Jump to content

zanth07

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

Reputation

0 Neutral

About zanth07

  • Birthday September 15

Profile Information

  • Location
    Maryland
  1. zanth07
    Good morning Larry, hopefully you aren't experiencing any issues from all the snow which is possibly out your way I did 2 things this morning, and it seems that the combo has resolved the issues that I've been having. I followed the instructions to remove IE8, installed IE7 (confirmed 8 was completely gone). That didn't solve my issue, the "Internet explorer cannot display the website" screen was still coming up. So then I went to tools on IE7, then Internet Options, then clicked on Advanced. I did a Reset Internet Explorer settings, restarted IE7 and haven't had a problem since. I have also verified that the issues that I was experiencing on facebook (having to press the keys 2-3 times to have the letter appear on facebook) are gone too. I wonder if having reset the internet explorer options, if I can safely go back to IE8? So it looks like even though you helped me to get rid of that awful Ilivid / searchqu thing, it must have changed other settings when it installed itself which have been causing me issues since. This was a tough lesson to learn, and I appreciate all your help in repairing this. That I can recall I never received any indication that these toolbars / BMO's were going to be installed on my computer. I was home sick one day and just wanted to watch a couple of episodes of NCIS which I found on a website that I will never be visiting again. I think it's safe to close this topic now, please do add the information to donate, your help has been invaluable. Sandy
  2. zanth07
    Thank you SO MUCH!!!! I will try this 1st thing tomorrow and let you know how it works. You are awesome! Sandy
  3. zanth07
    Ok, at this point I'm really getting frustrated. It looks like Ilivid and searchqu are completely gone, but I'm still getting the cannot display webpage screens (not nearly as often though). I haven't found a way to remove IE8 and reinstall it, and I cannot go above IE8 due to work. Would installing IE7 remove IE8? Thanks again for all of your help. Sandy
  4. zanth07
    Ok, I did that and restarted. I actually have to leave for the evening, but I'll post tomorrow how IE8 is running for me. Thanks very much for all your help and patience. Sandy
  5. zanth07
    IE8 was slightly better today, but I still was getting the webpage cannot be displayed screen when I had no connectivity issues. The firefox error on shutdown was a one time thing. I noticed this evening when I tried to use IE8 to log on to facebook that I had to do each keystroke 2 times, this seems to only be happening on facebook, and the facebook login screen (I don't have this issue when I log on facebook using Mozilla Firefox). Here is the log file: ComboFix 12-01-10.02 - sandys 01/10/2012 18:41:57.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1268 [GMT -5:00] Running from: c:\documents and settings\sandys\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\sandys\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 ))))))))))))))))))))))))))))))) . . 2011-12-13 15:26 . 2011-12-13 15:26 -------- d-----w- c:\program files\Verizon . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 20:24 . 2010-04-05 16:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 03:03 . 2011-05-18 11:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2011-11-02 15:42 . 2011-11-02 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-02 15:42 . 2010-04-15 20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 08:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-11-17 15:57 . 2011-11-17 15:57 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2011-11-25 13:48 . 2011-06-17 20:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-10_02.02.43 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-10 23:57 . 2012-01-10 23:57 16384 c:\windows\temp\Perflib_Perfdata_794.dat + 2004-08-07 13:14 . 2012-01-10 02:05 82766 c:\windows\system32\perfc009.dat - 2004-08-07 13:14 . 2011-12-30 18:02 82766 c:\windows\system32\perfc009.dat + 2004-08-07 13:14 . 2012-01-10 02:05 476808 c:\windows\system32\perfh009.dat - 2004-08-07 13:14 . 2011-12-30 18:02 476808 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848] "HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-05-13 435504] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-10-31 65536] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024] "DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2010-02-23 710032] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\documents and settings\host\Start Menu\Programs\Startup\ Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1996-7-31 14848] . c:\documents and settings\sandys\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Access97\Office\OSA.EXE [1997-9-25 51984] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2009-12-15 18:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"= . R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2/23/2010 7:00 PM 36784] R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2/23/2010 6:59 PM 63408] R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2/23/2010 6:59 PM 35376] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2/22/2010 2:32 PM 224816] R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2/23/2010 6:59 PM 55216] R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2/23/2010 6:59 PM 24496] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/5/2008 7:08 PM 109184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [6/5/2008 7:08 PM 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/5/2008 7:08 PM 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/15/2009 1:40 PM 2245624] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/5/2008 7:08 PM 12496] R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2/23/2010 6:48 PM 46592] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/21/2011 10:33 AM 21496] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/30/2011 5:56 AM 101624] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [10/21/2011 10:20 AM 212568] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 5:11 PM 1176824] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 1:41 PM 47504] R2 DisknetClient;Check Point ESME Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [2/23/2010 6:59 PM 1402248] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/10/2008 1:13 PM 18944] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6/5/2008 7:07 PM 256512] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2/22/2010 2:33 PM 649776] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2/22/2010 2:33 PM 231984] R2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/12/2011 11:28 AM 2804312] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/21/2011 10:33 AM 74104] R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/12/2011 11:28 AM 181616] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [12/15/2009 1:40 PM 126680] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 1:40 PM 684280] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 3:29 PM 475520] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/31/2008 3:58 AM 193840] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 2:16 PM 41216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html Trusted Zone: cmsinc.com\ajwstb06-tb62 Trusted Zone: origenate.com\ajwstb06-xpress Trusted Zone: origenate.com\svxpress Trusted Zone: rfap05 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\sandys\Application Data\Mozilla\Firefox\Profiles\dq4aybnb.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-10 19:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????$??????????????|?M?|?????M?|~?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1012) c:\windows\system32\pssogina.dll c:\windows\system32\LogonAgentAPI.dll c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll c:\windows\system32\acomx.dll c:\windows\system32\aclog.dll c:\windows\system32\asphat32.dll c:\windows\system32\ackpbsc.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acerrmes.dll c:\windows\system32\acevtsub.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\windows\system32\acbsi21.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll c:\windows\system32\xenroll.dll c:\windows\system32\WININET.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll c:\windows\system32\ckpNotify.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll c:\windows\system32\APSHook.dll . - - - - - - - > 'Explorer.exe'(2956) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\DCSi\E-Term32\WS_FTP Pro\nsftpch.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\msdtc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\msiexec.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe c:\windows\system32\igfxsrvc.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe . ************************************************************************** . Completion time: 2012-01-10 19:03:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-11 00:03 ComboFix2.txt 2012-01-10 02:06 . Pre-Run: 285,627,154,432 bytes free Post-Run: 285,734,920,192 bytes free . - - End Of File - - E38B42F97FCEC288668BCA06AF609548
  6. zanth07
    I just tried to shut the laptop down for the night and a pop up box came up saying nsAppShell is not responding. I've never seen that before.
  7. zanth07
    I haven't used IE8 much since combo fix finished, but it did delete some things, here's the log: ComboFix 12-01-09.06 - sandys 01/09/2012 20:50:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1141 [GMT -5:00] Running from: c:\documents and settings\sandys\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\FindXplorer c:\documents and settings\host\WINDOWS c:\program files\FindXplorer c:\windows\system32\ctl3d32.dll.tmp c:\windows\system32\MSMAsk32.ocx . . ((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))))) . . 2011-12-13 15:26 . 2011-12-13 15:26 -------- d-----w- c:\program files\Verizon . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 20:24 . 2010-04-05 16:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 03:03 . 2011-05-18 11:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2011-11-02 15:42 . 2011-11-02 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-02 15:42 . 2010-04-15 20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 08:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-12 16:29 . 2011-10-12 16:29 42864 ----a-w- c:\windows\system32\sbbd.exe 2011-11-17 15:57 . 2011-11-17 15:57 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2011-11-25 13:48 . 2011-06-17 20:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848] "HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-05-13 435504] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-10-31 65536] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024] "DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2010-02-23 710032] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\documents and settings\host\Start Menu\Programs\Startup\ Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1996-7-31 14848] . c:\documents and settings\sandys\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Access97\Office\OSA.EXE [1997-9-25 51984] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2009-12-15 18:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"= . R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2/23/2010 7:00 PM 36784] R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2/23/2010 6:59 PM 63408] R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2/23/2010 6:59 PM 35376] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2/22/2010 2:32 PM 224816] R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2/23/2010 6:59 PM 55216] R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2/23/2010 6:59 PM 24496] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/5/2008 7:08 PM 109184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [6/5/2008 7:08 PM 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/5/2008 7:08 PM 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/15/2009 1:40 PM 2245624] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/5/2008 7:08 PM 12496] R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2/23/2010 6:48 PM 46592] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/21/2011 10:33 AM 21496] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/30/2011 5:56 AM 101624] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [10/21/2011 10:20 AM 212568] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 5:11 PM 1176824] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 1:41 PM 47504] R2 DisknetClient;Check Point ESME Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [2/23/2010 6:59 PM 1402248] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/10/2008 1:13 PM 18944] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6/5/2008 7:07 PM 256512] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2/22/2010 2:33 PM 649776] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2/22/2010 2:33 PM 231984] R2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/12/2011 11:28 AM 2804312] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/21/2011 10:33 AM 74104] R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/12/2011 11:28 AM 181616] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [12/15/2009 1:40 PM 126680] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 1:40 PM 684280] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 3:29 PM 475520] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/31/2008 3:58 AM 193840] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 2:16 PM 41216] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html Trusted Zone: cmsinc.com\ajwstb06-tb62 Trusted Zone: origenate.com\ajwstb06-xpress Trusted Zone: origenate.com\svxpress Trusted Zone: rfap05 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\sandys\Application Data\Mozilla\Firefox\Profiles\dq4aybnb.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) SafeBoot-disknet AddRemove-FindXplorer - c:\program files\FindXplorer\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-09 21:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????$??????????????|?M?|?????M?|~?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1008) c:\windows\system32\pssogina.dll c:\windows\system32\LogonAgentAPI.dll c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll c:\windows\system32\acomx.dll c:\windows\system32\aclog.dll c:\windows\system32\asphat32.dll c:\windows\system32\ackpbsc.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acerrmes.dll c:\windows\system32\acevtsub.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\windows\system32\acbsi21.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll c:\windows\system32\xenroll.dll c:\windows\system32\WININET.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll c:\windows\system32\ckpNotify.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll c:\windows\system32\APSHook.dll . - - - - - - - > 'Explorer.exe'(4632) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\DCSi\E-Term32\WS_FTP Pro\nsftpch.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\msdtc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\msiexec.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe c:\windows\system32\igfxsrvc.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2012-01-09 21:06:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-10 02:06 . Pre-Run: 284,449,026,048 bytes free Post-Run: 284,567,097,344 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 6EC4C3D6696B4998FA99145B777953E9
  8. zanth07
    I did a full scan, here's the log: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.09.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sandys :: SANDYS-LT [administrator] 1/9/2012 11:03:10 AM mbam-log-2012-01-09 (11-03-10).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 416420 Time elapsed: 1 hour(s), 52 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The machine is behaving fine, it's IE8 that is behaving poorly, ever since that searchqu toolbar appeared in my add ons I will get a Internet Explorer cannot display the webpage What you can try: Diagnose Connection Problems More information screen when there are no connection problems. This doesn't happen on all webpages, and it doesn't even happen on the same webpage (I've gotten that screen, then immediately reloaded the page with no problems). I really wish that I could uninstall IE8 and all addons and do a completely new install because it's just been a mess to deal with since the searchqu add on somehow got installed. Thanks in advance for your help.
  9. zanth07
    I noticed recently that an add on was associated with my IE8 on the laptop that I use for work. I followed instructions that I found on line to delete the registry keys associated with it (Windows Ilivid / searchqu Toolbar), but now that I look at the add ons it's not identified as Ilivid, but it does seem to be lingering still as "Control Name is not Available", so it doesn't appear to be completely gone yet. Here's the DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by sandys at 13:59:01 on 2012-01-04 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.848 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\System32\svchost.exe -k Cognizance c:\Program Files\Fingerprint Sensor\AtService.exe C:\WINDOWS\system32\svchost -k DcomLaunch c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Prot_srv.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\pstartSr.exe C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\WINDOWS\system32\AccelerometerSt.Exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe C:\Program Files\CheckPoint\Tray\DNTray.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AIM\aim.exe C:\Program Files\Access97\Office\OSA.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\CMSI\Configuration Manager 8.5.08\ConfigManager.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\dcsi\e-term32\ws_ftp pro\wsbho2k0.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Check Point Endpoint Tray Application] c:\program files\common files\check point\uiframework\cptray.exe mRun: [DN4TRAY] "c:\program files\checkpoint\tray\DNTray.exe" mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Windows iLivid Toolbar" mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\windows ilivid toolbar\datamngr\ToolBar" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\access97\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: cmsinc.com\ajwstb06-tb62 Trusted Zone: origenate.com\ajwstb06-xpress Trusted Zone: origenate.com\svxpress Trusted Zone: rfap05 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 172.16.25.191 172.16.25.192 TCP: Interfaces\{2D54C050-F7F0-43C7-A06D-2645DB23CB9C} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{FAAEB0BB-78CB-40EA-B819-06EE06157D18} : DhcpNameServer = 172.16.25.191 172.16.25.192 Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: ckpNotify - ckpNotify.dll Notify: igfxcui - igfxdev.dll Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll AppInit_DLLs: APSHook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli ASWLNPkg Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\sandys\application data\mozilla\firefox\profiles\dq4aybnb.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2010-2-23 36784] R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2010-2-23 63408] R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2010-2-23 35376] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2010-2-22 224816] R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2010-2-23 55216] R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2010-2-23 24496] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-6-5 109184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-6-5 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-5 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2009-12-15 2245624] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-6-5 12496] R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2010-2-23 46592] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-10-21 21496] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-10-21 212568] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-15 1176824] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2009-12-15 47504] R2 DisknetClient;Check Point ESME Client Service;c:\program files\checkpoint\pointsec protector client\disknet.exe [2010-2-23 1402248] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-6-5 256512] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2010-2-22 649776] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2010-2-22 231984] R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2011-10-12 2804312] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-10-21 74104] R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2011-10-12 181616] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2009-12-15 126680] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2009-12-15 684280] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216] . =============== Created Last 30 ================ . 2011-12-13 15:26:57 -------- d-----w- c:\program files\Verizon 2011-12-06 22:34:35 -------- d-----w- c:\windows\.jagex_cache_32 . ==================== Find3M ==================== . 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 03:03:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec 2011-11-02 15:42:03 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-02 15:42:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-12 16:29:46 42864 ----a-w- c:\windows\system32\sbbd.exe 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 13:59:55.83 =============== attach.zip
  10. zanth07
    Thanks for everything Borislav. I've uninstalled all the things you told me to along with McAfee. I opted to go with avast, and of course I'm now on the MBAM Pro version. I need to read over the rest of the information to see what else I should do. Again, thanks for everything that all of you do!
  11. zanth07
    Disk Optimizer only seemed to exist as a shell, there were no associated programs with Uninstall, so I deleted the folder from my program menu and deleted the shortcut. I don't see any remains now of either Disk Optimizer or Security Shield. I think there is some cleanup work left, but as far as the infection that brought me here, thank you so much, I believe it's gone. I think I need to get rid of some of the cleanup tools that we used, and to undo the fogger thing that I did when we started. As well, I want to get rid of McAfee completely and go with one of the 2 free virus scan programs that I've seen recommended in the forums. I think I'm only running with windows firewall, is it possible to disable that and to go with one of the ones recommended here? I haven't done anything yet, but here's my plan: 1) MBAM pro 2.) get rid of McAfee 3.) Look into more of a firewall then windows firewall I run teatimer with Spybot Search and Destroy already ... any other suggestions? Again, thank you for all of your help!
  12. zanth07
    When I get home it will be done boss Any log you want after?
  13. zanth07
    If I do need to run it again, because I did have to stop it at 99% (all 6 of those threats were found in the 98 - 99% area), can you find out how I can keep the PC from going into sleep mode after 15 minutes? Thanks!
  14. zanth07
    Oh, and the program "Disk Optimizer" which was the one that brought me here in the 1st place (that one and it's buddy Security Shield ... which thankfully is gone) is still sitting on my desktop, and it is in "Start" / All Programs / Disk Optimizer ... there is an "Uninstall Disk Optimizer" located within that folder, but for one, you've told me not to add or remove any programs, and secondly I don't trust it .. I think it's a trick.
  15. zanth07
    Thanks Borislav ... ESET stalled at 99% ... I think I've said before that I dislike Vista, I haven't figured out how to keep my screen from going into sleep mode after 15 minutes of no keyboard or mouse clicks ... I ended up having to wiggle my mouse a couple of times, but the stall did not coincide with either of those. Never the less, it did find and Quarantine 6 threats, here's the log: (let me know if I should run it again, or run another DDS) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=2b7f68e2a7de2c48bf3b66c22e7e05e6 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-01-19 11:53:32 # local_time=2011-01-19 06:53:32 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5121 16776573 100 96 24341454 47486961 0 0 # compatibility_mode=5892 16776574 100 100 5585 132085765 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=71086 # found=6 # cleaned=6 # scan_time=2974 C:\Users\Sandy\AppData\Local\nfmtscpbq.exe a variant of Win32/Kryptik.JRP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\30502701-4dc4b6e5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\42290e4d-1c01ac29 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23803c97-32cc5a14 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\716041e5-675b99e2 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5e580ffb-60f79974 a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.