DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Sophie Benshitta at 14:23:22 on 2012-11-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2685 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - LocalServer32 - <no file>
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Plugin for Media Finder: {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - c:\documents and settings\sophie benshitta\application data\media finder\extensions\IEPlugin32.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\documents and settings\sophie benshitta\application data\media finder\extensions\gencrawler_gc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1009\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [Media Finder] c:\program files\media finder\Media Finder.exe /opentotray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [alarm.exe] "c:\program files\chaos software\chaos 6\alarm.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRunOnce: [vsbootstrapper_1872] c:\docume~1\sophie~1\locals~1\temp\vsd1.tmp\setup.exe -afterreboot="w:\___software\__digi-stuff\digi_traffic_generator\digi traffic generator\"
mRun: [LaunchApp] Alaunch
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eLockMonitor] c:\acer\empowering technology\elock\monitor\LaunchMonitor.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\sophie~1\startm~1\programs\startup\pcpits~1.lnk - c:\program files\pcpitstop\optimize3\Optimize3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\onlywire.lnk - c:\program files\onlywire\OnlyWireWindows.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:351
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{72F634A4-FB88-4098-9BB5-B98CE2D36F9F} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sophie benshitta\application data\mozilla\firefox\profiles\5y6f8lsc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.outcall.net/toplist/auto10/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\sophie benshitta\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-07 10:58; gencrawler@some.com; c:\documents and settings\sophie benshitta\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF - ExtSQL: 2012-10-07 11:02; addon@defaulttab.com; c:\documents and settings\sophie benshitta\application data\mozilla\firefox\profiles\5y6f8lsc.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2012-10-14 14:57; bmat@orinx.com; c:\documents and settings\sophie benshitta\application data\mozilla\firefox\profiles\5y6f8lsc.default\extensions\bmat@orinx.com.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2012-8-27 45792]
R3 DUBE100;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2012-2-25 13594]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-9-16 586584]
S1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
S1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-6-8 17664]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-6-6 90112]
S2 LockServ;LockServ;c:\acer\empowering technology\elock\lockserv.exe -p --> c:\acer\empowering technology\elock\LockServ.exe -p [?]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-10-23 90352]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]
S2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2012-8-31 248704]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2010-10-22 196409]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Trscal;Trscal; [x]
.
=============== Created Last 30 ================
.
2012-11-17 17:45:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-17 17:45:30 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-17 17:44:56 -------- d-----w- c:\windows\LastGood.Tmp
2012-11-14 17:55:05 -------- d-----w- c:\documents and settings\sophie benshitta\application data\DigiResults
2012-11-14 17:54:23 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-11-14 17:54:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-08 12:51:14 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-11-08 12:51:08 -------- d-----w- c:\program files\McAfee Security Scan
2012-10-27 02:00:01 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-27 02:00:01 270816 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-10-27 02:00:01 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-10-27 02:00:01 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-27 02:00:01 14676448 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-10-27 02:00:00 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-10-27 02:00:00 889848 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-10-27 02:00:00 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-10-27 02:00:00 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-23 19:35:07 -------- d-----w- c:\program files\iPod
2012-10-23 19:34:58 -------- d-----w- c:\program files\iTunes
2012-10-23 19:34:58 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M ====================
.
2012-11-14 14:10:46 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-08 12:51:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 12:51:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-24 18:45:17 60864 ----a-w- c:\documents and settings\sophie benshitta\g2mdlhlpx.exe
2012-09-18 12:37:55 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-09-18 12:37:55 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-09-02 00:32:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-02 00:32:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 00:32:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 00:32:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-27 09:19:02 45792 ----a-w- c:\windows\system32\drivers\busenum.sys
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:23:39.81 ===============
I have an xp that would not start up, keeps on restarting. I was able to start it up in safe mode, restored to a 4-day ago status, but it still won't start up.
I am not sure what's up with it, sorry.
I hope you can help. I purchased a marketing program 2 days ago that I think had a pirated software as part of the package... or who knows what happened.
Thank you for your help.
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Sophie Benshitta at 14:23:22 on 2012-11-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2685 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - LocalServer32 - <no file>
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Plugin for Media Finder: {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - c:\documents and settings\sophie benshitta\application data\media finder\extensions\IEPlugin32.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\documents and settings\sophie benshitta\application data\media finder\extensions\gencrawler_gc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1009\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [Media Finder] c:\program files\media finder\Media Finder.exe /opentotray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [alarm.exe] "c:\program files\chaos software\chaos 6\alarm.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRunOnce: [vsbootstrapper_1872] c:\docume~1\sophie~1\locals~1\temp\vsd1.tmp\setup.exe -afterreboot="w:\___software\__digi-stuff\digi_traffic_generator\digi traffic generator\"
mRun: [LaunchApp] Alaunch
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eLockMonitor] c:\acer\empowering technology\elock\monitor\LaunchMonitor.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\sophie~1\startm~1\programs\startup\pcpits~1.lnk - c:\program files\pcpitstop\optimize3\Optimize3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\onlywire.lnk - c:\program files\onlywire\OnlyWireWindows.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:351
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{72F634A4-FB88-4098-9BB5-B98CE2D36F9F} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sophie benshitta\application data\mozilla\firefox\profiles\5y6f8lsc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.outcall.net/toplist/auto10/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\sophie benshitta\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-07 10:58; gencrawler@some.com; c:\documents and settings\sophie benshitta\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF - ExtSQL: 2012-10-07 11:02; addon@defaulttab.com; c:\documents and settings\sophie benshitta\application data\mozilla\firefox\profiles\5y6f8lsc.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2012-10-14 14:57; bmat@orinx.com; c:\documents and settings\sophie benshitta\application data\mozilla\firefox\profiles\5y6f8lsc.default\extensions\bmat@orinx.com.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2012-8-27 45792]
R3 DUBE100;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100.sys [2012-2-25 13594]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]
S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-9-16 586584]
S1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
S1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-6-8 17664]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-6-6 90112]
S2 LockServ;LockServ;c:\acer\empowering technology\elock\lockserv.exe -p --> c:\acer\empowering technology\elock\LockServ.exe -p [?]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-10-23 90352]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]
S2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2012-8-31 248704]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2010-10-22 196409]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Trscal;Trscal; [x]
.
=============== Created Last 30 ================
.
2012-11-17 17:45:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-11-17 17:45:30 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-17 17:44:56 -------- d-----w- c:\windows\LastGood.Tmp
2012-11-14 17:55:05 -------- d-----w- c:\documents and settings\sophie benshitta\application data\DigiResults
2012-11-14 17:54:23 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-11-14 17:54:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-08 12:51:14 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-11-08 12:51:08 -------- d-----w- c:\program files\McAfee Security Scan
2012-10-27 02:00:01 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-27 02:00:01 270816 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-10-27 02:00:01 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-10-27 02:00:01 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-27 02:00:01 14676448 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-10-27 02:00:00 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-10-27 02:00:00 889848 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-10-27 02:00:00 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-10-27 02:00:00 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-23 19:35:07 -------- d-----w- c:\program files\iPod
2012-10-23 19:34:58 -------- d-----w- c:\program files\iTunes
2012-10-23 19:34:58 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M ====================
.
2012-11-14 14:10:46 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-08 12:51:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 12:51:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-24 18:45:17 60864 ----a-w- c:\documents and settings\sophie benshitta\g2mdlhlpx.exe
2012-09-18 12:37:55 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-09-18 12:37:55 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-09-02 00:32:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-02 00:32:42 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 00:32:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 00:32:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-27 09:19:02 45792 ----a-w- c:\windows\system32\drivers\busenum.sys
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:23:39.81 ===============
I have an xp that would not start up, keeps on restarting. I was able to start it up in safe mode, restored to a 4-day ago status, but it still won't start up.
I am not sure what's up with it, sorry.
I hope you can help. I purchased a marketing program 2 days ago that I think had a pirated software as part of the package... or who knows what happened.
Thank you for your help.