:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-02-13 16:01 - 2013-02-13 16:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-02-13 16:01 - 2013-02-13 16:01 - 00000000 __HDC C:\Windows\$NtUninstallKB2778344$
2013-02-13 16:01 - 2013-02-13 08:41 - 00016237 ____A C:\Windows\KB2778344.log
2013-02-13 16:01 - 2013-02-13 08:40 - 00015366 ____A C:\Windows\KB2802968.log
2013-02-13 16:01 - 2013-02-13 08:38 - 00015185 ____A C:\Windows\KB2780091.log
2013-02-13 16:00 - 2013-02-13 15:59 - 00016785 ____A C:\Windows\KB2792100-IE8.log
2013-02-13 16:00 - 2008-12-08 20:41 - 00707520 ____A C:\Windows\updspapi.log
2013-02-13 11:42 - 2008-12-18 11:31 - 00000000 ____D C:\Documents and Settings\jim\Application Data\Real
2013-02-13 11:02 - 2008-04-25 16:28 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2013-02-13 09:49 - 2013-02-13 09:49 - 00001736 ____A C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-02-13 09:48 - 2008-12-08 20:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-02-13 09:48 - 2008-12-08 20:44 - 00000000 ____D C:\Program Files\Adobe
2013-02-13 09:48 - 2008-12-08 20:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-02-12 16:21 - 2009-08-25 08:25 - 00000000 ____D C:\Windows\Minidump
2013-02-12 16:21 - 2008-12-18 08:52 - 00000000 __SHD C:\Windows\CSC
2013-02-12 16:20 - 2013-02-12 16:21 - 00106496 ____A C:\Windows\Minidump\Mini021213-01.dmp
2013-02-12 14:29 - 2010-09-13 14:37 - 00000302 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1751526032-396433644-1844936127-500.job
2013-02-12 12:59 - 2012-03-05 14:16 - 00000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2013-02-11 11:30 - 2012-03-05 15:38 - 00000304 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
2013-02-11 10:07 - 2012-06-15 07:33 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-11 10:07 - 2012-05-29 09:18 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-08 08:55 - 2008-12-18 08:53 - 00000000 ____D C:\Documents and Settings\jim\Local Settings\Application Data\Google
2013-02-07 15:42 - 2008-04-25 16:32 - 00000178 _ASHC C:\Documents and Settings\Administrator\ntuser.ini
2013-02-07 14:52 - 2013-02-07 14:52 - 00001815 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-02-07 14:52 - 2008-12-08 20:48 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-02-07 14:51 - 2008-12-08 20:44 - 00000000 ____D C:\Program Files\Google
2013-02-07 14:36 - 2013-02-07 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Logitech
2013-02-07 14:36 - 2009-01-20 10:24 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Real
2013-02-07 14:35 - 2008-04-25 16:32 - 00000062 _ASHC C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-02-06 09:41 - 2012-09-11 08:27 - 00002800 ____A C:\Windows\LkmdfCoInst.log
2013-02-06 09:40 - 2012-09-11 08:27 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-02-06 09:40 - 2008-04-25 11:16 - 00001006 ____A C:\Windows\win.ini
2013-02-06 09:40 - 2008-04-25 11:16 - 00000435 ____A C:\Windows\system.ini
2013-02-06 09:40 - 2008-04-25 11:16 - 00000211 ___SH C:\boot.ini
2013-02-05 15:38 - 2013-02-05 15:39 - 00106496 ____A C:\Windows\Minidump\Mini020513-01.dmp
2013-02-01 16:04 - 2011-07-19 14:21 - 00000000 ____D C:\Documents and Settings\jim\Application Data\FileZilla
2013-01-30 13:06 - 2008-04-25 16:26 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-01-29 09:08 - 2012-09-11 08:27 - 00023050 ____A C:\Windows\LDPINST.LOG
2013-01-29 08:51 - 2013-01-29 08:51 - 00000000 ____D C:\Documents and Settings\jim\My Documents\Budget Requests
2013-01-28 11:22 - 2009-08-17 09:08 - 00000000 ____D C:\Program Files\Symantec AntiVirus
2013-01-28 11:22 - 2008-12-18 10:12 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-01-25 22:55 - 2008-04-25 11:16 - 00552448 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\oleaut32.dll
2013-01-25 22:55 - 2008-04-25 11:16 - 00552448 ____N (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2013-01-25 12:33 - 2008-12-22 12:52 - 00001754 ___AH C:\Documents and Settings\jim\My Documents\Default.rdp
2013-01-25 11:17 - 2010-01-20 09:15 - 00176128 ____A C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-25 11:08 - 2011-03-29 15:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-24 09:02 - 2012-09-24 09:18 - 00008192 __ASH C:\Documents and Settings\jim\Desktop\Thumbs.db
2013-01-23 16:21 - 2013-01-23 16:21 - 00002272 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-01-23 16:21 - 2009-06-16 07:52 - 00131072 ____A C:\Windows\System32\config\MIU.evt
2013-01-23 12:54 - 2009-09-23 10:19 - 00000600 ____A C:\Documents and Settings\jim\Local Settings\Application Data\PUTTY.RND
2013-01-23 12:19 - 2013-01-23 12:19 - 00106496 ____A C:\Windows\Minidump\Mini012313-01.dmp
2013-01-23 12:16 - 2013-01-24 08:27 - 00065536 ___AH C:\Windows\Minidump\Mini012413-01.dmp
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points (XP) =====================
 
RP: -> 2013-02-14 08:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP921 
 
RP: -> 2013-02-13 15:52 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP920 
 
RP: -> 2013-02-13 09:48 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP919 
 
RP: -> 2013-02-12 10:48 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP918 
 
RP: -> 2013-02-11 10:17 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP917 
 
RP: -> 2013-02-08 09:30 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP916 
 
RP: -> 2013-02-06 10:51 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP915 
 
RP: -> 2013-02-01 11:14 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP914 
 
RP: -> 2013-01-29 13:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP912 
 
RP: -> 2013-01-25 13:27 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP911 
 
RP: -> 2013-01-24 09:24 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP910 
 
RP: -> 2013-01-22 13:51 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP909 
 
RP: -> 2013-01-18 10:46 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP908 
 
RP: -> 2013-01-18 10:44 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP907 
 
RP: -> 2013-01-17 10:44 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP906 
 
RP: -> 2013-01-16 10:33 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP905 
 
RP: -> 2013-01-15 09:15 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP904 
 
RP: -> 2013-01-15 08:42 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP903 
 
RP: -> 2013-01-14 08:29 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP902 
 
RP: -> 2013-01-11 16:18 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP901 
 
RP: -> 2013-01-10 16:21 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP900 
 
RP: -> 2013-01-09 16:23 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP899 
 
RP: -> 2013-01-09 14:54 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP898 
 
RP: -> 2013-01-08 13:39 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP897 
 
RP: -> 2013-01-07 08:44 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP896 
 
RP: -> 2013-01-04 08:59 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP895 
 
RP: -> 2013-01-03 09:46 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP894 
 
RP: -> 2012-12-31 10:51 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP893 
 
RP: -> 2012-12-26 13:43 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP892 
 
RP: -> 2012-12-21 09:50 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP891 
 
RP: -> 2012-12-19 14:00 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP890 
 
RP: -> 2012-12-18 13:37 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP889 
 
RP: -> 2012-12-14 09:29 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP888 
 
RP: -> 2012-12-12 16:01 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP887 
 
RP: -> 2012-12-12 13:51 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP886 
 
RP: -> 2012-12-11 11:07 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP885 
 
RP: -> 2012-12-10 09:48 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP884 
 
RP: -> 2012-12-07 09:50 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP883 
 
RP: -> 2012-12-05 09:11 - 028672 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP882 
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 3573.97 MB
Available physical RAM: 2505.74 MB
Total Pagefile: 5455.6 MB
Available Pagefile: 4304.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.42 MB
 
==================== Partitions =============================
 
1 Drive c: (OS) (Fixed) (Total:99.49 GB) (Free:2.37 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive f: (NANO PRO) (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
4 Drive s: (Data) (Network) (Total:101.45 GB) (Free:20.39 GB) NTFS
5 Drive u: (Data) (Network) (Total:101.45 GB) (Free:20.39 GB) NTFS
 
  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       112 GB      0 B         
 
Partitions of Disk 0:
===============
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 39 MB    32 KB
  Partition 2    Primary             99 GB    39 MB
  Partition 3    Extended          2549 MB   100 GB
  Partition 4    Logical           2542 MB   100 GB
  Partition 5    Unknown             10 GB   102 GB
=========================================================
 
Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition     99 GB  Healthy    System (partition with boot components)  
=========================================================
 
Disk: 0
Partition 4
Type  : DD
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
=========================================================
 
Disk: 0
Partition 5
Type  : DB
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
=========================================================
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 20 February 2013 - 03:39 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Now when I attempt to boot in any of the safe modes I get a BSOD error
7B (virus) or at times error 7E (bios).  I'm relatively certain it is a
registry issue.

So you can boot into Normal Mode fine?

 


Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 23 February 2013 - 04:25 PM

Just a side note: I am away until Tuesday.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 01 March 2013 - 05:52 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 sum-duhme

sum-duhme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 26 March 2013 - 01:54 PM

I'm sorry I have been busy.  Yes I can boot normally and I am in the process of using the combofix.  I will be back as soon as I get you the report.



#6 sum-duhme

sum-duhme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 26 March 2013 - 02:24 PM

ComboFix 13-03-26.01 - jim 26-Mar-13  15:07:12.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3574.2693 [GMT -4:00]
Running from: c:\documents and settings\jim\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jim\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\jim\GoToAssistDownloadHelper.exe
c:\documents and settings\jim\Local Settings\Application Data\assembly\tmp
c:\documents and settings\jim\WINDOWS
C:\install.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\jestertb.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-26 to 2013-03-26  )))))))))))))))))))))))))))))))
.
.
2013-03-21 15:47 . 2013-03-21 15:47 -------- d-----w- c:\documents and settings\jim\Local Settings\Application Data\Netscape
2013-03-21 15:47 . 2013-03-21 15:47 -------- d-----w- c:\documents and settings\jim\Application Data\Netscape
2013-03-21 15:47 . 2013-03-22 15:11 -------- d-----w- c:\program files\Netscape
2013-03-21 15:43 . 2013-03-21 15:44 -------- d-----w- c:\program files\InfoAtoms
2013-03-15 19:55 . 2013-03-15 19:55 -------- d-----w- c:\documents and settings\jim\Local Settings\Application Data\Shareaza
2013-03-15 19:55 . 2013-03-26 14:21 -------- d-----w- c:\documents and settings\jim\Application Data\Shareaza
2013-03-15 19:51 . 2013-03-22 15:57 -------- d-----w- c:\documents and settings\jim\Incomplete
2013-03-15 19:48 . 2013-03-15 19:48 -------- d-----w- c:\program files\Ask.com
2013-03-15 19:48 . 2013-03-15 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-03-15 19:48 . 2013-03-15 19:48 -------- d-----w- c:\program files\MP3 Rocket Downloader
2013-03-15 19:47 . 2013-03-22 16:01 -------- d-----w- c:\documents and settings\jim\Application Data\MP3Rocket
2013-03-15 19:47 . 2013-03-15 19:52 -------- d-----w- c:\program files\MP3 Rocket
2013-03-14 16:21 . 2013-03-14 16:21 -------- d-----w- c:\program files\RealNetworks
2013-03-14 16:21 . 2013-03-14 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
2013-03-14 16:20 . 2013-03-14 16:20 -------- d-----w- c:\program files\Common Files\xing shared
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 17:07 . 2012-06-15 12:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:07 . 2012-05-29 14:18 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2008-04-25 16:16 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 14:40 . 2012-09-11 13:27 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-02-05 20:05 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2008-04-25 16:16 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-18 15:46 . 2002-08-20 21:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-18 15:46 . 2013-01-18 15:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-18 15:46 . 2012-03-20 15:00 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-18 15:46 . 2010-05-10 12:57 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-07 11:07 . 2008-04-14 00:01 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 01:16 . 2008-04-25 16:16 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 01:20 . 2008-04-25 16:16 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-25 16:16 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2008-04-25 16:16 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-06-14 22:20 . 2011-03-29 18:35 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="c:\documents and settings\jim\My Documents\My Downloads\taskbar_shuffle_2.2\taskbarshuffle.exe" [2007-06-16 827392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-19 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-19 137752]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-09-18 36864]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-07-06 95960]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-12-11 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-02-23 115560]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-03-14 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-09 01:46 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 20:32 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jim^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=c:\documents and settings\jim\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jim^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\jim\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jim^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\jim\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 03:12 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-12-11 00:06 1228800 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 22:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 18:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2012-11-04 17:43 1851192 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-14 21:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-11-06 22:47 184320 -c--a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-09 01:44 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-03-14 16:18 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11-Sep-12 09:27 12216]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25-Jun-10 13:07 35088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [06-Mar-13 02:21 39056]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11-Mar-13 14:32 106656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08-Dec-08 23:32 105984]
S2 gupdate1c9a737a215392;Google Update Service (gupdate1c9a737a215392);c:\program files\Google\Update\GoogleUpdate.exe [17-Mar-09 15:31 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [17-Aug-09 10:05 23888]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [11-Jan-11 13:45 44432]
S3 JL2005;JL2005A Camera; [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [02-Sep-11 02:31 43704]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [02-Sep-11 02:31 12216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29-Mar-11 16:19 21104]
S3 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [18-Oct-12 12:37 398184]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29-Mar-11 16:19 682344]
S3 Printer DCA;Printer DCA;c:\program files\Printer DCA\PrinterDCA.Service.exe [18-Aug-10 20:52 67328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 13:26 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 17:07]
.
2011-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 19:31]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 19:31]
.
2013-03-07 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06 06:23]
.
2013-03-26 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 06:21]
.
2013-03-13 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 06:21]
.
2013-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1751526032-396433644-1844936127-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4084728313-1524007332-3262763513-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1751526032-396433644-1844936127-1141.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1751526032-396433644-1844936127-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4084728313-1524007332-3262763513-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2013-03-26 c:\windows\Tasks\User_Feed_Synchronization-{33B9419F-6138-4A31-9439-E5A09E055509}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: imwx.com\d.i
Trusted Zone: imwx.com\s
Trusted Zone: live.com\co108w.col108.mail
Trusted Zone: weather.com\www
TCP: DhcpNameServer = 10.1.10.130
FF - ProfilePath - c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\d2d9703v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-14 12:21; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2008-12-18 11:30; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2011-02-14 14:47; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{BDB33308-BD4F-4713-8B55-06A4B5DE0CB1} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BDB33308-BD4F-4713-8B55-06A4B5DE0CB1} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Adobe Reader Synchronizer - c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
MSConfigStartUp-Google Update - c:\documents and settings\jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-RIMBBLaunchAgent - c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Imation Disk Manager II Service - c:\docume~1\jim\LOCALS~1\Temp\Imation Disk Manager II.exe
AddRemove-MUNIS ASP Client_is1 - c:\program files\FourJs\GDC-13X\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-26 15:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2013-03-26  15:18:39
ComboFix-quarantined-files.txt  2013-03-26 19:18
.
Pre-Run: 5,733,212,160 bytes free
Post-Run: 8,070,045,696 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 642EA6FA18036FC683737AF652B6C952


#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 26 March 2013 - 03:35 PM

Hey sam-duhme.

 

Please run a Check Disk:

 

http://windows.microsoft.com/en-au/windows-vista/check-your-hard-disk-for-errors

 

=====

 

Also, please run SFC:

 

http://support.microsoft.com/kb/929833

 

=====

 

Did that solve the issue?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#8 sum-duhme

sum-duhme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 27 March 2013 - 11:40 AM

Ran both check disk and System File Checker.  Still get BSOD at safe mode with and without networking.



#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 27 March 2013 - 03:33 PM

Hello sum-duhme,

 

Please see this link for a System Restore:

 

http://windows.microsoft.com/en-au/windows7/resolving-stop-blue-screen-errors-in-windows-7

 

Roll your computer back before these issues started. Did that help?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 sum-duhme

sum-duhme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 29 March 2013 - 01:41 PM

Restore point finally worked.  I can access all safe modes now.  Thanks for all the help!!



#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 29 March 2013 - 05:02 PM

Hey sum-duhme,

 

Great to hear!

 

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 sum-duhme

sum-duhme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 01 April 2013 - 02:12 PM

 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0ffab8b361837f4ca28e5d8279633e3b
# engine=13525
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2013-04-01 06:27:57
# local_time=2013-04-01 02:27:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=164245
# found=7
# cleaned=0
# scan_time=9993
sh=B8F2F0C2F4B2FB1423105E60E6B10646BC4B7E95 ft=0 fh=0000000000000000 vn="Win32/AutoRun.Delf.CC worm" ac=I fn="C:\Documents and Settings\jim\Desktop\16GB\autorun.inf"
sh=A21A2352955C18866324558C9FE3B3499DA98E41 ft=1 fh=89325fb1dad26889 vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Documents and Settings\jim\Desktop\16GB\media.player.codec.pack.v4.1.4.setup.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi application" ac=I fn="C:\Documents and Settings\jim\Desktop\16GB\PDFCreator-1_2_3_setup.exe"
sh=A21A2352955C18866324558C9FE3B3499DA98E41 ft=1 fh=89325fb1dad26889 vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Documents and Settings\jim\My Documents\Downloads\media.player.codec.pack.v4.1.4.setup.exe"
sh=D04173C908B116A7CF2B70700F324365DA247C89 ft=1 fh=397f41678682be60 vn="a variant of Win32/Adware.ErrorClean application" ac=I fn="C:\Documents and Settings\jim\My Documents\My Downloads\pconpoint.exe"
sh=A410F92B9820D62686F6A039FC1A86B1F315F9C8 ft=1 fh=397f41671f1b1dee vn="a variant of Win32/Adware.ErrorClean application" ac=I fn="C:\Documents and Settings\jim\My Documents\My Downloads\registryfix.exe"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
 


#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 02 April 2013 - 03:33 PM

Hello sum-duhme,

 

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 sum-duhme

sum-duhme
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 03 April 2013 - 10:46 AM

 Results of screen317's Security Check version 0.99.61  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.65.1.1000  
 Java™ 6 Update 31  
 Java 7 Update 17  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox 13.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Symantec AntiVirus Smc.exe   
 Symantec AntiVirus Rtvscan.exe   
 Symantec AntiVirus SmcGui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 39% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#15 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:07:51 PM

Posted 03 April 2013 - 03:36 PM

Hello sum-duhme,

 

Your version of Adobe Flash Player is out of date. Please follow these instructions to update to the latest version:

Go to the Adobe Global Notifications Update website here:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html#118377

A small box to the right within the window should load. Please select how often you would like Adobe to check for a new update for its Flash Player.
Note: This has to be done separately for Firefox and IE.

If a new version is found:

  • Please tick the License Agreement.
  • Click Install.
    Note: If you are running Mozilla Firefox all of its windows will need to be closed.
  • Click Done.

Note: In future if an update is available Adobe will notify you on your Desktop via the Adobe Download Manager.
 

=====

 

Next, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

 

=====

 

Also, your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows 7 version:

http://www.java.com/en/download/manual.jsp
    
  • Save it to your Desktop.
  •     Please go to Start>Control Panel>Programs.
  •     Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  •      Select Uninstall.
  •     Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

 

=====

 

Finally, your version of Mozilla Firefox is out of date. Please do the following to update it:

  • Go to Start>All Programs>Mozilla Firefox.
  • Click Firefox>Help>About Firefox.
  • Let it search for any updates and install them when found.
  • Please restart your computer if prompted.

 

=====

 

Please let me know how the updates go.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users