Combofix - how to restore Carbonite?
Combofix referred me to your forum.
I used Combofix to repair a problem, and it disabled my backup service,
Carbonite. I tried to reinstall it, but it won't allow it to reinstall. (I really need this working every day for my business financial files, especially since my PC has been unstable.)
How do I reverse what is done? I suspect it disabled some other things, but I don't know how to check or reverse them, as the web page doesn't give that info.
In the process it did repair a .dll file, but that hasn't seemed to make a difference in how my PC is working.
Thanks for any help you can offer. Below is the logfile from Combofix:
ComboFix 12-10-15.01 - Francie 10/15/2012 22:31:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2532 [GMT -4:00]
Running from: c:\documents and settings\Francie\Desktop\ComboFix.exe
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\Francie\Application Data\PriceGong
c:\documents and settings\Francie\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2121.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2637.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2867.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\3003.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\3213.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\4002.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\4275.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\4471.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5218.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5259.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5260.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5352.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5992.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\6781.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\898.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\946.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Francie\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Francie\g2mdlhlpx.exe
c:\documents and settings\Francie\My Documents\~WRL0036.tmp
c:\documents and settings\Francie\My Documents\~WRL0123.tmp
c:\documents and settings\Francie\My Documents\~WRL0358.tmp
c:\documents and settings\Francie\My Documents\~WRL0377.tmp
c:\documents and settings\Francie\My Documents\~WRL0818.tmp
c:\documents and settings\Francie\My Documents\~WRL0866.tmp
c:\documents and settings\Francie\My Documents\~WRL0938.tmp
c:\documents and settings\Francie\My Documents\~WRL0976.tmp
c:\documents and settings\Francie\My Documents\~WRL1294.tmp
c:\documents and settings\Francie\My Documents\~WRL1533.tmp
c:\documents and settings\Francie\My Documents\~WRL1710.tmp
c:\documents and settings\Francie\My Documents\~WRL1715.tmp
c:\documents and settings\Francie\My Documents\~WRL1756.tmp
c:\documents and settings\Francie\My Documents\~WRL2186.tmp
c:\documents and settings\Francie\My Documents\~WRL2241.tmp
c:\documents and settings\Francie\My Documents\~WRL2256.tmp
c:\documents and settings\Francie\My Documents\~WRL2555.tmp
c:\documents and settings\Francie\My Documents\~WRL2557.tmp
c:\documents and settings\Francie\My Documents\~WRL2764.tmp
c:\documents and settings\Francie\My Documents\~WRL2836.tmp
c:\documents and settings\Francie\My Documents\~WRL3133.tmp
c:\documents and settings\Francie\My Documents\~WRL3298.tmp
c:\documents and settings\Francie\My Documents\~WRL3536.tmp
c:\documents and settings\Francie\My Documents\~WRL3796.tmp
c:\documents and settings\Francie\My Documents\~WRL3800.tmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\regobj.dll
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\ntdll.dll was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 02:19 . 2012-10-16 02:19 -------- d-----w- c:\documents and settings\Francie\Local Settings\Application Data\Avg2013
2012-10-15 15:42 . 2012-10-15 15:42 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
2012-10-09 18:48 . 2012-10-09 18:48 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-10-09 18:46 . 2012-10-09 18:46 -------- d-----w- c:\documents and settings\Francie\Local Settings\Application Data\Downloaded Installations
2012-10-02 17:47 . 2012-10-02 17:47 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-28 03:38 . 2012-09-28 03:38 -------- d-----w- c:\documents and settings\Francie\Application Data\TuneUp Software
2012-09-27 21:34 . 2012-10-14 04:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-27 17:55 . 2012-09-27 17:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-27 17:51 . 2012-09-27 17:51 -------- d-----w- c:\program files\Microsoft.NET
2012-09-27 05:32 . 2012-10-16 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-09-27 05:32 . 2012-09-27 05:32 -------- d-----w- c:\program files\AVG
2012-09-27 03:32 . 2012-10-16 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-09-27 03:32 . 2012-09-27 03:32 -------- d-----w- c:\documents and settings\Francie\Local Settings\Application Data\MFAData
2012-09-27 03:22 . 2012-09-27 17:48 -------- d-----w- c:\program files\PC Cleaners(2)
2012-09-27 03:14 . 2012-09-27 03:14 -------- d-----w- c:\documents and settings\Francie\Application Data\PC Cleaners
2012-09-27 03:13 . 2012-09-27 03:22 -------- d-----w- c:\documents and settings\Francie\Application Data\PCPro
2012-09-27 03:13 . 2012-09-27 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-09-26 05:41 . 2012-09-26 05:41 -------- d-----w- c:\documents and settings\Francie\Application Data\GFI Software
2012-09-26 04:00 . 2012-09-26 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2012-09-26 03:54 . 2010-11-26 02:54 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2012-09-26 03:41 . 2012-09-26 03:41 -------- d-----w- C:\AMD
2012-09-16 15:22 . 2012-09-16 15:22 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 23:49 . 2011-02-04 06:10 1682 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-10-04 02:54 . 2012-08-26 16:08 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-06-14 22:20 . 2011-03-24 06:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2000-01-01 1634112]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Guest.FRANCIE-PC\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Qchex Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Qchex Tray Icon.lnk
backup=c:\windows\pss\Qchex Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk
backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Francie^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\documents and settings\Francie\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Francie^Start Menu^Programs^Startup^Fanbase.lnk]
path=c:\documents and settings\Francie\Start Menu\Programs\Startup\Fanbase.lnk
backup=c:\windows\pss\Fanbase.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2012-08-29 18:51 1061960 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloudCare]
2011-06-25 16:59 96040 ----a-w- c:\program files\Bsecure\BsecTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-11-18 15:44 9221024 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-28 20:59 136176 ----atw- c:\documents and settings\Francie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2000-01-01 00:00 41122448 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-10-19 10:58 1439496 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-05-15 09:40 15504192 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2000-01-01 00:00 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2009-06-22 23:29 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
2012-07-25 16:57 29357952 ----a-w- c:\program files\SlimDrivers\SlimDrivers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-11-26 02:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-02-04 16:06 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VueMinder]
2012-02-11 14:25 7962624 ----a-w- c:\program files\VueSoft\VueMinder\VueMinder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [6/28/2012 6:33 PM 101112]
R2 Bsecure;CloudCare;c:\program files\Bsecure\InetCtrl.exe [4/2/2012 4:01 PM 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\Bsecure\BsecAV.exe [4/2/2012 4:01 PM 161776]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [8/26/2012 12:11 PM 88688]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [4/12/2012 5:27 AM 69640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [8/26/2012 3:03 PM 1262400]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [9/5/2011 11:41 PM 28256]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [4/2/2012 4:01 PM 21624]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [8/26/2012 12:36 PM 43392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/26/2012 12:11 PM 2551664]
S0 gbgrrpg;gbgrrpg;c:\windows\system32\drivers\hcvfg.sys --> c:\windows\system32\drivers\hcvfg.sys [?]
S0 nhrmdtgf;nhrmdtgf;c:\windows\system32\drivers\gqtbt.sys --> c:\windows\system32\drivers\gqtbt.sys [?]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [9/5/2011 11:41 PM 28256]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [5/17/2011 10:43 AM 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [5/17/2011 10:43 AM 1217920]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [5/17/2011 10:43 AM 1220224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2012 2:37 AM 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/27/2012 5:34 PM 40776]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 8:00 AM 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/26/2012 12:08 PM 13024]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 5:44 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 5:44 PM 136176]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [9/15/2011 11:40 PM 558592]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/5/2012 2:37 AM 655944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WUAUSERV
*Deregistered* - BsecureFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-06 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-04-03 14:08]
.
2012-09-28 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-01-12 21:59]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 21:44]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 21:44]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-616249376-839522115-1003Core.job
- c:\documents and settings\Francie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 20:59]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-616249376-839522115-1003UA.job
- c:\documents and settings\Francie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 20:59]
.
2012-07-25 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-07-15 06:07]
.
2012-06-29 c:\windows\Tasks\prismDowngrade.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-19 16:51]
.
2011-12-22 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-19 16:51]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-09-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-01-20 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-01-20 02:58]
.
2012-10-15 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-01-20 02:58]
.
2012-10-15 c:\windows\Tasks\User_Feed_Synchronization-{259297A0-4E67-4E79-897A-4C8098A85E45}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2012-06-14 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-19 16:52]
.
2012-05-16 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-19 16:52]
.
2011-10-06 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-19 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\documents and settings\Francie\Application Data\Mozilla\Firefox\Profiles\0tdbrp4t.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 0cb749d1-f74c-4bd5-9adf-4877091b9912
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-Ask and Record FLV Service - c:\program files\Replay Media Catcher\FLVSrvc.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-RemoteControl10 - c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
MSConfigStartUp-WMUTray - c:\program files\WakeMeUp\WMUTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-15 22:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Bsecure\BSecAMX.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2012-10-15 22:49:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 02:49
.
Pre-Run: 86,654,783,488 bytes free
Post-Run: 89,766,346,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FA65D45B5088DC0D12AC37482566259E
Combofix referred me to your forum.
I used Combofix to repair a problem, and it disabled my backup service,
Carbonite. I tried to reinstall it, but it won't allow it to reinstall. (I really need this working every day for my business financial files, especially since my PC has been unstable.)
How do I reverse what is done? I suspect it disabled some other things, but I don't know how to check or reverse them, as the web page doesn't give that info.
In the process it did repair a .dll file, but that hasn't seemed to make a difference in how my PC is working.
Thanks for any help you can offer. Below is the logfile from Combofix:
ComboFix 12-10-15.01 - Francie 10/15/2012 22:31:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2532 [GMT -4:00]
Running from: c:\documents and settings\Francie\Desktop\ComboFix.exe
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\Francie\Application Data\PriceGong
c:\documents and settings\Francie\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2121.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2637.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\2867.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\3003.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\3213.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\4002.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\4275.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\4471.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5218.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5259.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5260.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5352.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\5992.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\6781.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\898.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\946.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Francie\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Francie\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Francie\g2mdlhlpx.exe
c:\documents and settings\Francie\My Documents\~WRL0036.tmp
c:\documents and settings\Francie\My Documents\~WRL0123.tmp
c:\documents and settings\Francie\My Documents\~WRL0358.tmp
c:\documents and settings\Francie\My Documents\~WRL0377.tmp
c:\documents and settings\Francie\My Documents\~WRL0818.tmp
c:\documents and settings\Francie\My Documents\~WRL0866.tmp
c:\documents and settings\Francie\My Documents\~WRL0938.tmp
c:\documents and settings\Francie\My Documents\~WRL0976.tmp
c:\documents and settings\Francie\My Documents\~WRL1294.tmp
c:\documents and settings\Francie\My Documents\~WRL1533.tmp
c:\documents and settings\Francie\My Documents\~WRL1710.tmp
c:\documents and settings\Francie\My Documents\~WRL1715.tmp
c:\documents and settings\Francie\My Documents\~WRL1756.tmp
c:\documents and settings\Francie\My Documents\~WRL2186.tmp
c:\documents and settings\Francie\My Documents\~WRL2241.tmp
c:\documents and settings\Francie\My Documents\~WRL2256.tmp
c:\documents and settings\Francie\My Documents\~WRL2555.tmp
c:\documents and settings\Francie\My Documents\~WRL2557.tmp
c:\documents and settings\Francie\My Documents\~WRL2764.tmp
c:\documents and settings\Francie\My Documents\~WRL2836.tmp
c:\documents and settings\Francie\My Documents\~WRL3133.tmp
c:\documents and settings\Francie\My Documents\~WRL3298.tmp
c:\documents and settings\Francie\My Documents\~WRL3536.tmp
c:\documents and settings\Francie\My Documents\~WRL3796.tmp
c:\documents and settings\Francie\My Documents\~WRL3800.tmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\regobj.dll
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\ntdll.dll was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 02:19 . 2012-10-16 02:19 -------- d-----w- c:\documents and settings\Francie\Local Settings\Application Data\Avg2013
2012-10-15 15:42 . 2012-10-15 15:42 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
2012-10-09 18:48 . 2012-10-09 18:48 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-10-09 18:46 . 2012-10-09 18:46 -------- d-----w- c:\documents and settings\Francie\Local Settings\Application Data\Downloaded Installations
2012-10-02 17:47 . 2012-10-02 17:47 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-28 03:38 . 2012-09-28 03:38 -------- d-----w- c:\documents and settings\Francie\Application Data\TuneUp Software
2012-09-27 21:34 . 2012-10-14 04:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-27 17:55 . 2012-09-27 17:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-27 17:51 . 2012-09-27 17:51 -------- d-----w- c:\program files\Microsoft.NET
2012-09-27 05:32 . 2012-10-16 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-09-27 05:32 . 2012-09-27 05:32 -------- d-----w- c:\program files\AVG
2012-09-27 03:32 . 2012-10-16 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-09-27 03:32 . 2012-09-27 03:32 -------- d-----w- c:\documents and settings\Francie\Local Settings\Application Data\MFAData
2012-09-27 03:22 . 2012-09-27 17:48 -------- d-----w- c:\program files\PC Cleaners(2)
2012-09-27 03:14 . 2012-09-27 03:14 -------- d-----w- c:\documents and settings\Francie\Application Data\PC Cleaners
2012-09-27 03:13 . 2012-09-27 03:22 -------- d-----w- c:\documents and settings\Francie\Application Data\PCPro
2012-09-27 03:13 . 2012-09-27 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-09-26 05:41 . 2012-09-26 05:41 -------- d-----w- c:\documents and settings\Francie\Application Data\GFI Software
2012-09-26 04:00 . 2012-09-26 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RegAce
2012-09-26 03:54 . 2010-11-26 02:54 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2012-09-26 03:41 . 2012-09-26 03:41 -------- d-----w- C:\AMD
2012-09-16 15:22 . 2012-09-16 15:22 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 23:49 . 2011-02-04 06:10 1682 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-10-04 02:54 . 2012-08-26 16:08 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-06-14 22:20 . 2011-03-24 06:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2000-01-01 1634112]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Guest.FRANCIE-PC\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Qchex Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Qchex Tray Icon.lnk
backup=c:\windows\pss\Qchex Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk
backup=c:\windows\pss\WinTV Recording Status..lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Francie^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\documents and settings\Francie\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Francie^Start Menu^Programs^Startup^Fanbase.lnk]
path=c:\documents and settings\Francie\Start Menu\Programs\Startup\Fanbase.lnk
backup=c:\windows\pss\Fanbase.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2012-08-29 18:51 1061960 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloudCare]
2011-06-25 16:59 96040 ----a-w- c:\program files\Bsecure\BsecTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-11-18 15:44 9221024 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-28 20:59 136176 ----atw- c:\documents and settings\Francie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2000-01-01 00:00 41122448 ----a-w- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-10-19 10:58 1439496 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-05-15 09:40 15504192 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2000-01-01 00:00 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2009-06-22 23:29 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]
2012-07-25 16:57 29357952 ----a-w- c:\program files\SlimDrivers\SlimDrivers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-11-26 02:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-02-04 16:06 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VueMinder]
2012-02-11 14:25 7962624 ----a-w- c:\program files\VueSoft\VueMinder\VueMinder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 13:33 892928 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [6/28/2012 6:33 PM 101112]
R2 Bsecure;CloudCare;c:\program files\Bsecure\InetCtrl.exe [4/2/2012 4:01 PM 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\Bsecure\BsecAV.exe [4/2/2012 4:01 PM 161776]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [8/26/2012 12:11 PM 88688]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [4/12/2012 5:27 AM 69640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [8/26/2012 3:03 PM 1262400]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [9/5/2011 11:41 PM 28256]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [4/2/2012 4:01 PM 21624]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [8/26/2012 12:36 PM 43392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [8/26/2012 12:11 PM 2551664]
S0 gbgrrpg;gbgrrpg;c:\windows\system32\drivers\hcvfg.sys --> c:\windows\system32\drivers\hcvfg.sys [?]
S0 nhrmdtgf;nhrmdtgf;c:\windows\system32\drivers\gqtbt.sys --> c:\windows\system32\drivers\gqtbt.sys [?]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [9/5/2011 11:41 PM 28256]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [5/17/2011 10:43 AM 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [5/17/2011 10:43 AM 1217920]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [5/17/2011 10:43 AM 1220224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2012 2:37 AM 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/27/2012 5:34 PM 40776]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 8:00 AM 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/26/2012 12:08 PM 13024]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 5:44 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2011 5:44 PM 136176]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [9/15/2011 11:40 PM 558592]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/5/2012 2:37 AM 655944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WUAUSERV
*Deregistered* - BsecureFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-06 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-04-03 14:08]
.
2012-09-28 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-01-12 21:59]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 21:44]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 21:44]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-616249376-839522115-1003Core.job
- c:\documents and settings\Francie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 20:59]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-616249376-839522115-1003UA.job
- c:\documents and settings\Francie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-29 20:59]
.
2012-07-25 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-07-15 06:07]
.
2012-06-29 c:\windows\Tasks\prismDowngrade.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-19 16:51]
.
2011-12-22 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-19 16:51]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-616249376-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-09-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2012-10-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-616249376-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]
.
2011-01-20 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-01-20 02:58]
.
2012-10-15 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2011-01-20 02:58]
.
2012-10-15 c:\windows\Tasks\User_Feed_Synchronization-{259297A0-4E67-4E79-897A-4C8098A85E45}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2012-06-14 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-19 16:52]
.
2012-05-16 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-19 16:52]
.
2011-10-06 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-19 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\documents and settings\Francie\Application Data\Mozilla\Firefox\Profiles\0tdbrp4t.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 0cb749d1-f74c-4bd5-9adf-4877091b9912
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-Ask and Record FLV Service - c:\program files\Replay Media Catcher\FLVSrvc.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-RemoteControl10 - c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
MSConfigStartUp-WMUTray - c:\program files\WakeMeUp\WMUTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-15 22:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Bsecure\BSecAMX.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2012-10-15 22:49:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 02:49
.
Pre-Run: 86,654,783,488 bytes free
Post-Run: 89,766,346,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FA65D45B5088DC0D12AC37482566259E