Jump to content

Need Help with FBI MoneyPak Virus


Recommended Posts

  • Staff

Hello

Lets see if we can get this to run

  • Download OTLPE from either location and save it to your desktop:
    http://oldtimer.geekstogo.com/OTLPEStd.exe
    http://ottools.noahdfear.net/OTLPEStd.exe
  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPE Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click imgbrn.png to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press "OK"
  • OTL should now start.
  • Push runscanbutton.png
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your next reply.

Gringo

Link to post
Share on other sites

Hello Gringo,

Thanks for your assistance.

Unfortunately, I have a problem. I followed your instructions, but when I boot from the CD and run OTLPE, it doesn't see my infected drive. I am sure this is because on this system the main drive is a Raid array and the boot CD doesn't have software for it.

Please advise.

Thanks, Gary

Link to post
Share on other sites

  • Staff

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt
    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review

Link to post
Share on other sites

Hello,

Well I am having issues. Usually, I am pretty good with these things. It seems F12 doesn't bring up the boot menu on my system. I went into the BIOS setup and changed the 3 boot options to the only USB choices available (USB-CDROM, USB-FDD & USB-ZIP). I think this ZIP is the old ZIP Drives. I then plugged the USB drive into a front USB port and tried to boot the system. However, it still booted from the hard disk.

I eventually discovered that F11 would bring up the boot menu on my system. However, I tried choosing USB-CDROM or USB-FDD, but it still booted from the Hard Disk.

Is it possible that some of the USB ports aren't active during boot? Should I try one of the back USB ports, directly on the motherboard?

Also, I could delete my RAID array, go back to our original OLTPE option and then rebuild the RAID array after we remove the infection.

Sorry to be so much trouble.

Thanks, Gary

Link to post
Share on other sites

  • Staff

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt
    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review

Link to post
Share on other sites

Gringo,

I don't think I have ever been so frustrated and I have built several of my own systems. Here is the update:

  1. Following you last instructions, I created and booted the infected system from the xpud CD.
  2. However, I couldn't get it to see the USB drive, regardless of which port I put it in
  3. All I saw were sda1, sdb1 & sdc1 and these were the 3 hard drives in my system (the 2 drives in the array and a spare). The USB drive didn't show at all.
  4. I even unplugged all other USB devices and booted with only the USB drive plugged in.

At this point I went back to the OTLPE option

  1. I noticed when REATOGO-X-PE started to load that I could hit F6 and load other drivers. A light bulb came on as I remembered having to do this when I first built this system and loaded XP. The motherboard came with a floppy disk for the RAID drivers and I still have a floppy drive on the system.
  2. Therefore, I hit F6, inserted the floppy and selected the drivers. It seemed to do its thing and REATOGO-X-PE continued to load.
  3. Once REATOGO-X-PE was loaded I fully expected to see my hard drive, since the drivers loaded, but failure again. No hard drive.
  4. I tried this a couple of times with the same result.
  5. Also, while in REATOGO-X-PE, I also noticed (as with xpud) that the system didn't see my USB drive.
  6. I went into control panel and then system -> hardware and the USB drive had a yellow exclamation point on it. It said it couldn't load the driver (code 39), whatever that meant. Could I have a USB drive that requies a special driver? This drive has never been a problem before.

At this point I was really frustrated.

  1. I went into the RAID utility (during boot) and deleted the Array
  2. I booted with the REATOGO-X-PE CD again. However, it still doesn't see the hard drive.

Now, even more frustrated, do you have any ideas:

  1. Options to get it to see the USB drive?
  2. Options to get it to see the hard drive?

For your information, the RAID is handled by an Nvidia chip and firmware/software.

The floppy disk, with the RAID drivers, which came with the motherboard is labeled:

G72-NVSA041

For Nvidia CK804 & CK804-A2

SATA RAID Driver

Version: 5.10.2600.0479

For Win 2K/XP

I hope you have some brilliant ideas

Thanks, Gary

Link to post
Share on other sites

Gringo,

Good news, I think, but not from xpud.

I had let the system boot normally into windows:

  1. Of course It seemed locked with the FBI screen
  2. I left it alone for a while
  3. I hit the system power button, it cleared the FBI screen and started to shutdown.
  4. I entered "shutdown -a" and managed to stop the shutdown
  5. Malware Bytes had been running its daily scan the other day when it got infected. Luckily it had now finished its scan and found 4 infections.
  6. I let it clean the infections and rebooted.
  7. Voila! it booted back up without the FBI screen.

I am in XP and It seems ok, but should we run some other scans to make sure it is fully clean.

Thanks, Gary

Link to post
Share on other sites

  • Staff

Hello Gary

That is GREAT NEWS!!

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Gringo,

Ok, here you go.

So far things seem ok. It is a little slow as it is rebuilding my RAID array.

I ran ComboFix as directed and here is the log:

ComboFix 13-04-29.01 - GaryT 04/30/2013 7:28.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2405 [GMT -4:00]

Running from: c:\documents and settings\GaryT\My Documents\Download\FBI MoneyPak Cleanup\ComboFix.exe

AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\GaryT\Application Data\Scorch_Install.log

c:\documents and settings\GaryT\Application Data\skype.ini

c:\documents and settings\GaryT\Favorites\Antivirus Test Online.url

c:\documents and settings\GaryT\g2mdlhlpx.exe

c:\documents and settings\GaryT\jqs.exe

c:\documents and settings\GaryT\Local Settings\Application Data\assembly\tmp

c:\documents and settings\GaryT\opera.exe

c:\documents and settings\GaryT\vlcplayer.exe

c:\documents and settings\GaryT\WINDOWS

c:\program files\Conference

c:\program files\Conference\Conference.db

c:\program files\Conference\Conference.dll

c:\program files\Conference\Conference.exe

c:\program files\Conference\Conference.ini

c:\program files\Conference\Conference.key

c:\program files\Conference\Languages\de.xml

c:\program files\Conference\Languages\en.xml

c:\program files\Conference\Languages\es.xml

c:\program files\Conference\Languages\fr.xml

c:\program files\Conference\Languages\hu.xml

c:\program files\Conference\Languages\pl.xml

c:\program files\Conference\Languages\pt.xml

c:\program files\Conference\Languages\ru.xml

c:\program files\Conference\Languages\ua.xml

c:\windows\EventSystem.log

c:\windows\favicon.ico

c:\windows\iun6002.exe

c:\windows\msvcr71.dll

c:\windows\shell.ini

c:\windows\ST6UNST.000

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\driver.dat

c:\windows\system32\SET2B05.tmp

c:\windows\system32\SET2B06.tmp

c:\windows\system32\SET2B07.tmp

c:\windows\system32\SET2B09.tmp

c:\windows\system32\SET2B0B.tmp

c:\windows\system32\SET2B0C.tmp

c:\windows\system32\SET2B0D.tmp

c:\windows\system32\SET2B14.tmp

c:\windows\system32\SET2B15.tmp

c:\windows\system32\SET2B18.tmp

c:\windows\system32\SET2B1D.tmp

c:\windows\system32\SET2B1E.tmp

c:\windows\system32\SET2B1F.tmp

c:\windows\system32\SET2B21.tmp

c:\windows\system32\SET2B22.tmp

c:\windows\system32\SET2B23.tmp

c:\windows\system32\SET2B24.tmp

c:\windows\system32\SET2B25.tmp

c:\windows\system32\SET2B27.tmp

c:\windows\system32\SET2B28.tmp

c:\windows\system32\SET2B29.tmp

c:\windows\system32\SET2B2C.tmp

c:\windows\system32\SET2B33.tmp

c:\windows\system32\SET2B34.tmp

c:\windows\system32\SET2B37.tmp

c:\windows\system32\SET2B39.tmp

c:\windows\system32\SET2B3A.tmp

c:\windows\system32\SET2B40.tmp

c:\windows\system32\SET2B41.tmp

c:\windows\system32\SET2B44.tmp

c:\windows\system32\SET2B45.tmp

c:\windows\system32\SET2B47.tmp

c:\windows\system32\SET2B4C.tmp

c:\windows\system32\SET2B4D.tmp

c:\windows\system32\SET2B4E.tmp

c:\windows\system32\SET2B4F.tmp

c:\windows\system32\SET2B50.tmp

c:\windows\system32\SET2B56.tmp

c:\windows\system32\SET2B5B.tmp

c:\windows\system32\SET2B5C.tmp

c:\windows\system32\SET2B5F.tmp

c:\windows\system32\SET2B60.tmp

c:\windows\system32\SET2B62.tmp

c:\windows\system32\SET2B63.tmp

c:\windows\system32\SET2B6A.tmp

c:\windows\system32\SET2B6B.tmp

c:\windows\system32\SET2B6D.tmp

c:\windows\system32\SET2B7A.tmp

c:\windows\system32\SET2B7B.tmp

c:\windows\system32\SET2B7E.tmp

c:\windows\system32\SET2B80.tmp

c:\windows\system32\SET2B81.tmp

c:\windows\system32\SET2B82.tmp

c:\windows\system32\SET2B83.tmp

c:\windows\system32\SET2B84.tmp

c:\windows\system32\SET2B85.tmp

c:\windows\system32\SET2B89.tmp

c:\windows\system32\SET2B95.tmp

c:\windows\system32\SET2B9A.tmp

c:\windows\system32\SET2B9C.tmp

c:\windows\system32\SET2B9E.tmp

c:\windows\system32\SET2B9F.tmp

c:\windows\system32\SET2BA0.tmp

c:\windows\system32\SET2BA3.tmp

c:\windows\system32\SET2BA4.tmp

c:\windows\system32\SET2BA8.tmp

c:\windows\system32\SET2BA9.tmp

c:\windows\system32\SET2BAC.tmp

c:\windows\system32\SET2BAD.tmp

c:\windows\system32\SET2BAE.tmp

c:\windows\system32\SET2BB4.tmp

c:\windows\system32\SET2BB5.tmp

c:\windows\system32\SET2BB6.tmp

c:\windows\system32\SET2BBE.tmp

c:\windows\system32\SET2BC1.tmp

c:\windows\system32\SET2BC4.tmp

c:\windows\system32\SET2BC5.tmp

c:\windows\system32\SET2BC6.tmp

c:\windows\system32\SET2BC7.tmp

c:\windows\system32\SET2BC9.tmp

c:\windows\system32\SET2BCE.tmp

c:\windows\system32\SET2BCF.tmp

c:\windows\system32\SET2BD3.tmp

c:\windows\system32\SET2BDB.tmp

c:\windows\system32\SET2BDD.tmp

c:\windows\system32\SET2BDF.tmp

c:\windows\system32\SET2BE0.tmp

c:\windows\system32\SET2BE1.tmp

c:\windows\system32\SET2BEC.tmp

c:\windows\system32\SET2BF0.tmp

c:\windows\system32\SET2BF1.tmp

c:\windows\system32\SET2BF4.tmp

c:\windows\system32\SET2BF6.tmp

c:\windows\system32\SET2BF9.tmp

c:\windows\system32\SET2BFE.tmp

c:\windows\system32\SET2C01.tmp

c:\windows\system32\SET2C02.tmp

c:\windows\system32\SET2C0A.tmp

c:\windows\system32\SET2C0B.tmp

c:\windows\system32\SET2C0C.tmp

c:\windows\system32\SET2C13.tmp

c:\windows\system32\SET2C14.tmp

c:\windows\system32\SET2C18.tmp

c:\windows\system32\SET2C19.tmp

c:\windows\system32\SET2C1A.tmp

c:\windows\system32\SET2C1B.tmp

c:\windows\system32\SET2C1C.tmp

c:\windows\system32\SET2C1E.tmp

c:\windows\system32\SET2C1F.tmp

c:\windows\system32\SET2C20.tmp

c:\windows\system32\SET2C22.tmp

c:\windows\system32\SET2C23.tmp

c:\windows\system32\SET2C24.tmp

c:\windows\system32\SET2C26.tmp

c:\windows\system32\SET2C29.tmp

c:\windows\system32\SET2C2E.tmp

c:\windows\system32\SET2C2F.tmp

c:\windows\system32\SET2C30.tmp

c:\windows\system32\SET2C35.tmp

c:\windows\system32\SET2C36.tmp

c:\windows\system32\SET2C37.tmp

c:\windows\system32\SET2C39.tmp

c:\windows\system32\SET2C5D.tmp

c:\windows\system32\SET2C5F.tmp

c:\windows\system32\SET2C60.tmp

c:\windows\system32\SET2C63.tmp

c:\windows\system32\SET2C64.tmp

c:\windows\system32\SET2C67.tmp

c:\windows\system32\SET2C6A.tmp

c:\windows\system32\SET2C6B.tmp

c:\windows\system32\SET2C6D.tmp

c:\windows\system32\SET2C72.tmp

c:\windows\system32\SET2C75.tmp

c:\windows\system32\SET2C7B.tmp

c:\windows\system32\SET2C7C.tmp

c:\windows\system32\SET2C7F.tmp

c:\windows\system32\SET2C80.tmp

c:\windows\system32\SET2C86.tmp

c:\windows\system32\SET2C87.tmp

c:\windows\system32\SET2C89.tmp

c:\windows\system32\SET2C8A.tmp

c:\windows\system32\SET2C8E.tmp

c:\windows\system32\SET2C8F.tmp

c:\windows\system32\SET2C90.tmp

c:\windows\system32\SET2C92.tmp

c:\windows\system32\SET2C93.tmp

c:\windows\system32\SET2C94.tmp

c:\windows\system32\SET2C95.tmp

c:\windows\system32\SET2C97.tmp

c:\windows\system32\SET2C99.tmp

c:\windows\system32\SET2C9B.tmp

c:\windows\system32\SET2CA6.tmp

c:\windows\system32\SET2CA8.tmp

c:\windows\system32\SET2CA9.tmp

c:\windows\system32\SET2CAA.tmp

c:\windows\system32\SET2CAC.tmp

c:\windows\system32\SET2CAE.tmp

c:\windows\system32\SET2CB3.tmp

c:\windows\system32\SET2CB5.tmp

c:\windows\system32\SET2CB6.tmp

c:\windows\system32\SET2CBC.tmp

c:\windows\system32\SET2CC7.tmp

c:\windows\system32\SET2CCA.tmp

c:\windows\system32\SET2CCB.tmp

c:\windows\system32\SET2CCF.tmp

c:\windows\system32\SET2CD7.tmp

c:\windows\system32\SET2CDE.tmp

c:\windows\system32\SET2CE0.tmp

c:\windows\system32\SET2CE4.tmp

c:\windows\system32\SET2CE6.tmp

c:\windows\system32\SET2CF8.tmp

c:\windows\system32\SET2CFC.tmp

c:\windows\system32\SET2CFE.tmp

c:\windows\system32\SET2D00.tmp

c:\windows\system32\SET2D06.tmp

c:\windows\system32\SET2D0A.tmp

c:\windows\system32\SET2D18.tmp

c:\windows\system32\SET2D1E.tmp

c:\windows\system32\SET2D20.tmp

c:\windows\system32\SET2D21.tmp

c:\windows\system32\SET2D27.tmp

c:\windows\system32\SET2D2B.tmp

c:\windows\system32\SET2D32.tmp

c:\windows\system32\SET2D35.tmp

c:\windows\system32\SET2D37.tmp

c:\windows\system32\SET2D3D.tmp

c:\windows\system32\SET2D4A.tmp

c:\windows\system32\SET2D4B.tmp

c:\windows\system32\SET2D4D.tmp

c:\windows\system32\SET2D4E.tmp

c:\windows\system32\SET2D4F.tmp

c:\windows\system32\SET2D5B.tmp

c:\windows\system32\SET2D66.tmp

c:\windows\system32\SET2D76.tmp

c:\windows\system32\SET2D77.tmp

c:\windows\system32\SET2D7C.tmp

c:\windows\system32\SET2D99.tmp

c:\windows\system32\SET2D9C.tmp

c:\windows\system32\SET2DA1.tmp

c:\windows\system32\SET2DA3.tmp

c:\windows\system32\SET2DAA.tmp

c:\windows\system32\SET2DAB.tmp

c:\windows\system32\SET2DAC.tmp

c:\windows\system32\SET2DAE.tmp

c:\windows\system32\SET2DAF.tmp

c:\windows\system32\SET2DB0.tmp

c:\windows\system32\SET2DB1.tmp

c:\windows\system32\SET2DB3.tmp

c:\windows\system32\SET2DB5.tmp

c:\windows\system32\SET2DB6.tmp

c:\windows\system32\SET2DB8.tmp

c:\windows\system32\SET2DBB.tmp

c:\windows\system32\SET2DBD.tmp

c:\windows\system32\SET2DC2.tmp

c:\windows\system32\SET2DC3.tmp

c:\windows\system32\SET2DCB.tmp

c:\windows\system32\SET2DD2.tmp

c:\windows\system32\SET2DD7.tmp

c:\windows\system32\SET2DDA.tmp

c:\windows\system32\SET2DDD.tmp

c:\windows\system32\SET2DDF.tmp

c:\windows\system32\SET2DE3.tmp

c:\windows\system32\SET2DE5.tmp

c:\windows\system32\SET2DE6.tmp

c:\windows\system32\SET2DEB.tmp

c:\windows\system32\SET2DEC.tmp

c:\windows\system32\SET2DF0.tmp

c:\windows\system32\SET2DF1.tmp

c:\windows\system32\SET2DF4.tmp

c:\windows\system32\SET2DF6.tmp

c:\windows\system32\SET2DFB.tmp

c:\windows\system32\SET2DFE.tmp

c:\windows\system32\SET2E02.tmp

c:\windows\system32\SET2E04.tmp

c:\windows\system32\SET2E06.tmp

c:\windows\system32\SET2F73.tmp

c:\windows\system32\SET2F79.tmp

c:\windows\system32\SET3AEA.tmp

c:\windows\system32\SET3AED.tmp

c:\windows\system32\SET3AF2.tmp

c:\windows\system32\SET3AF6.tmp

c:\windows\system32\SET3AFC.tmp

c:\windows\system32\SET3B23.tmp

c:\windows\system32\SET3B46.tmp

c:\windows\system32\SETD45.tmp

c:\windows\system32\SETD46.tmp

c:\windows\system32\SETD48.tmp

c:\windows\system32\SETD54.tmp

c:\windows\system32\SETD56.tmp

c:\windows\system32\SETD5D.tmp

c:\windows\system32\SETD5E.tmp

c:\windows\system32\SETD5F.tmp

c:\windows\system32\SETD62.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))

.

.

2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\documents and settings\GaryT\Application Data\Sibelius Software

2013-04-24 19:36 . 2013-04-24 19:36 -------- d-----w- c:\program files\Sibelius Software

2013-04-12 18:51 . 2013-04-12 18:51 -------- d-----w- c:\program files\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-22 19:03 . 2012-04-04 22:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-22 19:03 . 2011-05-25 00:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-04 18:50 . 2011-01-05 17:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-11 03:44 . 2013-03-11 03:44 1409 ----a-w- c:\windows\QTFont.for

2013-02-12 00:32 . 2009-05-11 00:18 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2009-05-11 00:18 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-06 00:51 . 2005-04-27 14:54 832512 ----a-w- c:\windows\system32\wininet.dll

2013-02-06 00:51 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2013-02-06 00:51 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-06 00:51 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2013-01-31 09:35 . 2012-04-25 23:27 32032 ----a-w- c:\windows\system32\TURegOpt.exe

2013-01-31 09:35 . 2013-02-18 05:00 29984 ----a-w- c:\windows\system32\uxtuneup.dll

2009-10-31 20:13 . 2009-11-02 08:13 44 ---h--w- c:\program files\dd2c2250.tmp

2003-08-27 18:19 . 2005-08-07 18:05 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll

2012-02-23 21:09 . 2013-04-12 05:12 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2012-02-23 21:09 . 2013-04-12 05:12 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2011-03-03 18:52 . 2013-04-12 05:12 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2011-03-03 18:52 . 2013-04-12 05:12 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2010-03-31 15:09 . 2010-03-31 15:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 16:35 . 2010-04-08 16:35 9822960 ----a-r- c:\program files\mozilla firefox\plugins\ScorchAxPlugin.dll

2010-04-08 17:36 . 2010-04-08 17:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2013-04-12 05:12 . 2013-04-12 05:11 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-04-21 09:17 233472 ------w- c:\program files\SOS Online Backup\CtxMenu_1_0_0_10.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-03-01 2778424]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-21 5074384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonui.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-06-10 00:08 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk

backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^EvernoteClipper.lnk]

path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\EvernoteClipper.lnk

backup=c:\windows\pss\EvernoteClipper.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Jawbone Updater.lnk]

path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Jawbone Updater.lnk

backup=c:\windows\pss\Jawbone Updater.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2012-10-06 08:16 1843512 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-18 23:00 136176 ----atw- c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2013-03-01 05:28 2778424 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 20:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2008-10-24 14:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-02-08 05:12 488984 ----a-w- c:\program files\Common Files\Logishrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2008-07-24 22:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]

2003-07-14 14:52 40960 ----a-w- c:\windows\ltmsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]

2009-07-08 06:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2009-07-07 18:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-02-28 22:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-09-17 16:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-03-31 08:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"MemoryZipperPlus"="c:\program files\Memzip\memzip.exe"

"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"LiveMonitor"=c:\program files\MSI\Live Update 3\LMonitor.exe

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"bwprnmon.exe"=c:\bitware\NT\bwprnmon.exe

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"

"SoundMan"=SOUNDMAN.EXE

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe"

"NVRaidService"="c:\windows\System32\nvraidservice.exe"

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"SM1BG"="c:\windows\SM1BG.EXE"

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Web CEO\\BIN\\webceo.exe"=

"c:\\Program Files\\Web CEO\\BIN\\wsceokrnl.dll"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Paros\\IEEmbed.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Documents and Settings\\GaryT\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 9:40 AM 122240]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 9:40 AM 105784]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2012 2:08 PM 1333424]

R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 5:25 PM 319568]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/14/2011 11:55 PM 12216]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 7:13 PM 418376]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3/15/2009 4:13 PM 34064]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2009 2:46 AM 45824]

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 9:31 PM 1248256]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1/31/2013 5:35 AM 1724192]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 5:25 PM 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 5:25 PM 36352]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [9/22/2011 2:43 PM 645048]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 1:30 PM 43704]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 1:30 PM 12216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/5/2011 1:12 PM 22856]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [10/12/2009 2:46 AM 56960]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [9/18/2012 4:02 PM 10088]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 5:25 PM 77056]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/5/2011 1:12 PM 701512]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]

S3 FileShd;FileShd;c:\windows\system32\drivers\fileshd2.sys [9/10/2007 4:13 PM 69888]

S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/13/2011 12:17 AM 42592]

S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.SYS [10/2/2005 1:15 AM 22432]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/11/2010 1:36 AM 27064]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24]

.

2013-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003Core.job

- c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003UA.job

- c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00]

.

2013-04-28 c:\windows\Tasks\SOS Online Backup - Driskill.job

- c:\program files\sos online backup\sosuploadagent.exe [2009-04-28 06:38]

.

2013-04-30 c:\windows\Tasks\User_Feed_Synchronization-{6B4B2B2E-0337-436A-93B3-0954C8510B04}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cm.my.yahoo.com/?rd=nux

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: microsoft.com\drmlicense.one

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 38.116.38.49

DPF: NetGUI - hxxp://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB

DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

DPF: {02FFCFC3-C28F-4ED9-954B-1BAC9FD77E12} - hxxp://webstream.intra.net/media/xflux3.cab

DPF: {16C698C4-4BE0-4CDF-B777-39276A95F58F} - hxxp://meeting.zoho.com/login/ActivexViewer.jsp

DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB

DPF: {56426D1F-A2BB-4195-8555-CCE6533F81E8} - hxxp://meeting.zoho.com/login/Agent.jsp

DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} - hxxps://secure.voloper.net/editor.cab

DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab

DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB

DPF: {87651085-BCBF-4281-B8F7-1F6E56E92515} - hxxp://meeting.zoho.com/login/Agent.jsp

DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://67.43.9.72:4643/vz/ssh/wodTelnetDLX.cab

DPF: {D5382F3F-32AA-41E1-9FFF-5D1EFAC80D40} - hxxp://contentpurity.com/members/FileClean.CAB

DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} - hxxps://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom.cab

DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab

FF - ProfilePath - c:\documents and settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\

FF - prefs.js: browser.startup.homepage - web.ebuddy.com|hxxp://www.netvibes.com/

FF - ExtSQL: 2013-03-22 16:48; LogMeInClient@logmein.com; c:\documents and settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\extensions\LogMeInClient@logmein.com

FF - ExtSQL: !HIDDEN! 2011-07-10 18:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 600000

FF - user.js: nglayout.initialpaint.delay - 600

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-TuneXP_1.5 - c:\windows\iun6002.exe

AddRemove-Video Conference - c:\program files\Conference\Conference.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-04-30 07:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-796845957-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85101310-102D-5980-D761-0EE4110AA843}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"gaecmjeiibjccj"=hex:61,69,6c,67,6a,61,62,63,68,64,66,6c,70,69,70,65,69,65,6d,

6e,6f,61,6c,69,65,6e,6e,6d,69,70,6a,68,6f,64,6a,70,62,67,68,69,6c,67,66,63,\

"haecmjeiibfedkne"=hex:6e,61,6c,62,68,6c,6d,70,6b,65,6d,62,61,70,67,6f,65,6a,

62,6a,61,61,65,70,62,6c,64,64,00,00

"iaecmjeiibaekjjamj"=hex:6f,61,6b,67,6e,6c,6b,64,63,70,64,62,6a,70,69,6a,67,67,

62,64,66,6b,6d,62,6c,67,66,6b,6a,70,00,00

.

[HKEY_USERS\S-1-5-21-796845957-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD5591C1-3A8C-E5F0-9BE6-B3F676E0D08E}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iapheijdmnfdhiopcl"=hex:69,61,6f,61,6e,62,70,66,65,61,64,6c,6c,69,63,63,65,68,

00,00

"hajknpcalibonfkn"=hex:69,61,6f,61,6e,62,70,66,65,61,64,6c,6c,69,63,63,65,68,

00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(944)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\LMIinit.dll

.

Completion time: 2013-04-30 07:40:07

ComboFix-quarantined-files.txt 2013-04-30 11:39

ComboFix2.txt 2010-07-12 18:52

.

Pre-Run: 45,880,643,584 bytes free

Post-Run: 45,931,581,440 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=TDIP0D /usepmtimer

.

- - End Of File - - EC32E5748841872DAEE3A98B7F0B5A0F

Should I do anything else? Please advise.

Thanks Gary

Link to post
Share on other sites

  • Staff

Hello Gary

Well the worst is over now anyway.

These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Gringo,

Ok, I ran them both:

AdwCleaner Log:

# AdwCleaner v2.300 - Logfile created 04/30/2013 at 04:31:48

# Updated 28/04/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : GaryT - GTD-DESKTOP

# Boot Mode : Normal

# Running from : C:\Documents and Settings\GaryT\My Documents\Download\FBI MoneyPak Cleanup\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\searchplugins\Askcom.xml

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\StumbleUpon

Folder Deleted : C:\Documents and Settings\GaryT\Local Settings\Application Data\PackageAware

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17123

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\4qu1wovc.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\prefs.js

C:\Documents and Settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\user.js ... Deleted !

Deleted : user_pref("extensions.s4fToolbar.si-blekko-domainlinks", true);

Deleted : user_pref("extensions.s4fToolbar.si-blekko-pagelinks", true);

Deleted : user_pref("extensions.s4fToolbar.si-blekko-rank", true);

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\GaryT\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3479 octets] - [30/04/2013 04:31:48]

########## EOF - C:\AdwCleaner[s1].txt - [3539 octets] ##########

RogueKiller Log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : GaryT [Admin rights]

Mode : Remove -- Date : 04/30/2013 04:51:30

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: NVIDIA MIRROR 186.31G +++++

--- User ---

[MBR] c742ddd5f6a0c3b55445f63cd19fee64

[bSP] 1a31c6e198c07ae4fde6f1b9e53b97ae : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190771 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

Finished : << RKreport[2]_D_04302013_02d0451.txt >>

RKreport[1]_S_04302013_02d0449.txt ; RKreport[2]_D_04302013_02d0451.txt

Next?

Thanks, Gary

Link to post
Share on other sites

  • Staff

Hello Gary

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
    If the forum still complains about it being to long send me everything that is at the end of the report after where it says
    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access
    •Windows Update
    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo

Link to post
Share on other sites

Hello again,

Well it looks like good news. I ran both utilities.

TDSSKiller Log:

I attached file TDSSKiller.2.8.16.0_30.04.2013_07.15.44_log.txt

Malwarebytes Anti-Rootkit log:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.04.30.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.11

GaryT :: GTD-DESKTOP [administrator]

4/30/2013 7:41:42 AM

mbar-log-2013-04-30 (07-41-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 29042

Time elapsed: 15 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Next?

Thanks Gary

Link to post
Share on other sites

  • Staff

Hello Gary

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-796845957-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85101310-102D-5980-D761-0EE4110AA843}*]
[HKEY_USERS\S-1-5-21-796845957-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD5591C1-3A8C-E5F0-9BE6-B3F676E0D08E}*]

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Hello,

I did as instructed. Here is the log:

ComboFix 13-04-29.01 - GaryT 04/30/2013 19:56:05.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2314 [GMT -4:00]

Running from: c:\documents and settings\GaryT\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\GaryT\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\EventSystem.log

.

.

((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))

.

.

2013-04-30 12:28 . 2013-04-30 12:28 -------- d-----w- C:\TDSSKiller_Quarantine

2013-04-30 11:24 . 2013-04-30 11:24 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-04-30 10:18 . 2013-04-30 10:18 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin

2013-04-30 10:18 . 2013-04-30 10:18 1 ----a-w- c:\windows\system32\nvdrssel.bin

2013-04-30 10:18 . 2013-04-30 10:18 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin

2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\documents and settings\GaryT\Application Data\Sibelius Software

2013-04-24 19:36 . 2013-04-24 19:36 -------- d-----w- c:\program files\Sibelius Software

2013-04-12 18:51 . 2013-04-12 18:51 -------- d-----w- c:\program files\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-22 19:03 . 2012-04-04 22:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-22 19:03 . 2011-05-25 00:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-04 18:50 . 2011-01-05 17:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-11 03:44 . 2013-03-11 03:44 1409 ----a-w- c:\windows\QTFont.for

2013-03-08 08:36 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2009-05-11 00:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2009-05-11 00:18 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 01:25 . 2009-05-11 00:18 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-02-27 07:56 . 2005-07-18 01:19 2067456 ----a-w- c:\windows\system32\mstscax.dll

2013-02-24 19:03 . 2005-04-27 14:54 832512 ----a-w- c:\windows\system32\wininet.dll

2013-02-24 19:03 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-24 19:03 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2013-02-24 19:03 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2013-02-12 00:32 . 2009-05-11 00:18 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2009-05-11 00:18 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-08 09:03 . 2013-02-08 09:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll

2013-02-08 09:03 . 2005-06-15 21:20 19189760 ----a-w- c:\windows\system32\nvoglnt.dll

2013-02-08 09:03 . 2005-06-15 21:20 4494336 ----a-w- c:\windows\system32\nv4_disp.dll

2013-02-08 09:02 . 2009-07-08 13:07 7536640 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-08 09:02 . 2009-07-08 13:07 2581792 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-08 09:02 . 2013-02-08 09:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll

2013-02-08 09:02 . 2013-02-08 09:02 17551360 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-08 09:02 . 2009-07-08 13:07 2389504 ----a-w- c:\windows\system32\nvapi.dll

2013-02-08 09:02 . 2005-06-15 21:20 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2013-02-08 09:02 . 2013-02-08 09:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-08 09:02 . 2009-07-08 13:07 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-01-31 09:35 . 2012-04-25 23:27 32032 ----a-w- c:\windows\system32\TURegOpt.exe

2013-01-31 09:35 . 2013-02-18 05:00 29984 ----a-w- c:\windows\system32\uxtuneup.dll

2009-10-31 20:13 . 2009-11-02 08:13 44 ---h--w- c:\program files\dd2c2250.tmp

2003-08-27 18:19 . 2005-08-07 18:05 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll

2012-02-23 21:09 . 2013-04-12 05:12 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2012-02-23 21:09 . 2013-04-12 05:12 449848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2011-03-03 18:52 . 2013-04-12 05:12 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2011-03-03 18:52 . 2013-04-12 05:12 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2010-03-31 15:09 . 2010-03-31 15:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 16:35 . 2010-04-08 16:35 9822960 ----a-r- c:\program files\mozilla firefox\plugins\ScorchAxPlugin.dll

2010-04-08 17:36 . 2010-04-08 17:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2013-04-12 05:12 . 2013-04-12 05:11 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-04-21 09:17 233472 ------w- c:\program files\SOS Online Backup\CtxMenu_1_0_0_10.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\documents and settings\GaryT\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-03-01 2778424]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-21 5074384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\documents and settings\GaryT\My Documents\Download\FBI MoneyPak Cleanup\mbar\mbar.exe" [2013-03-23 1398856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonui.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-06-10 00:08 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0sasnative32

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk

backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^EvernoteClipper.lnk]

path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\EvernoteClipper.lnk

backup=c:\windows\pss\EvernoteClipper.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^GaryT^Start Menu^Programs^Startup^Jawbone Updater.lnk]

path=c:\documents and settings\GaryT\Start Menu\Programs\Startup\Jawbone Updater.lnk

backup=c:\windows\pss\Jawbone Updater.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]

2012-10-06 08:16 1843512 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-08-18 23:00 136176 ----atw- c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2013-03-01 05:28 2778424 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 20:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2008-10-24 14:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-02-08 05:12 488984 ----a-w- c:\program files\Common Files\Logishrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2008-07-24 22:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]

2003-07-14 14:52 40960 ----a-w- c:\windows\ltmsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]

2009-07-08 06:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2009-07-07 18:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-02-28 22:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-09-17 16:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-03-31 08:54 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

"MemoryZipperPlus"="c:\program files\Memzip\memzip.exe"

"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"LiveMonitor"=c:\program files\MSI\Live Update 3\LMonitor.exe

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"bwprnmon.exe"=c:\bitware\NT\bwprnmon.exe

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe"

"SoundMan"=SOUNDMAN.EXE

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe"

"NVRaidService"="c:\windows\System32\nvraidservice.exe"

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"SM1BG"="c:\windows\SM1BG.EXE"

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Web CEO\\BIN\\webceo.exe"=

"c:\\Program Files\\Web CEO\\BIN\\wsceokrnl.dll"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Paros\\IEEmbed.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Documents and Settings\\GaryT\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 9:40 AM 122240]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 9:40 AM 105784]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2012 2:08 PM 1333424]

R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 5:25 PM 319568]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/14/2011 11:55 PM 12216]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 7:13 PM 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/5/2011 1:12 PM 701512]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [3/15/2009 4:13 PM 34064]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2009 2:46 AM 45824]

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 9:31 PM 1248256]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1/31/2013 5:35 AM 1724192]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 5:25 PM 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 5:25 PM 36352]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [9/22/2011 2:43 PM 645048]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 1:30 PM 43704]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 1:30 PM 12216]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/30/2013 7:24 AM 35144]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/5/2011 1:12 PM 22856]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [10/12/2009 2:46 AM 56960]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [9/18/2012 4:02 PM 10088]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 5:25 PM 77056]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 10:38 AM 3289208]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]

S3 FileShd;FileShd;c:\windows\system32\drivers\fileshd2.sys [9/10/2007 4:13 PM 69888]

S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/13/2011 12:17 AM 42592]

S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.SYS [10/2/2005 1:15 AM 22432]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/11/2010 1:36 AM 27064]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 14873701

*NewlyCreated* - 25549179

*NewlyCreated* - 26730192

*NewlyCreated* - 80328800

*NewlyCreated* - MBAMCHAMELEON

*Deregistered* - 14873701

*Deregistered* - 25549179

*Deregistered* - 26730192

*Deregistered* - 80328800

*Deregistered* - uphcleanhlp

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 01:24]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003Core.job

- c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1647877149-725345543-1003UA.job

- c:\documents and settings\GaryT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-18 23:00]

.

2013-04-28 c:\windows\Tasks\SOS Online Backup - Driskill.job

- c:\program files\sos online backup\sosuploadagent.exe [2009-04-28 06:38]

.

2013-04-30 c:\windows\Tasks\User_Feed_Synchronization-{6B4B2B2E-0337-436A-93B3-0954C8510B04}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://cm.my.yahoo.com/?rd=nux

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

Trusted Zone: microsoft.com\drmlicense.one

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 38.116.38.49

DPF: NetGUI - hxxp://www.gomeetnow.com/client/window/1,0,1,69/ActiveXInstaller.CAB

DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

DPF: {02FFCFC3-C28F-4ED9-954B-1BAC9FD77E12} - hxxp://webstream.intra.net/media/xflux3.cab

DPF: {16C698C4-4BE0-4CDF-B777-39276A95F58F} - hxxp://meeting.zoho.com/login/ActivexViewer.jsp

DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB

DPF: {56426D1F-A2BB-4195-8555-CCE6533F81E8} - hxxp://meeting.zoho.com/login/Agent.jsp

DPF: {7BC974EF-A718-4A17-B77E-4C8DBC327AFA} - hxxps://secure.voloper.net/editor.cab

DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2005.cab

DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - hxxp://www.contentpurity.com/xp/ScanFilexp.CAB

DPF: {87651085-BCBF-4281-B8F7-1F6E56E92515} - hxxp://meeting.zoho.com/login/Agent.jsp

DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://67.43.9.72:4643/vz/ssh/wodTelnetDLX.cab

DPF: {D5382F3F-32AA-41E1-9FFF-5D1EFAC80D40} - hxxp://contentpurity.com/members/FileClean.CAB

DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} - hxxps://merchantaccount.quickbooks.com/recurchrg/IntuitRecurPayCom.cab

DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} - hxxps://merchantaccount.quickbooks.com/sync/QBMASSyncCom1.cab

FF - ProfilePath - c:\documents and settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\

FF - prefs.js: browser.startup.homepage - web.ebuddy.com|hxxp://www.netvibes.com/

FF - ExtSQL: 2013-03-22 16:48; LogMeInClient@logmein.com; c:\documents and settings\GaryT\Application Data\Mozilla\Firefox\Profiles\1llhjzre.default\extensions\LogMeInClient@logmein.com

FF - ExtSQL: !HIDDEN! 2011-07-10 18:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-14873701.sys

AddRemove-{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{1E3CA~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-04-30 20:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(936)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\LMIinit.dll

.

Completion time: 2013-04-30 20:06:34

ComboFix-quarantined-files.txt 2013-05-01 00:06

ComboFix2.txt 2013-04-30 11:40

ComboFix3.txt 2010-07-12 18:52

.

Pre-Run: 45,369,098,240 bytes free

Post-Run: 45,363,138,560 bytes free

.

- - End Of File - - 2B4AD2F9E4A44AA3830BA9D77A7B2054

Things seem OK. What's next?

Thanks, Gary

Link to post
Share on other sites

  • Staff

Hello gtdriski

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box


C:\Qoobox\Add-Remove Programs.txt

  • click ok

copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Gringo,

Here is the report:

3114 SATARAID5

500e

ABBYY FineReader 5.0 Sprint

Adobe Acrobat 9 Standard - English, Français, Deutsch

Adobe Acrobat 9.5.4 - CPSID_83708

Adobe AIR

Adobe ConnectNow

Adobe ConnectNow Add-in

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11

Advanced Find and Replace v5.1

AllWebMenus PRO 5.1.760

AMD CPUInfo

AMD Power Monitor

AMD Processor Driver

Apple Software Update

Brother BRAdmin Professional 2.51

Brother HL-5170DN

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Camtasia Studio 7

Canon Camera Support Core Library

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

Canon Camera Window for ZoomBrowser EX

Canon i950

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities Easy-PhotoPrint

Canon ZoomBrowser EX

CCleaner

Cisco AnyConnect VPN Client

Cisco Network Magic

Cisco Unified Presenter Add-in 6x5

ClickTracks Hosted Viewer

Cole2k Media - Codec Pack (Advanced) 7.1.0

Compatibility Pack for the 2007 Office system

Constant Contact QuickImport - Outlook

Corel Photo Album 6

Critical Security Update

Critical Update for Windows Media Player 11 (KB959772)

CSS eXplorer

Cypress USB Mass Storage Driver Installation

del.icio.us Buttons for Internet Explorer

DeVilbiss Remote Control

DH Driver Cleaner.NET

Directory Submitter 1.0.29

DivX

DivX Player

Domain Samurai

DriverMax 5

Dropbox

Dual-Core Optimizer

EPSON Copy Utility 3

EPSON Perf 2480 - 2580 Guide

EPSON Scan

EPSON Smart Panel

eReg

erLT

ESET NOD32 Antivirus

EVEREST Ultimate Edition v5.02

Evernote v. 4.5.10

Family Tree Maker 2011

Flash Decompiler Trillix

Free Easy Burner V 3.8

Google AdWords Editor

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.4.0.1082

GSiteCrawler

GTK+ 2.10.6-1 runtime environment

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP eServices Local Prints and Save

HP Scrawlr

InfraRecorder

Internet Explorer Q903235

Intra.Net 4.x Components

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 37

Jawbone Updater

join.me

Keyword Cloud Generator 1.0.21

LightScribe 1.4.136.1

Likno Web Button Maker

Logitech Audio Echo Cancellation Component

Logitech QuickCam

Logitech SetPoint 6.50

Logitech Solar App 1.0

Logitech Video Enumerator

Logitech® Camera Driver

LogMeIn

LtMoh_MARS

Macromedia Dreamweaver 8

Macromedia Extension Manager

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Malwarebytes Anti-Malware version 1.75.0.1300

Market Samurai

MediaInfo 0.7.5.3

MediaLife

Memory Zipper Plus 7.11

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Primary Interop Assemblies

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Professional Edition 2003

Microsoft Office Project Standard 2003

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft WSE 3.0 Runtime

Mirage Driver 1.1

Mix-FX

MovieEdit Task

Moyea Flash Video MX Pro Version: 5.0.16.932

Moyea Flash Video MX Pro Version: 6.0.2.1174

Moyea FLV Downloader version 1.15.0.15

Moyea FLV Player version 1.5.2.7

Moyea FLV to Video Converter Pro 3 Version: 3.0.6.0

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI DigiCell

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

MVision

MyPublisher BookMaker

Netsparker [Community Edition] - Web Application Security Scanner

Network Magic

Nmap 4.85BETA5

Notepad++

NVIDIA Drivers

OGA Notifier 2.0.0048.0

Paint.NET v3.5.10

Paros 3.2.13

Passpack DESKTOP

PerfectDisk 10 Professional

PhotoImpression 5

PingPlotter Standard 3.30.0s

PlexTools Professional V2.28

Pure Networks Platform

QuickBooks

QuickBooks Pro 2012

Quicken 2006

Quicken WillMaker Plus 2006

QuickTime

RAW Image Task

RawShooter essentials 2005

Realtek AC'97 Audio

Recuva (remove only)

RemoteCapture Task 1.1

Report Viewer 2.3

Revo Uninstaller Pro 2.5.9

Roxio Content 9

Roxio Drag-to-Disc

Roxio Easy Media Creator 9 Suite

Roxio Media Experience

Roxio Update Manager

Savings Bond Wizard

ScanToWeb

SeaTools for Windows

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB2722913)

Security Update for Windows Internet Explorer 7 (KB2744842)

Security Update for Windows Internet Explorer 7 (KB2761465)

Security Update for Windows Internet Explorer 7 (KB2792100)

Security Update for Windows Internet Explorer 7 (KB2797052)

Security Update for Windows Internet Explorer 7 (KB2799329)

Security Update for Windows Internet Explorer 7 (KB2809289)

Security Update for Windows Internet Explorer 7 (KB2817183)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sibelius Scorch (Firefox, Opera, Netscape, Chrome only)

Skype Click to Call

Skype™ 6.3

SmartFTP Client

SmartFTP Client 3.0 Setup Files (remove only)

SmartFTP Client 4.0 Setup Files (remove only)

SmartLink Desktop

Snagit 10.0.1

SnagIt Studio

SOS Online Backup

StuffIt Expander 2009

Sumopaint Pro

SupportSoft Assisted Service

System Requirements Lab

TeamViewer 6

Time Zone Data Update Tool for Microsoft Office Outlook

TuneUp Utilities 2013

TuneUp Utilities Language Pack (en-US)

ubCore

UEStudio '10.30

UltraCompare v7.20

UltraSentry

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB Storage Adapter FX (SM1)

User Profile Hive Cleanup Service

Visual Studio 2005 Tools for Office Second Edition Runtime

Web CEO 9.1

WebEx

WebFldrs XP

Windows Genuine Advantage v1.3.0254.0

Windows Imaging Component

Windows Installer Clean Up

Windows Live Sign-in Assistant

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Resource Kit Tools - SubInAcl.exe

Windows XP Service Pack 3

WinMerge 2.12.4

winpcap-nmap 4.02

WinZip 15.0

WSI Power Search

XML Paper Specification Shared Components Pack 1.0

XSitePro2

XviD MPEG-4 Codec

Yugma

Nexr?

Thanks, Gary

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.