Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing an infection


  • Please log in to reply
20 replies to this topic

#1 drbobj

drbobj

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 03 May 2013 - 04:11 PM

First time to the forum, first time getting infected by a virus. Yes I guess it can happen to me to.

 

My Name is Bob, I am do not work in the computer or IT industry. I am actually a Chiropractor, and a computer user.

 

Here is the story. My Computer started acting wierd and was slowing down, I believe I started getting some alerts from Zone alarm. So I shut down the computer by holding the power button. After reboot if I remember right I noticed that the windows firewall and automatic update were disabled and when I tried to fix it I got a dialog box that said basically I was not able to do that. Eventually it got to the point where when I tried to run any program a dialong box said that it could not find the file or something like that.

 

Ohh BTW this is Windows XP Im pretty sure it SP2 maybe 3

 

So booted in safe mode I ran malwarebytes including the cameleon and antiroot kit tools. It appeared to be removing things such as

Spyware.Zbot.ED

(Trojan.Agent.KRH)

(Trojan.Beebone)

(RiskWare.Tool.CK)

(Trojan.FakeAlert)

 

I will try to recolect the next things that happened but it occured over a few days and inbetween a few scans. Another thing eventually I could not start in save mode with my user ID so I logged in as Admin and ran Malwarebytes again. At one point I got the FBI screen. Eventually I got a blue screen that said I had to run CHKDSK, which is hard to do when it won't boot up. So I took out the drive and ran it as a secondary on a new Windows 8 computer. During start up it automatically ran a disc repair program. After that I could boot in safe mode. An IT friend of mine recommended running combofix and I did. That seems to have cleared up the problem at least to the point that I can now boot in normal mode and operate my computer. Then I was reading some info on the bleeping computer site. I did read that I should not run combofix before going onto this forum but that ship has already sailed.

 

Here is my question. Where do I go from here to make sure everything is cleaned up? I have heard that there still can be lingering bits and pieces that may have to be manually removed. And I don't want to mess with the registry if I don't have to. Are there any other tools that I should run like RKILL or TDSSKiller?

 

I appreciate any help, suggestions.

 

Dr Bob

 

One more thing now when I start windows a black window opens I think it is the comand prompt. It does not seem to be a problem now but it was also comming up before I ran combofix. now I can close it but it did not close before I ran combofix.

 

Also a few weeks before it got bad when I clicked on something in a google search I would get redirected to a different but related commercial site

 

I read that I am supposed to paste the logs instead of attaching so here you go

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/15/2006 3:12:46 PM
System Uptime: 5/3/2013 11:50:47 AM (1 hours ago)
.
Motherboard: Dell Inc.           |  | 0JC474
Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 10.87 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 1397 GiB total, 613.335 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1851: 3/12/2013 9:37:35 AM - Software Distribution Service 3.0
RP1852: 3/13/2013 9:27:42 AM - Software Distribution Service 3.0
RP1853: 3/14/2013 10:08:37 AM - Software Distribution Service 3.0
RP1854: 3/14/2013 12:10:14 PM - Software Distribution Service 3.0
RP1855: 3/15/2013 3:00:22 AM - Software Distribution Service 3.0
RP1856: 3/16/2013 3:00:22 AM - Software Distribution Service 3.0
RP1857: 3/17/2013 3:00:22 AM - Software Distribution Service 3.0
RP1858: 3/18/2013 3:00:23 AM - Software Distribution Service 3.0
RP1859: 3/19/2013 9:46:49 AM - Software Distribution Service 3.0
RP1860: 3/19/2013 10:15:09 AM - Removed TomTom HOME.
RP1861: 3/20/2013 9:48:24 AM - Software Distribution Service 3.0
RP1862: 3/21/2013 9:53:32 AM - Software Distribution Service 3.0
RP1863: 3/22/2013 3:00:22 AM - Software Distribution Service 3.0
RP1864: 3/23/2013 3:00:22 AM - Software Distribution Service 3.0
RP1865: 3/24/2013 3:00:23 AM - Software Distribution Service 3.0
RP1866: 3/25/2013 3:00:23 AM - Software Distribution Service 3.0
RP1867: 3/26/2013 3:00:23 AM - Software Distribution Service 3.0
RP1868: 3/27/2013 9:51:16 AM - Software Distribution Service 3.0
RP1869: 3/28/2013 3:00:24 AM - Software Distribution Service 3.0
RP1870: 3/28/2013 5:43:43 PM - Software Distribution Service 3.0
RP1871: 3/29/2013 9:12:43 AM - Software Distribution Service 3.0
RP1872: 3/30/2013 9:14:57 AM - Software Distribution Service 3.0
RP1873: 3/31/2013 3:00:24 AM - Software Distribution Service 3.0
RP1874: 4/1/2013 3:00:25 AM - Software Distribution Service 3.0
RP1875: 4/1/2013 4:48:24 PM - Software Distribution Service 3.0
RP1876: 4/3/2013 9:22:20 AM - Software Distribution Service 3.0
RP1877: 4/4/2013 3:00:25 AM - Software Distribution Service 3.0
RP1878: 4/5/2013 3:01:04 AM - Software Distribution Service 3.0
RP1879: 4/6/2013 3:00:18 AM - Software Distribution Service 3.0
RP1880: 4/7/2013 3:00:23 AM - Software Distribution Service 3.0
RP1881: 4/8/2013 3:00:23 AM - Software Distribution Service 3.0
RP1882: 4/9/2013 3:00:23 AM - Software Distribution Service 3.0
RP1883: 4/10/2013 9:30:04 AM - Software Distribution Service 3.0
RP1884: 4/11/2013 9:10:19 AM - Software Distribution Service 3.0
RP1885: 4/12/2013 10:12:31 AM - Software Distribution Service 3.0
RP1886: 4/13/2013 9:00:39 AM - Software Distribution Service 3.0
RP1887: 4/14/2013 9:15:26 AM - Software Distribution Service 3.0
RP1888: 4/15/2013 3:00:23 AM - Software Distribution Service 3.0
RP1889: 4/16/2013 9:37:47 AM - Software Distribution Service 3.0
RP1890: 4/17/2013 9:32:39 AM - Software Distribution Service 3.0
RP1891: 4/18/2013 3:00:25 AM - Software Distribution Service 3.0
RP1892: 4/19/2013 3:00:41 AM - Software Distribution Service 3.0
RP1893: 4/20/2013 3:50:36 AM - System Checkpoint
RP1894: 4/21/2013 4:19:24 AM - System Checkpoint
RP1895: 4/22/2013 5:45:43 AM - System Checkpoint
RP1896: 4/23/2013 5:56:32 AM - System Checkpoint
RP1897: 4/24/2013 6:43:41 AM - System Checkpoint
RP1898: 4/25/2013 8:36:36 AM - System Checkpoint
RP1899: 4/26/2013 8:47:19 AM - System Checkpoint
RP1900: 4/26/2013 1:10:46 PM - Software Distribution Service 3.0
RP1901: 4/28/2013 10:27:05 AM - Software Distribution Service 3.0
RP1902: 4/29/2013 9:08:41 AM - Software Distribution Service 3.0
RP1903: 4/29/2013 9:18:03 AM - Restore Operation
RP1904: 4/29/2013 9:24:43 AM - Restore Operation
RP1905: 4/29/2013 9:26:27 AM - Restore Operation
RP1906: 5/2/2013 7:27:52 PM - Restore Operation
RP1907: 5/3/2013 11:45:43 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2001 Sales & Marketing Letters
2007 Microsoft Office Suite Service Pack 1 (SP1)
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.2 Professional
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Digital Editions
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.6)
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AI RoboForm (All Users)
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
BabylonObjectInstaller
Belarc Advisor 6.1
Body Spectrum
Bonjour
Brother MFL-Pro Suite MFC-J835DW
Calendar Creator
CamStudio OSS Desktop Recorder
CCleaner
CDex - Open Source Digital Audio CD Extractor
ConvertHelper 2.2
Corel WordPerfect Suite 8
CueCard (remove only)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Digital Voice Editor 3
DownloadX Free 1.1.1
DR Systems Web Ambassador
Dragon NaturallySpeaking 9
Dropbox
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Audio Cutter V1.95
eConnect
ExamView Player
ExamView Pro
FLV Player 1.3.3
Free Mp3 Wma Converter V 1.7.2
Free Video Converter V 3.1
Freez FLV to AVI/MPEG/WMV Converter
GdiplusUpgrade
Good Keywords v2.0.091406
Google
Google Chrome
Google Desktop
Google Earth
Google Gears
Google Toolbar for Firefox
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
GoToMeeting 5.5.0.1132
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Software Update
HP Unload DLL Patch
HPODiscovery
IncrediMail
IncrediMail 2.0
Intel® 537EP Modem
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
InterActual Player
Iomega Encryption
iTunes
Java 7 Update 7
Java Auto Updater
K-Lite Codec Pack 3.6.5 Full
Karen's Directory Printer
Leo-4.7-release-candidate-1 (remove only)
LiveUpdate Notice (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MCJeopardy
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Microsoft Works 6-9 Converter
Microsoft XML Parser
MightyUninstaller
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
Nero 8
neroxml
Netflix Movie Viewer
Nuance PaperPort 12
Nuance PDF Viewer Plus
OpenOffice.org 3.1
Orbit Downloader
OverDrive Media Console
overland
PANTECH Handset USB Driver
Pantech PCSuite
PaperPort Image Printer
PDF Settings
PDFlite 0.7
Philips VLounge
Photo Notifier and Animation Creator
Picasa 3
PixiePack Codec Pack
PlayStation®Network Downloader
PlayStation®Store
Python 2.6.4
QuickBooks Pro 2006
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RedMon - Redirection Port Monitor
RemoteComms External Disk Access
Roxio MyDVD LE
Scansoft PDF Professional
Search Settings 1.2
Search.com Bar
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Shipping Assistant 3.6
Shockwave
Skype web features
Skype™ 4.1
Sonic Audio module
Sonic DLA
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Digital Voice Player Ver.2.1
Sony DVD Architect Studio 4.5
Sony Ericsson PC Suite 6.012.00
Sony Vegas Movie Studio 8.0
SPC 600NC PC Camera
StudyWare - Fundamentals of Anatomy and Physiology
SureThing CD Labeler - Stomper Edition 32 bit
Symantec WinFax PRO 10.0
TestGen
The Rosetta Stone 2000
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TuneClone 2.20
Uninstall Dual Mode Camera
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB976662)
v.Clone
VASST PIPSelection 1.2.0
VCRedistSetup
VersaCheck Platinum 2010
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.5
VMware Player
VMware Virtual Disk Development Kit
Voice Editing Standard
WavePad Sound Editor
WebEx
WebFldrs XP
Windows Driver Package - Intel (E1000) Net  (08/20/2008 8.10.3.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/3/2013 9:16:54 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BANTExt Fips intelppm KLIF Lbd SBRE
5/3/2013 9:14:37 AM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
5/3/2013 11:14:42 AM, error: Service Control Manager [7022]  - The SharedAccess service hung on starting.
4/30/2013 4:56:41 PM, error: Dhcp [1002]  - The IP address lease 192.168.0.12 for the Network Card with network address 001320D2A37D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/30/2013 2:44:44 PM, error: Service Control Manager [7022]  - The Windows Search service hung on starting.
4/30/2013 12:08:50 PM, error: Service Control Manager [7000]  - The mbamchameleon service failed to start due to the following error:  The system cannot find the file specified.
4/29/2013 9:17:36 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd SBRE
4/29/2013 9:07:36 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
4/29/2013 9:07:36 AM, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/29/2013 9:07:36 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/29/2013 9:07:28 AM, error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/29/2013 9:06:52 AM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
4/29/2013 9:06:52 AM, error: Service Control Manager [7000]  - The IC Recorder Driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/29/2013 9:06:28 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/29/2013 9:06:21 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service LogMeIn with arguments "" in order to run the server: {C3ADA61A-4E0E-48D4-A2B1-AE5F76D01044}
4/29/2013 9:04:20 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2013 7:26:37 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/29/2013 11:19:24 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/28/2013 10:59:27 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/28/2013 10:58:30 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/28/2013 10:53:37 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BANTExt Fips IntelIde intelppm IPSec KLIF Lbd MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss SBRE Tcpip Vsdatant WS2IFSL
4/28/2013 10:53:37 AM, error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error:  A device attached to the system is not functioning.
4/28/2013 10:53:37 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
4/28/2013 10:53:37 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/28/2013 10:53:37 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/28/2013 10:53:37 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
4/28/2013 10:52:36 AM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
4/28/2013 10:30:48 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
4/28/2013 10:24:58 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde Lbd SBRE
4/28/2013 10:24:20 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
4/27/2013 9:52:22 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/27/2013 9:07:18 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BANTExt Fips intelppm IPSec KLIF Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss SBRE Tcpip Vsdatant WS2IFSL
4/26/2013 2:40:31 PM, error: DCOM [10000]  - Unable to start a DCOM Server: {548E275F-0290-40E7-B454-738B0C61DE60}. The error: "%193" Happened while starting this command: C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe -Embedding
4/26/2013 2:17:04 PM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
.
==== End Of File ===========================
 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by Dr Bob at 12:08:17 on 2013-05-03
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3062.2034 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vphc600.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.officeally.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
mRun: [phc600] c:\windows\vphc600.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366658193484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143744273500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mhhe.webex.com/client/T27LB/webex/ieatgpc.cab
TCP: NameServer = 98.158.162.10 98.158.167.10
TCP: Interfaces\{96E5A6F8-A489-481B-BD9B-98D1E2A095CF} : DHCPNameServer = 98.158.162.10 98.158.167.10
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: WinFax PRO IShellExecuteHook - {A213B520-C6C2-11d0-AF9D-008029E1027E} - c:\program files\symantec\winfax\WFXSEH32.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dr bob\application data\mozilla\firefox\profiles\4u87c4js.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=32CFB54192E27DB53A3A9F5099528604&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\dr bob\application data\mozilla\firefox\profiles\4u87c4js.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\documents and settings\dr bob\application data\mozilla\firefox\profiles\4u87c4js.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\dr bob\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\pdflite\npPdfViewer.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2013-04-08 18:41; {40ea9205-c535-425a-b050-2d360df5ec39}; c:\documents and settings\dr bob\application data\mozilla\firefox\profiles\4u87c4js.default\extensions\{40ea9205-c535-425a-b050-2d360df5ec39}.xpi
FF - ExtSQL: 2013-04-21 13:34; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\checkpoint\zaforcefield\TrustChecker
FF - ExtSQL: 2013-04-22 09:34; ffxtlbr@zonealarm.com; c:\documents and settings\dr bob\application data\mozilla\firefox\profiles\4u87c4js.default\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: !HIDDEN! 2007-08-02 10:44; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - dc0e7506000000000000001320d2a37d
FF - user.js: extensions.BabylonToolbar_i.hardId - dc0e7506000000000000001320d2a37d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15503
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:50:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: extensions.zonealarm.hpOld0 - about:newtab
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - dc0e7506000000000000001320d2a37d
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15816
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1110:18:46
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117735107177296-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2013-4-21 136024]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2012-4-13 28776]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-4-21 586584]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-3-27 527848]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-11-22 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-11-22 497320]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-12-18 375296]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-1-10 47640]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\vmware\vmware virtual disk development kit\bin\vstor2-mntapi10.sys [2009-11-3 22576]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-2-11 245760]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-10 27632]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-9-10 16896]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 bolucylt;bolucylt;\??\c:\windows\system32\drivers\bolucylt.sys --> c:\windows\system32\drivers\bolucylt.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9121b642bd642;Google Update Service (gupdate1c9121b642bd642);c:\program files\google\update\GoogleUpdate.exe [2008-9-8 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2008-4-1 17432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-9-10 13224]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-10-25 39048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2012-6-7 24880]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [2012-5-24 41984]
S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [2012-5-24 152064]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [2012-5-24 152192]
S3 QslFsFltr;QslFsFltr;c:\windows\system32\drivers\QslFsFltr.sys [2010-7-1 12672]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-9-10 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-9-10 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-9-10 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-9-10 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-9-10 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-9-10 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-9-10 109736]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\supserv.exe --> c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [?]
S4 QuikSync;QuikSync;c:\program files\emc corporation\v.clone\quiksync\QuikSync.exe [2010-7-1 13312]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-05-03 17:43:06    --------    d-sha-r-    C:\cmdcons
2013-05-03 17:37:20    98816    ----a-w-    c:\windows\sed.exe
2013-05-03 17:37:20    256000    ----a-w-    c:\windows\PEV.exe
2013-05-03 17:37:20    208896    ----a-w-    c:\windows\MBR.exe
2013-05-03 17:27:18    --------    d-----w-    c:\program files\Mighty Uninstaller
2013-05-01 16:22:12    --------    d-----w-    c:\program files\ACW
2013-05-01 16:22:12    --------    d-----w-    c:\documents and settings\all users\application data\ahlo
2013-04-30 22:21:08    143688    ----a-w-    c:\windows\system32\drivers\509627F6.sys
2013-04-29 23:31:08    143688    ----a-w-    c:\windows\system32\drivers\3D3660A6.sys
2013-04-29 22:49:37    --------    d-----w-    C:\MBAR
2013-04-23 00:35:09    --------    d-----w-    c:\program files\CCleaner
2013-04-21 20:33:42    136024    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-04-21 20:33:33    74584    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-04-21 17:18:42    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2013-04-21 17:18:09    --------    d-----w-    c:\documents and settings\dr bob\application data\Check Point Software Technologies LTD
2013-04-21 17:13:07    --------    d-----w-    c:\program files\CheckPoint
2013-04-19 20:45:38    --------    d-----w-    c:\documents and settings\dr bob\application data\FLEXnet
2013-04-19 19:07:51    --------    d-----w-    c:\windows\system32\MpEngineStore
2013-04-19 14:14:31    --------    d-----w-    c:\documents and settings\dr bob\local settings\application data\NCH Software
2013-04-13 16:05:27    26520    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
.
==================== Find3M  ====================
.
2013-04-04 21:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09:52    4550656    ----a-w-    c:\windows\system32\GPhotos.scr
2013-03-13 18:01:57    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:01:56    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:01:52    16486616    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06:30    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08:47    385024    ----a-w-    c:\windows\system32\html.iec
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
.
============= FINISH: 12:11:37.01 ===============

 

 

ComboFix 13-05-01.03 - Dr Bob 05/03/2013  10:51:52.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3062.2132 [GMT -7:00]
Running from: c:\documents and settings\Dr Bob\My Documents\Downloads\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hpe16.dll
c:\documents and settings\All Users\Application Data\hpe5A7.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dr Bob\Application Data\PriceGong
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\2307.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\9551.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Dr Bob\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Dr Bob\g2mdlhlpx.exe
c:\documents and settings\Dr Bob\GoToAssistDownloadHelper.exe
c:\documents and settings\Dr Bob\Local Settings\Application Data\NCH Software\ghybfpyn.dll
c:\documents and settings\Dr Bob\wawaw.exe
c:\documents and settings\Dr Bob\WINDOWS
C:\Images
c:\images\DirCfg.ini
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\system32\iSafProd.1
c:\windows\system32\msxml6.dll.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unicows.1
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-03 to 2013-05-03  )))))))))))))))))))))))))))))))
.
.
2013-05-03 17:27 . 2013-05-03 17:27    --------    d-----w-    c:\program files\Mighty Uninstaller
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\program files\ACW
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\documents and settings\All Users\Application Data\ahlo
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Windows Search
2013-04-30 22:21 . 2013-04-30 22:21    143688    ----a-w-    c:\windows\system32\drivers\509627F6.sys
2013-04-30 21:52 . 2013-04-30 21:52    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-04-29 23:31 . 2013-04-29 23:31    143688    ----a-w-    c:\windows\system32\drivers\3D3660A6.sys
2013-04-29 22:52 . 2013-05-01 16:21    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\IM
2013-04-29 22:49 . 2013-05-01 16:21    --------    d-----w-    C:\MBAR
2013-04-29 21:44 . 2013-04-29 21:44    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\OpenOffice.org
2013-04-29 18:21 . 2013-04-29 18:21    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Mozilla
2013-04-29 18:18 . 2013-04-29 18:18    --------    d-sh--w-    c:\documents and settings\Administrator.DRBOB.000\PrivacIE
2013-04-27 16:47 . 2013-04-27 16:47    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Apple Computer
2013-04-27 16:44 . 2013-04-27 16:44    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Media Player Classic
2013-04-27 16:43 . 2013-04-27 16:43    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Apple Computer
2013-04-27 16:31 . 2013-04-27 16:31    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\DivX
2013-04-27 16:25 . 2013-04-27 16:25    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Adobe
2013-04-27 16:25 . 2013-04-27 16:25    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Temp
2013-04-27 16:08 . 2013-04-27 16:08    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Malwarebytes
2013-04-27 16:08 . 2013-04-27 16:08    --------    d-sh--w-    c:\documents and settings\Administrator.DRBOB.000\IETldCache
2013-04-23 00:35 . 2013-04-23 00:35    --------    d-----w-    c:\program files\CCleaner
2013-04-21 20:33 . 2012-11-16 04:06    136024    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-04-21 20:33 . 2013-02-21 21:44    74584    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-04-21 17:18 . 2013-04-21 17:18    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2013-04-21 17:18 . 2013-04-21 17:18    --------    d-----w-    c:\documents and settings\Dr Bob\Application Data\Check Point Software Technologies LTD
2013-04-21 17:13 . 2013-04-21 20:33    --------    d-----w-    c:\program files\CheckPoint
2013-04-19 20:45 . 2013-04-19 20:45    --------    d-----w-    c:\documents and settings\Dr Bob\Application Data\FLEXnet
2013-04-19 19:31 . 2013-04-19 19:31    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\NCH Software
2013-04-19 19:07 . 2013-04-20 06:18    --------    d-----w-    c:\windows\system32\MpEngineStore
2013-04-19 16:49 . 2013-04-19 16:49    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
2013-04-19 14:14 . 2013-05-03 18:03    --------    d-----w-    c:\documents and settings\Dr Bob\Local Settings\Application Data\NCH Software
2013-04-13 16:05 . 2013-04-13 16:05    26520    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 21:50 . 2013-01-23 00:18    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\system32\GPhotos.scr
2013-03-13 18:01 . 2012-04-11 16:20    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:01 . 2011-05-25 19:48    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:01 . 2013-02-07 20:58    16486616    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2004-08-10 18:51    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-10 18:51    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 04:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-10 18:51    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-10 18:51    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-10 18:51    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-10 18:51    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-10 18:51    385024    ----a-w-    c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-10 19:01    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-18 16:14    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-10 18:51    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2010-11-30 18:06 . 2012-10-29 17:59    288568    ----a-w-    c:\program files\mozilla firefox\plugins\ieatgpc.dll
2013-04-13 16:05 . 2012-10-29 17:59    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phc600"="c:\windows\vphc600.exe" [2006-10-16 344064]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2009-10-22 64048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-11-29 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-03-04 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-11-15 1690824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-07 20:04    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-12-18 17:33    92664    ----a-w-    c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Configuration Wizard.lnk]
backup=c:\windows\pss\Configuration Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IncrediMail.lnk]
backup=c:\windows\pss\IncrediMail.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^STK02N 2.4 PNP Monitor.lnk]
backup=c:\windows\pss\STK02N 2.4 PNP Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin600.exe.lnk
backup=c:\windows\pss\TrayMin600.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Dr Bob\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^IncMail.lnk]
backup=c:\windows\pss\IncMail.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dr Bob\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-12 03:54    623992    ----a-w-    c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-04-20 15:03    149024    -c--a-w-    c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-08-11 01:59    4440896    ----a-w-    c:\documents and settings\Dr Bob\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-03-04 04:05    139264    ------w-    c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-03-16 12:33    127037    ----a-w-    c:\windows\system32\DLA\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-08-24 10:18    437160    ----a-w-    c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-03-12 15:39    169472    ----a-w-    c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-22 08:03    116648    ----atw-    c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 14:00    33648    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 21:38    49152    -c--a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46    77824    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50    114688    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49    94208    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2012-03-12 17:34    366024    ----a-w-    c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-09 08:37    46368    ----a-w-    c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10    1688872    ----a-w-    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44    249856    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-11-22 14:32    738984    ----a-w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16    421160    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21    2213160    -c--a-w-    c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57    153136    -c--a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-09 08:42    29984    ----a-w-    c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-06 03:11    62752    ----a-w-    c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-06 04:11    636192    ----a-w-    c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2012-09-26 16:25    499352    ----a-w-    c:\program files\real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-02-04 00:32    160328    ----a-w-    c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11    25623336    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07    2260480    ------w-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 23:00    155648    ----a-w-    c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-23 18:03    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-26 16:25    296096    ----a-w-    c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-03-22 13:07    248208    ----a-w-    c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
2012-02-24 16:00    4550656    ----a-w-    c:\program files\TuneClone\TuneClone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-02-15 01:36    43008    ----a-w-    c:\windows\system32\WFXSNT40.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NetSvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ICDSPTSV"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9121b642bd642"=2 (0x2)
"DSBrokerService"=3 (0x3)
"comHost"=3 (0x3)
"CaCCProvSP"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"OMSI download service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"vToolbarUpdater12.2.6"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.UtilitiesSvc"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"QuikSync"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"IswSvc"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"GoToAssist"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"BrYNSvc"=3 (0x3)
"vsmon"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [4/13/2012 5:01 PM 28776]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/22/2012 7:33 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/22/2012 7:33 AM 497320]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/18/2012 10:32 AM 375296]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/29/2012 12:56 PM 12856]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/22/2013 6:07 AM 93072]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:45 AM 70704]
R2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [11/3/2009 2:30 PM 22576]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/11/2013 1:12 PM 245760]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/10/2009 12:18 PM 27632]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [9/10/2009 1:13 PM 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 bolucylt;bolucylt;\??\c:\windows\system32\drivers\bolucylt.sys --> c:\windows\system32\drivers\bolucylt.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9121b642bd642;Google Update Service (gupdate1c9121b642bd642);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2008 6:28 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [4/1/2008 11:45 AM 17432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/10/2009 5:18 PM 13224]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/25/2007 1:41 PM 39048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [6/7/2012 2:40 PM 24880]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [5/24/2012 5:10 PM 41984]
S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [5/24/2012 5:10 PM 152064]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [5/24/2012 5:11 PM 152192]
S3 QslFsFltr;QslFsFltr;c:\windows\system32\drivers\QslFsFltr.sys [7/1/2010 8:10 AM 12672]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [9/10/2009 12:18 PM 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [9/10/2009 12:18 PM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [9/10/2009 12:18 PM 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [9/10/2009 12:18 PM 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [9/10/2009 12:18 PM 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [9/10/2009 12:18 PM 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [9/10/2009 12:18 PM 109736]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe --> c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [?]
S4 QuikSync;QuikSync;c:\program files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [7/1/2010 8:11 AM 13312]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 4:47 AM 563760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 23:04    8192    ----a-w-    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:02]
.
2013-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 19:54]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 01:27]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 01:27]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146598566-1566181165-130727931-1006Core.job
- c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-30 08:03]
.
2013-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146598566-1566181165-130727931-1006UA.job
- c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-30 08:03]
.
2013-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-146598566-1566181165-130727931-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2013-05-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-146598566-1566181165-130727931-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.officeally.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 98.158.162.10 98.158.167.10
FF - ProfilePath - c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=32CFB54192E27DB53A3A9F5099528604&q=
FF - ExtSQL: 2013-04-08 18:41; {40ea9205-c535-425a-b050-2d360df5ec39}; c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\{40ea9205-c535-425a-b050-2d360df5ec39}.xpi
FF - ExtSQL: 2013-04-21 13:34; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-04-22 09:34; ffxtlbr@zonealarm.com; c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: !HIDDEN! 2007-08-02 10:44; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - dc0e7506000000000000001320d2a37d
FF - user.js: extensions.BabylonToolbar_i.hardId - dc0e7506000000000000001320d2a37d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15503
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: extensions.zonealarm.hpOld0 - about:newtab
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - dc0e7506000000000000001320d2a37d
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15816
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1110:18
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117735107177296-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=826a67b8e8144e3ca03dd256368bf798&tu=10G90007g2B0008&sku=&tstsId=&ver=&
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-NCH Software - c:\documents and settings\Dr Bob\Local Settings\Application Data\NCH Software\ghybfpyn.dll
HKLM-Run-SigmatelSysTrayApp - stsystra.exe
MSConfigStartUp-Anti-phishing Domain Advisor - c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
MSConfigStartUp-cctray - c:\recycler\S-1-5-21-146598566-1566181165-130727931-500\Dc1\cctray\cctray.exe
MSConfigStartUp-com.codeode - c:\program files\Cactus Spam Filter 2.13\cactusspamfilter.exe
MSConfigStartUp-DiscWizardMonitor - (no file)
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-MaxBlastMonitor - (no file)
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-Primal 3D Anatomy - Muscles, Testing and Function - c:\program files\Primal 3D Anatomy\Primal 3D Anatomy - Muscles
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-03 11:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  NCH Software = RUNDLL32.EXE "c:\documents and settings\Dr Bob\Local Settings\Application Data\NCH Software\ghybfpyn.dll",DllRegisterServer??????????
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
.
[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1152)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\WFXSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Symantec\WinFax\WFXMOD32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\ssmypics.scr
c:\windows\system32\SearchFilterHost.exe
c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
.
**************************************************************************
.
Completion time: 2013-05-03  11:25:43 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-03 18:25
.
Pre-Run: 14,460,727,296 bytes free
Post-Run: 11,751,804,928 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 14C365E8EA16BED9ACF9E878E7E5AEFB
 

Attached Files


Edited by drbobj, 03 May 2013 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 06 May 2013 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 07 May 2013 - 01:26 PM

nasdaq,

 

Thank you for your help. I have run the scans and will post the logs below. As I mentioned in my initial post an IT friend had recommended that I run combofix so I did. That was before I read this forum and saw that I am not supposed to run combofix before asked. Since I already had run it when I ran it again it said that the time had expired and it would run in reduced function mode. I don't know if that makes a difference or if I can do anything to run it in full mode.

 

The other thing is I did a scan with zonealarm and it found two viruses but it did not get rid of them, the treat button was greyed out or disabled. I don't know if this is related to a virus or not. I have a screen image but I'm not sure how to insert it in this message.

 

Also when I try to run windows update the update shows as 0KB and when I click on instal it fails see below. Also I don't know if this is related to a virus or not.

 

Thanks again and I will past the logs below

 

 

   

Review Your Installation Results
The software upgrade is complete
You can now use the website to find and install the latest updates for your computer.

Continue
More high-priority updates are available
Your computer might be at risk until you install them. Check for the remaining updates and install them now.
 
Restart now to finish installing updates
Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now.

Installation Summary

success-sm.gif  Successful: 0 failed-sm.gif  Failed: 1 remaining-sm.gif  Remaining: 0 success-lg.gifSuccessful Updates   failed-lg.gifFailed Updates
For help installing an update successfully, see the solution under each problem description.
 

Problem: End User License Agreement (EULA) Not Accepted
Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.
Problem: Not Enough Disk Space
Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.
Problem: Automatic Updates is currently installing updates
Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.
Note: To view Automatic Updates progress, click the updating icon in your System Tray.
Problem: Please check your update history for a description.
Microsoft Windows XP
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

 

# AdwCleaner v2.300 - Logfile created 05/06/2013 at 16:46:33
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dr Bob - DRBOB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dr Bob\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Dr Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
File Deleted : C:\Documents and Settings\All Users\Desktop\Get The Best Facebook Chat Messenger.lnk
File Deleted : C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\searchplugins\Ask.xml
File Deleted : C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\searchplugins\zonealarm.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\blekko
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\CT2724386
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\searchcom_001
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Dr Bob\Application Data\searchcom_001
Folder Deleted : C:\Documents and Settings\Dr Bob\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Dr Bob\Local Settings\Application Data\searchcom_001
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\searchcom_001
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E908B145-C847-4E85-B315-07E2E70DECF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Features\81337C0DA4B761D40A4CB3380F57AE88
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80987362-6216-49BC-98E4-77E6CF71A5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\prefs.js

C:\Documents and Settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\user.js ... Deleted !

Deleted : user_pref("CT2724386.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2724386.ToolbarDisabled", true);
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=060612_5_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "dc0e7506000000000000001320d2a37d");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "dc0e7506000000000000001320d2a37d");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15503");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:50:30");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

File : C:\Documents and Settings\Administrator.DRBOB.000\Application Data\Mozilla\Firefox\Profiles\9529zmjw.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Dr Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17326 octets] - [06/05/2013 16:20:20]
AdwCleaner[S1].txt - [16882 octets] - [06/05/2013 16:46:33]

########## EOF - C:\AdwCleaner[S1].txt - [16943 octets] ##########

 

ComboFix 13-05-01.03 - Dr Bob 05/06/2013  17:20:32.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3062.2207 [GMT -7:00]
Running from: c:\documents and settings\Dr Bob\My Documents\Downloads\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\bszip.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-07 to 2013-05-07  )))))))))))))))))))))))))))))))
.
.
2013-05-03 17:27 . 2013-05-03 17:27    --------    d-----w-    c:\program files\Mighty Uninstaller
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\program files\ACW
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\documents and settings\All Users\Application Data\ahlo
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Windows Search
2013-04-30 22:21 . 2013-04-30 22:21    143688    ----a-w-    c:\windows\system32\drivers\509627F6.sys
2013-04-29 23:31 . 2013-04-29 23:31    143688    ----a-w-    c:\windows\system32\drivers\3D3660A6.sys
2013-04-29 22:52 . 2013-05-01 16:21    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\IM
2013-04-29 22:49 . 2013-05-01 16:21    --------    d-----w-    C:\MBAR
2013-04-29 21:44 . 2013-04-29 21:44    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\OpenOffice.org
2013-04-29 18:21 . 2013-04-29 18:21    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Mozilla
2013-04-29 18:18 . 2013-04-29 18:18    --------    d-sh--w-    c:\documents and settings\Administrator.DRBOB.000\PrivacIE
2013-04-27 16:47 . 2013-04-27 16:47    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Apple Computer
2013-04-27 16:44 . 2013-04-27 16:44    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Media Player Classic
2013-04-27 16:43 . 2013-04-27 16:43    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Apple Computer
2013-04-27 16:31 . 2013-04-27 16:31    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\DivX
2013-04-27 16:25 . 2013-04-27 16:25    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Adobe
2013-04-27 16:25 . 2013-04-27 16:25    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Temp
2013-04-27 16:08 . 2013-04-27 16:08    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Malwarebytes
2013-04-27 16:08 . 2013-04-27 16:08    --------    d-sh--w-    c:\documents and settings\Administrator.DRBOB.000\IETldCache
2013-04-23 00:35 . 2013-04-23 00:35    --------    d-----w-    c:\program files\CCleaner
2013-04-21 20:33 . 2012-11-16 04:06    136024    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-04-21 20:33 . 2013-02-21 21:44    74584    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-04-21 17:18 . 2013-04-21 17:18    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2013-04-21 17:18 . 2013-04-21 17:18    --------    d-----w-    c:\documents and settings\Dr Bob\Application Data\Check Point Software Technologies LTD
2013-04-21 17:13 . 2013-04-21 20:33    --------    d-----w-    c:\program files\CheckPoint
2013-04-19 20:45 . 2013-04-19 20:45    --------    d-----w-    c:\documents and settings\Dr Bob\Application Data\FLEXnet
2013-04-19 19:31 . 2013-04-19 19:31    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\NCH Software
2013-04-19 19:07 . 2013-04-20 06:18    --------    d-----w-    c:\windows\system32\MpEngineStore
2013-04-19 16:49 . 2013-04-19 16:49    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
2013-04-19 14:14 . 2013-05-03 18:03    --------    d-----w-    c:\documents and settings\Dr Bob\Local Settings\Application Data\NCH Software
2013-04-13 16:05 . 2013-04-13 16:05    26520    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 21:50 . 2013-01-23 00:18    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\system32\GPhotos.scr
2013-03-13 18:01 . 2012-04-11 16:20    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:01 . 2011-05-25 19:48    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:01 . 2013-02-07 20:58    16486616    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2004-08-10 18:51    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-10 18:51    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 04:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-10 18:51    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-10 18:51    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-10 18:51    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-10 18:51    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-10 18:51    385024    ----a-w-    c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-10 19:01    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-18 16:14    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-10 18:51    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2010-11-30 18:06 . 2012-10-29 17:59    288568    ----a-w-    c:\program files\mozilla firefox\plugins\ieatgpc.dll
2013-04-13 16:05 . 2012-10-29 17:59    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phc600"="c:\windows\vphc600.exe" [2006-10-16 344064]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2009-10-22 64048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-11-29 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-03-04 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-11-15 1690824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-07 20:04    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-12-18 17:33    92664    ----a-w-    c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Configuration Wizard.lnk]
backup=c:\windows\pss\Configuration Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IncrediMail.lnk]
backup=c:\windows\pss\IncrediMail.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^STK02N 2.4 PNP Monitor.lnk]
backup=c:\windows\pss\STK02N 2.4 PNP Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin600.exe.lnk
backup=c:\windows\pss\TrayMin600.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Dr Bob\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^IncMail.lnk]
backup=c:\windows\pss\IncMail.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dr Bob\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-12 03:54    623992    ----a-w-    c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-04-20 15:03    149024    -c--a-w-    c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-08-11 01:59    4440896    ----a-w-    c:\documents and settings\Dr Bob\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-03-04 04:05    139264    ------w-    c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-03-16 12:33    127037    ----a-w-    c:\windows\system32\DLA\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-08-24 10:18    437160    ----a-w-    c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-03-12 15:39    169472    ----a-w-    c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-22 08:03    116648    ----atw-    c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 14:00    33648    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 21:38    49152    -c--a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46    77824    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50    114688    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49    94208    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2012-03-12 17:34    366024    ----a-w-    c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-09 08:37    46368    ----a-w-    c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10    1688872    ----a-w-    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44    249856    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-11-22 14:32    738984    ----a-w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16    421160    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21    2213160    -c--a-w-    c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57    153136    -c--a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-09 08:42    29984    ----a-w-    c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-06 03:11    62752    ----a-w-    c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-06 04:11    636192    ----a-w-    c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2012-09-26 16:25    499352    ----a-w-    c:\program files\real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-02-04 00:32    160328    ----a-w-    c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11    25623336    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07    2260480    ------w-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 23:00    155648    ----a-w-    c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-23 18:03    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-26 16:25    296096    ----a-w-    c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-03-22 13:07    248208    ----a-w-    c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
2012-02-24 16:00    4550656    ----a-w-    c:\program files\TuneClone\TuneClone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-02-15 01:36    43008    ----a-w-    c:\windows\system32\WFXSNT40.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NetSvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ICDSPTSV"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9121b642bd642"=2 (0x2)
"DSBrokerService"=3 (0x3)
"comHost"=3 (0x3)
"CaCCProvSP"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"OMSI download service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"vToolbarUpdater12.2.6"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.UtilitiesSvc"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"QuikSync"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"IswSvc"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"GoToAssist"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"BrYNSvc"=3 (0x3)
"vsmon"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [4/13/2012 5:01 PM 28776]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/22/2012 7:33 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/22/2012 7:33 AM 497320]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/18/2012 10:32 AM 375296]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/29/2012 12:56 PM 12856]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/22/2013 6:07 AM 93072]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:45 AM 70704]
R2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [11/3/2009 2:30 PM 22576]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/11/2013 1:12 PM 245760]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/10/2009 12:18 PM 27632]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [9/10/2009 1:13 PM 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 bolucylt;bolucylt;\??\c:\windows\system32\drivers\bolucylt.sys --> c:\windows\system32\drivers\bolucylt.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9121b642bd642;Google Update Service (gupdate1c9121b642bd642);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2008 6:28 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [4/1/2008 11:45 AM 17432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/10/2009 5:18 PM 13224]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/25/2007 1:41 PM 39048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [6/7/2012 2:40 PM 24880]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [5/24/2012 5:10 PM 41984]
S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [5/24/2012 5:10 PM 152064]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [5/24/2012 5:11 PM 152192]
S3 QslFsFltr;QslFsFltr;c:\windows\system32\drivers\QslFsFltr.sys [7/1/2010 8:10 AM 12672]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [9/10/2009 12:18 PM 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [9/10/2009 12:18 PM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [9/10/2009 12:18 PM 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [9/10/2009 12:18 PM 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [9/10/2009 12:18 PM 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [9/10/2009 12:18 PM 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [9/10/2009 12:18 PM 109736]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe --> c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [?]
S4 QuikSync;QuikSync;c:\program files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [7/1/2010 8:11 AM 13312]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 4:47 AM 563760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 23:04    8192    ----a-w-    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:02]
.
2013-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 19:54]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 01:27]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 01:27]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146598566-1566181165-130727931-1006Core.job
- c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-30 08:03]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146598566-1566181165-130727931-1006UA.job
- c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-30 08:03]
.
2013-05-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-146598566-1566181165-130727931-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2013-05-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-146598566-1566181165-130727931-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.officeally.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=32CFB54192E27DB53A3A9F5099528604&q=
FF - ExtSQL: 2013-04-08 18:41; {40ea9205-c535-425a-b050-2d360df5ec39}; c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\{40ea9205-c535-425a-b050-2d360df5ec39}.xpi
FF - ExtSQL: 2013-04-21 13:34; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-04-22 09:34; ffxtlbr@zonealarm.com; c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: !HIDDEN! 2007-08-02 10:44; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-searchcom_001 - c:\program files\searchcom_001\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-06 17:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
.
[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1128)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1296)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2013-05-06  17:39:08
ComboFix-quarantined-files.txt  2013-05-07 00:38
ComboFix2.txt  2013-05-03 18:25
.
Pre-Run: 11,639,431,168 bytes free
Post-Run: 11,623,526,400 bytes free
.
- - End Of File - - 988FC89598F6289E3F6AC363A8AF4EBE

 

 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 ZoneAlarm Free Antivirus + Firewall  
 ZoneAlarm Antivirus     
 ZoneAlarm Firewall     
 ZoneAlarm LTD Toolbar    
 ZoneAlarm Security Toolbar    
 ZoneAlarm Security     
 StudyWare - Fundamentals of Anatomy and Physiology
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 7  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (for.)
````````Process Check: objlist.exe by Laurent````````  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
 


Edited by drbobj, 07 May 2013 - 01:30 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 07 May 2013 - 01:41 PM

Open notepad and copy/paste the text in the quote box below into it:
 
File:
c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\{40ea9205-c535-425a-b050-2d360df5ec39}.xpi

Driver::
bolucylt

Firefox::
FF - ExtSQL: 2013-04-08 18:41; {40ea9205-c535-425a-b050-2d360df5ec39}; c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\{40ea9205-c535-425a-b050-2d360df5ec39}.xpi

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.
==================================

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 7

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)

Remove also these old version of Flash is still present.
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.6.602.180
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please post the Combofix log and let me know if the problem persists.

#5 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 08 May 2013 - 12:15 PM

I started combofix with the CFScript as instructed. I started it Tues at around 3PM and as of 10AM today Wed it is still running it is at stage 48. If I remember right there are 49 stages. I will let it keep running hopefully it will finish soon.

 

Now it is almost 3 hours later and it copmleted step 50 I guess there are more than 49 steps


Edited by drbobj, 08 May 2013 - 02:46 PM.


#6 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 08 May 2013 - 04:56 PM

After about 24 hours Combofix finished below is the log

 

I tried to run windows update again and it still fails. I'm running a zone alarm scan to see how that works.

 

ComboFix 13-05-07.02 - Dr Bob 05/07/2013  15:04:44.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3062.2156 [GMT -7:00]
Running from: c:\documents and settings\Dr Bob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dr Bob\Desktop\CFScript.txt
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\DRBOB~1\LOCALS~1\Temp\install_reader11_en_mssd_aih.exe
c:\documents and settings\Dr Bob\Local Settings\Temp\install_reader11_en_mssd_aih.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bolucylt
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-08 to 2013-05-08  )))))))))))))))))))))))))))))))
.
.
2013-05-08 20:00 . 2013-05-08 20:01    61304    ----a-w-    c:\documents and settings\Dr Bob\g2mdlhlpx.exe
2013-05-08 19:50 . 2013-05-08 19:49    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-05-08 19:49 . 2013-05-08 19:49    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\program files\ACW
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\documents and settings\All Users\Application Data\ahlo
2013-05-01 16:22 . 2013-05-01 16:22    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Windows Search
2013-04-30 22:21 . 2013-04-30 22:21    143688    ----a-w-    c:\windows\system32\drivers\509627F6.sys
2013-04-29 23:31 . 2013-04-29 23:31    143688    ----a-w-    c:\windows\system32\drivers\3D3660A6.sys
2013-04-29 22:52 . 2013-05-01 16:21    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\IM
2013-04-29 22:49 . 2013-05-01 16:21    --------    d-----w-    C:\MBAR
2013-04-29 21:44 . 2013-04-29 21:44    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\OpenOffice.org
2013-04-29 18:21 . 2013-04-29 18:21    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Mozilla
2013-04-29 18:18 . 2013-04-29 18:18    --------    d-sh--w-    c:\documents and settings\Administrator.DRBOB.000\PrivacIE
2013-04-27 16:47 . 2013-04-27 16:47    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Apple Computer
2013-04-27 16:44 . 2013-04-27 16:44    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Media Player Classic
2013-04-27 16:43 . 2013-04-27 16:43    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Apple Computer
2013-04-27 16:31 . 2013-04-27 16:31    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\DivX
2013-04-27 16:25 . 2013-04-27 16:25    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Adobe
2013-04-27 16:25 . 2013-04-27 16:25    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Local Settings\Application Data\Temp
2013-04-27 16:08 . 2013-04-27 16:08    --------    d-----w-    c:\documents and settings\Administrator.DRBOB.000\Application Data\Malwarebytes
2013-04-27 16:08 . 2013-04-27 16:08    --------    d-sh--w-    c:\documents and settings\Administrator.DRBOB.000\IETldCache
2013-04-23 00:35 . 2013-04-23 00:35    --------    d-----w-    c:\program files\CCleaner
2013-04-21 20:33 . 2012-11-16 04:06    136024    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-04-21 20:33 . 2013-02-21 21:44    74584    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-04-21 17:18 . 2013-04-21 17:18    --------    d-----w-    c:\program files\Check Point Software Technologies LTD
2013-04-21 17:18 . 2013-04-21 17:18    --------    d-----w-    c:\documents and settings\Dr Bob\Application Data\Check Point Software Technologies LTD
2013-04-21 17:13 . 2013-04-21 20:33    --------    d-----w-    c:\program files\CheckPoint
2013-04-19 20:45 . 2013-04-19 20:45    --------    d-----w-    c:\documents and settings\Dr Bob\Application Data\FLEXnet
2013-04-19 19:31 . 2013-04-19 19:31    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\NCH Software
2013-04-19 19:07 . 2013-04-20 06:18    --------    d-----w-    c:\windows\system32\MpEngineStore
2013-04-19 16:49 . 2013-04-19 16:49    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
2013-04-19 14:14 . 2013-05-03 18:03    --------    d-----w-    c:\documents and settings\Dr Bob\Local Settings\Application Data\NCH Software
2013-04-13 16:05 . 2013-04-13 16:05    26520    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-08 19:49 . 2012-10-09 17:42    866720    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-05-08 19:49 . 2010-08-24 23:43    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-05-08 19:30 . 2012-04-11 16:20    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-08 19:30 . 2011-05-25 19:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 21:50 . 2013-01-23 00:18    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09    4550656    ----a-w-    c:\windows\system32\GPhotos.scr
2013-03-13 18:01 . 2013-02-07 20:58    16486616    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2004-08-10 18:51    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-10 18:51    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 04:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-10 18:51    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-10 18:51    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-10 18:51    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-10 18:51    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-10 18:51    385024    ----a-w-    c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-10 19:01    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-18 16:14    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-10 18:51    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2010-11-30 18:06 . 2012-10-29 17:59    288568    ----a-w-    c:\program files\mozilla firefox\plugins\ieatgpc.dll
2013-04-13 16:05 . 2012-10-29 17:59    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2013-03-22 248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phc600"="c:\windows\vphc600.exe" [2006-10-16 344064]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2009-10-22 64048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-11-29 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-03-04 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-11-15 1690824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-07 20:04    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-12-18 17:33    92664    ----a-w-    c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Configuration Wizard.lnk]
backup=c:\windows\pss\Configuration Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IncrediMail.lnk]
backup=c:\windows\pss\IncrediMail.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^STK02N 2.4 PNP Monitor.lnk]
backup=c:\windows\pss\STK02N 2.4 PNP Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin600.exe.lnk
backup=c:\windows\pss\TrayMin600.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Dr Bob\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^IncMail.lnk]
backup=c:\windows\pss\IncMail.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dr Bob^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dr Bob\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-12 03:54    623992    ----a-w-    c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-04-20 15:03    149024    -c--a-w-    c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-08-11 01:59    4440896    ----a-w-    c:\documents and settings\Dr Bob\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-03-04 04:05    139264    ------w-    c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-03-16 12:33    127037    ----a-w-    c:\windows\system32\DLA\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-08-24 10:18    437160    ----a-w-    c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-03-12 15:39    169472    ----a-w-    c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-22 08:03    116648    ----atw-    c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 14:00    33648    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 21:38    49152    -c--a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 02:46    77824    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50    114688    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49    94208    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2012-03-12 17:34    366024    ----a-w-    c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-09 08:37    46368    ----a-w-    c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10    1688872    ----a-w-    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44    249856    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-11-22 14:32    738984    ----a-w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16    421160    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21    2213160    -c--a-w-    c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57    153136    -c--a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-09 08:42    29984    ----a-w-    c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-06 03:11    62752    ----a-w-    c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-06 04:11    636192    ----a-w-    c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2012-09-26 16:25    499352    ----a-w-    c:\program files\real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-02-04 00:32    160328    ----a-w-    c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11    25623336    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07    2260480    ------w-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 23:00    155648    ----a-w-    c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-23 18:03    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-26 16:25    296096    ----a-w-    c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-03-22 13:07    248208    ----a-w-    c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
2012-02-24 16:00    4550656    ----a-w-    c:\program files\TuneClone\TuneClone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-02-15 01:36    43008    ----a-w-    c:\windows\system32\WFXSNT40.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NetSvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ICDSPTSV"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9121b642bd642"=2 (0x2)
"DSBrokerService"=3 (0x3)
"comHost"=3 (0x3)
"CaCCProvSP"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"OMSI download service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"vToolbarUpdater12.2.6"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"TuneUp.UtilitiesSvc"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"QuikSync"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"IswSvc"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"GoToAssist"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"BrYNSvc"=3 (0x3)
"vsmon"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [4/13/2012 5:01 PM 28776]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/22/2012 7:33 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/22/2012 7:33 AM 497320]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/18/2012 10:32 AM 375296]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/29/2012 12:56 PM 12856]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/22/2013 6:07 AM 93072]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:45 AM 70704]
R2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [11/3/2009 2:30 PM 22576]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/11/2013 1:12 PM 245760]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/10/2009 12:18 PM 27632]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [9/10/2009 1:13 PM 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9121b642bd642;Google Update Service (gupdate1c9121b642bd642);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2008 6:28 PM 133104]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [4/1/2008 11:45 AM 17432]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/10/2009 5:18 PM 13224]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [10/25/2007 1:41 PM 39048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [9/28/2009 9:55 AM 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [6/7/2012 2:40 PM 24880]
S3 PTHDRBUS;PANTECH Handset HSUSB Composite Device;c:\windows\system32\drivers\PTHDRBUS.sys [5/24/2012 5:10 PM 41984]
S3 PTHDRMDM;PANTECH HSUSB Modem;c:\windows\system32\drivers\PTHDRMDM.sys [5/24/2012 5:10 PM 152064]
S3 PTHDRVSP;PANTECH HSUSB Diagnostic Serial Port;c:\windows\system32\drivers\PTHDRVSP.sys [5/24/2012 5:11 PM 152192]
S3 QslFsFltr;QslFsFltr;c:\windows\system32\drivers\QslFsFltr.sys [7/1/2010 8:10 AM 12672]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [9/10/2009 12:18 PM 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [9/10/2009 12:18 PM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [9/10/2009 12:18 PM 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [9/10/2009 12:18 PM 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [9/10/2009 12:18 PM 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [9/10/2009 12:18 PM 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [9/10/2009 12:18 PM 109736]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe --> c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [?]
S4 QuikSync;QuikSync;c:\program files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe [7/1/2010 8:11 AM 13312]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 4:47 AM 563760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 23:04    8192    ----a-w-    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:30]
.
2013-05-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 19:54]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 01:27]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 01:27]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146598566-1566181165-130727931-1006Core.job
- c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-30 08:03]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146598566-1566181165-130727931-1006UA.job
- c:\documents and settings\Dr Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-30 08:03]
.
2013-05-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-146598566-1566181165-130727931-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2013-05-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-146598566-1566181165-130727931-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.officeally.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 98.158.162.10 98.158.167.10
FF - ProfilePath - c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: 2013-04-08 18:41; {40ea9205-c535-425a-b050-2d360df5ec39}; c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\{40ea9205-c535-425a-b050-2d360df5ec39}.xpi
FF - ExtSQL: 2013-04-21 13:34; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-08 14:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8a,1b,92,24,f8,ef,43,a1,59,25,\
.
[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1856)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1976)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(848)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\documents and settings\Dr Bob\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\WFXSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Symantec\WinFax\WFXMOD32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\ssmypics.scr
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2013-05-08  14:25:00 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-08 21:24
ComboFix2.txt  2013-05-07 00:39
ComboFix3.txt  2013-05-03 18:25
.
Pre-Run: 11,304,529,920 bytes free
Post-Run: 9,885,224,960 bytes free
.
- - End Of File - - 47143E7C4BC38908E1FF70052C659855



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 09 May 2013 - 07:32 AM

This is still around.

If the file in bold is still present, close Firefox and delete it.

FF - ExtSQL: 2013-04-08 18:41; {40ea9205-c535-425a-b050-2d360df5ec39}; c:\documents and settings\Dr Bob\Application Data\Mozilla\Firefox\Profiles\4u87c4js.default\extensions\{40ea9205-c535-425a-b050-2d360df5ec39}.xpi

===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Lets check on your Microsoft update problem.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#8 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 09 May 2013 - 01:48 PM

The file was there so I deleted it and deleted it from the recycle bin.

 

Here are the JRT and FSS logs

 

Thanks again for your help

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Dr Bob on Thu 05/09/2013 at 11:19:02.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Dr Bob\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Documents and Settings\Dr Bob\Local Settings\Application Data\google\chrome\user data\default\extensions\cdjbnddbclciabnckgeahmneohjlahdm"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Dr Bob\Application Data\mozilla\firefox\profiles\4u87c4js.default\extensions\LogMeInClient@logmein.com
Successfully deleted the following from C:\Documents and Settings\Dr Bob\Application Data\mozilla\firefox\profiles\4u87c4js.default\prefs.js

user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Documents and Settings\Dr Bob\Application Data\mozilla\firefox\profiles\4u87c4js.default\minidumps [2 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/09/2013 at 11:32:58.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Farbar Service Scanner Version: 14-04-2013
Ran by Dr Bob (administrator) on 09-05-2013 at 11:14:14
Running from "C:\Documents and Settings\Dr Bob\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) VMnetBridge(11)
0x0D0000000C0000000400000001000000020000000300000008000000090000005A0000000A0000000500000006000000070000000B000000


**** End of log ****



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 10 May 2013 - 06:26 AM

I tried to run windows update again and it still fails

Is this still an issue?

In the affirmative, do you have an error message that you can post for my review.

#10 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 10 May 2013 - 12:27 PM

Yes the windows update is still not working. I do not get an error message per say. This is what I cut and pasted from the screen

 

Review and Install Updates

Install Updates Download size (total): 0 KB *
Estimated time at your connection speed: 0 minutes *
(*Downloaded; ready to install)
info_16x.gif
Restore and Check Again Only selected updates will appear the next time you check for updates.  
 
 
High-priority updates
Microsoft Windows XP

Download size: 0 KB , 0 minutes  (Downloaded; ready to install)  info_16x.gif
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.  Details...

 

Even though it shows 0KB to install when I click on install then I get this on the screen.

 

The following updates were not installed

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

 

When I close that window then I get this

 

Review Your Installation Results
The software upgrade is complete
You can now use the website to find and install the latest updates for your computer.

Continue
More high-priority updates are available
Your computer might be at risk until you install them. Check for the remaining updates and install them now.

Restart now to finish installing updates
Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now.

Installation Summary
success-sm.gif  Successful: 0 failed-sm.gif  Failed: 1 remaining-sm.gif  Remaining: 0 success-lg.gif Successful Updates   failed-lg.gif Failed Updates
For help installing an update successfully, see the solution under each problem description.
 
Problem: End User License Agreement (EULA) Not Accepted
Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.
Problem: Not Enough Disk Space
Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.
Problem: Automatic Updates is currently installing updates
Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.
Note: To view Automatic Updates progress, click the updating icon in your System Tray.
Problem: Please check your update history for a description.
Microsoft Windows XP
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

 

On a windows support forum I found instructions on how to restore Microsoft .NET framework 3.5 SP1 in add remove programs in control panel. I did that and no change.

 

I found some windows update repair tools online but I did not want to download anything that I was not sure about the source. Are there any you would recommend?

 

Here is one I found

http://error-fix.com/b/windows-update-error.php?C=TAG&sq=windows%20update&kw=windows%20update&mt=e&ad=9X



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 10 May 2013 - 01:42 PM


Run the Fix me button on this page.
http://support.microsoft.com/kb/971058

If that fails, expand this note on the same page.
Diagnose by using the automated troubleshooter

Expand the Windows XP, Windows Vista and Windows 7 section.
Run the fix.

If still an issue post any logs you can find.

#12 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 13 May 2013 - 02:30 PM

I have run the fix me actually I had tried it a few weeks ago also

 

When I ran it this time here is what happened

 

Windows Updtade components must be repaired and over to the right it indicated with a green check mark or something like that, that they had been fixed
when I click on view report details it is blank

The windows update still does not work.

In in the fixit window I clicked that the problem is not fixed and it directed me to fixit center online and to download fixitcenter_run.exe which I think I had already tried but I'll try it again

When I try to instal the downloaded file a window opens and it says

Fix it Center Setup encountered an error
An unexpected error has occured. Please close and try to run Setup again later

These are the fixit files that I downloaded and ran previously and the problem persists
MicrosoftFixit.wu.LB.107289907334519632.2.1.Run.exe
MicrosoftFixit.wu.LB.136291637738761622.7.1.Run.exe
MicrosoftFixit.wu.LB.133291901816563271.1.1.Run.exe
FixitCenter_Run(1).exe


This is the last one I just ran
MicrosoftFixit.wu.MATSKB.Run.exe
After running it opened a window and said there are no issues that need to be fixed

When I click on get more solutions online it takes me to the a fixit window where I click on try it for free then it prompts me to download another fixit file similar to the ones I already downloaded and ran see the list above.

I don't know if this windows update is related to a virus or if it is important to fix.

I have always heard that it is important to keep windows updated for security reasons
   



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 14 May 2013 - 07:00 AM

Check the settings for the BITS (Background Intelligent Transfer Service).

Click the start button then click RUN...
Type in services.msc then ok

Scroll down the list to Background Intelligent Transfer Service and double click it to open the properties box.
On the general tab, the start up type should be set to manual or automatic.
Click the Log On tab, "log on as:" should be Local system account.
Below that in the hardware profile box under service, it should say enabled, if not click the enable button.
Apply and ok, then exit services.

Restart the computer normally.

Try the Updates now.

If that fails continue:

Go to Start > Run, and type in:

sc stop BITS

Go to Start > Run, once again, and type in: cmd
At the prompt, copy/paste the following commands inside the code box, one at a time: Hit the Enter key.
 

del /q "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
del /q "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"


Now, go back to: Start > Run, and type in:

sc start BITS

Restart the computer normally.

How is it now?

#14 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 14 May 2013 - 01:31 PM

The BITS settings were set to manual and the logon was enabled

 

you wrote that the general tabs could be manual or automatic. I figured I would change it to automatic and see what happens.

 

That helped this time is showed 7 updates to download, 6 of them were downloaded and installed. However the same one that would not update before is still not updating.

 

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

 

See Below for the full report

 

So I started to run the commands in cmd as you instructed

 

In the black window it shows C:\Documents and Settings\Dr Bob>

 

When I paste del /q "C:\Documents and Settings\All Users\Application

 

This is what I get

 

C:\Documents and Settings\Dr Bob>del /q "C:\Documents and Settings\All Users\App

lication

Could Not Find C:\Documents and Settings\All Users\Application

 

C:\Documents and Settings\Dr Bob>

 

So I tried going up a directory level twice and this is what I got   

 

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

 

C:\Documents and Settings\Dr Bob>del /q "C:\Documents and Settings\All Users\App

lication

Could Not Find C:\Documents and Settings\All Users\Application

 

C:\Documents and Settings\Dr Bob>cd ..

 

C:\Documents and Settings>del /q "C:\Documents and Settings\All Users\Applicatio

n

Could Not Find C:\Documents and Settings\All Users\Application

 

C:\Documents and Settings>cd ..

 

C:\>del /q "C:\Documents and Settings\All Users\Application

Could Not Find C:\Documents and Settings\All Users\Application

 

C:\>

 

I tried the second command and this is what I got

 

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

 

C:\Documents and Settings\Dr Bob>Data\Microsoft\Network\Downloader\qmgr0.dat"

The system cannot find the path specified.

 

C:\Documents and Settings\Dr Bob>

 

 

This is what came up after I did the windows update

 

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

 

Review Your Installation Results

 

The software upgrade is complete

You can now use the website to find and install the latest updates for your computer.

 

Continue 

 

 

More high-priority updates are available

Your computer might be at risk until you install them. Check for the remaining updates and install them now.

 

 

 

Restart now to finish installing updates

Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now. 

 

 

 

Installation Summary

 

  Successful: 6

  Failed: 1

  Remaining: 0

 

 

--------------------------------------------------------------------------------

 

  Successful Updates 

Microsoft Windows XP

Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2804577)

Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2829530)

Security Update for Windows XP (KB2829361)

Cumulative Security Update for ActiveX Killbits for Windows XP (KB2820197)

Security Update for Internet Explorer 8 for Windows XP (KB2847204)

Windows Malicious Software Removal Tool - May 2013 (KB890830)

 

 

--------------------------------------------------------------------------------

 

 

  Failed Updates

For help installing an update successfully, see the solution under each problem description.

 

 

Problem: End User License Agreement (EULA) Not Accepted

Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.

 

Problem: Not Enough Disk Space

Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.

 

Problem: Automatic Updates is currently installing updates

Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.

Note: To view Automatic Updates progress, click the updating icon in your System Tray.

 

Problem: Please check your update history for a description.

 

Microsoft Windows XP

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

 

Problem: A problem on your computer is preventing updates from being downloaded or installed

Solution: To fix the problem, try installing the updates again. If that doesn't work, use the Troubleshooter to try solve the problem.



#15 drbobj

drbobj
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 14 May 2013 - 02:15 PM

update

 

After a reboot the  BITS was set to manual again I changed it to automatic rebooted and tried to update windows it showed the same update with 0KB

 

High-priority updates
Microsoft Windows XP

Download size: 0 KB , 0 minutes  (Downloaded; ready to install)  info_16x.gif
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.  Details...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users