Jump to content

Binzapped

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for getting rid of the malware. fyi, I was able to restore all of the shortcuts, Firefox & Dropbox that were missing when I followed the instructions on this site: http://www.pchell.com/support/unhidefiles.shtml I used the following commands: For Windows XP 1) Click on Start, Run 2) Type CMD and press Enter 3) At the command prompt type the following and press Enter CD \ 4) Now the command prompt should show the root folder of the hard drive. Most likely C:\ 5) At the command prompt type the following and press Enter ATTRIB -H *.* /S /D This command will unhide the files that are currently hidden. Because the important system files have a system attribute attached to them as well, the above command will not work for them and they will be skipped and kept hidden from prying eyes. This command will take some time, so dont be afraid if it takes anywhere from a few minutes to half an hour to finish. What the command does is simple. It removes the hidden attribute from all files on the hard drive. The /S parameter tells it to search the current folder and all subfolders, while the /D parameter processes tthe folders as well. 6) Type Exit and press Enter when the procedure is complete. Then reboot your computer
  2. I did what you recommended & ran Combofix again. It doesn't look like anything changed. The same things listed above (The QuickLaunch bar still doesn't have it's icons, Dropbox is still missing from the Systray, some of my desktop shortcuts are still missing. Firefox no longer has an icon on the desktop & when I try to start it, I get the same error message posted previously.) still aren't back the way they were before the malware damaged my computer. Here's the Combofix log: ComboFix 12-09-20.02 - Compaq_Administrator 09/20/2012 21:28:38.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.319 [GMT -4:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 ))))))))))))))))))))))))))))))) . . 2012-09-17 23:56 . 2012-09-18 00:53 399264 ----a-w- c:\windows\unhide.exe 2012-09-17 23:54 . 2012-09-17 23:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Downloads 2012-09-17 11:08 . 2012-09-17 11:08 -------- d-----w- C:\_OTL 2012-09-15 01:19 . 2012-09-15 01:19 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2012-09-11 02:05 . 2012-09-11 02:08 -------- d-----w- C:\MGtools 2012-09-11 01:49 . 2012-09-11 01:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-09-11 01:40 . 2012-09-11 01:40 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-09-11 01:14 . 2012-09-11 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ 2012-09-11 01:08 . 2012-09-11 01:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo! 2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-09-10 01:56 . 2012-01-09 22:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys 2012-09-10 01:56 . 2012-01-09 22:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys 2012-09-07 15:07 . 2012-09-07 15:07 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-11 02:08 . 2012-09-11 02:05 210925 ----a-w- C:\MGlogs.zip 2012-09-07 21:04 . 2010-04-05 13:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-01 13:04 . 2012-04-06 02:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-01 13:04 . 2011-05-15 01:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-06 02:07 . 2007-05-02 02:04 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-06 02:06 . 2012-08-04 22:33 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 02:06 . 2011-05-29 16:06 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:05 . 2004-08-10 04:00 139784 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2004-08-10 04:00 385024 ------w- c:\windows\system32\html.iec 2012-07-21 19:03 . 2011-05-14 15:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{da3116fa-099a-5814-4183-e1a9eeb94f35}"= "c:\program files\Bucksbee Loyalty Plugin - Air Installer\Helper.dll" [2012-05-13 361984] . [HKEY_CLASSES_ROOT\clsid\{da3116fa-099a-5814-4183-e1a9eeb94f35}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{58A52AA3-40A4-B184-E12A-7F02C33D6D41}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9}] 2012-02-09 04:19 13632 ----a-w- c:\program files\Bucksbee Loyalty Plugin - Air Installer\BucksBee Loyalty Plugin.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408] "PlaxoUpdate"="c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe" [2009-10-01 403015] "PlaxoSysTray"="c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe" [2009-10-01 20480] "AbacastDistributedOnDemand:11"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712] "STC"="c:\program files\Innovative Solutions\System Tray Cleaner\stc.exe" [2011-11-04 2618288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-07-22 73392] "Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-07-12 892928] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-07-14 738984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269] . c:\documents and settings\Mary Gainey-Sutton\Start Menu\Programs\Startup\ PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136] . c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A] Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [N/A] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] Wireless Connection Manager.lnk - c:\program files\eHome\Wireless G EH102\wirelesscm.exe [2007-1-20 10244096] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-8 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Bucksbee Loyalty Plugin - Air Installer\\TroubleShooter.exe"= . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/1/2010 10:10 PM 28552] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9/9/2012 9:56 PM 11352] R1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [8/9/2012 10:06 PM 228376] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/7/2012 11:07 AM 71480] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/7/2012 11:07 AM 166840] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 10:44 AM 27056] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 10:44 AM 497320] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/7/2012 11:07 AM 976728] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 4:40 PM 21520] S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?] S2 gupdate1c9d17f8aa53c4a;Google Update Service (gupdate1c9d17f8aa53c4a);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 10:11 PM 250568] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [11/4/2007 7:46 PM 11648] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 8:27 PM 113120] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:04] . 2011-05-29 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-10-31 01:55] . 2012-09-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 01:06] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56] . 2012-09-21 c:\windows\Tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uDefault_Search_URL = about:blank uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uInternet Settings,ProxyOverride = *.r5.attbi.com;<local>;*.local uInternet Settings,ProxyServer = sas.r5.attbi.com:8000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - c:\program files\Yapta\YaptaSidebar.dll Trusted Zone: aol.com\free Trusted Zone: trymedia.com TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB DPF: {EB533642-0AFC-4559-A494-8CFFA296ACAE} - hxxps://mail.alticor.com/images/whlcache.cab?egap=internal FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms} FF - prefs.js: network.proxy.ftp - sas.r5.attbi.com FF - prefs.js: network.proxy.ftp_port - 8000 FF - prefs.js: network.proxy.http - sas.r5.attbi.com FF - prefs.js: network.proxy.http_port - 8000 FF - prefs.js: network.proxy.socks - sas.r5.attbi.com FF - prefs.js: network.proxy.socks_port - 8000 FF - prefs.js: network.proxy.ssl - sas.r5.attbi.com FF - prefs.js: network.proxy.ssl_port - 8000 FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.hmpg - true FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms} FF - user.js: extensions.zonealarm_i.dnsErr - true FF - user.js: extensions.zonealarm_i.newTab - true FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=c056723000000000000000195b04ab21&q= FF - user.js: extensions.zonealarm.id - c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.instlDay - 15552 FF - user.js: extensions.zonealarm.vrsn - 1.6.4.5 FF - user.js: extensions.zonealarm.vrsni - 1.6.4.5 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.4.522:35 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1001 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN00212370455149-1001 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-20 21:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1015641442-117758955-2228853932-1007\Software\Microsoft\Driver Signing] @Denied: (2) (Administrators) @Allowed: (2) (Administrators) @SACL= "Policy"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\Ati2evxx.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(908) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(1028) c:\windows\system32\WININET.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-09-20 22:08:18 ComboFix-quarantined-files.txt 2012-09-21 02:08 ComboFix2.txt 2012-09-20 02:17 ComboFix3.txt 2012-09-20 01:03 ComboFix4.txt 2012-09-19 02:47 . Pre-Run: 194,304,757,760 bytes free Post-Run: 194,356,985,856 bytes free . - - End Of File - - B9CEAB9016BB1AEBD8B15B1918405987
  3. I figured out how to disable the Windows Security Center, can't delete it since it's part of the Control Panel. As far as I can tell, running Combofix a 2nd time didn't seem to fix anything beyond what it did lsat night. The QuickLaunch bar still doesn't have it's icons, Dropbox is still missing from the Systray, some of my desktop shortcuts are still missing. Firefox no longer has an icon on the desktop & when I try to start it, I get the same error message posted previously. Here's the Combofix log: ComboFix 12-09-18.07 - Compaq_Administrator 09/19/2012 21:44:48.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.473 [GMT -4:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 ))))))))))))))))))))))))))))))) . . 2012-09-17 23:56 . 2012-09-18 00:53 399264 ----a-w- c:\windows\unhide.exe 2012-09-17 23:54 . 2012-09-17 23:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Downloads 2012-09-17 11:08 . 2012-09-17 11:08 -------- d-----w- C:\_OTL 2012-09-15 01:19 . 2012-09-15 01:19 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2012-09-11 02:05 . 2012-09-11 02:08 -------- d-----w- C:\MGtools 2012-09-11 01:49 . 2012-09-11 01:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-09-11 01:40 . 2012-09-11 01:40 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-09-11 01:14 . 2012-09-11 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ 2012-09-11 01:08 . 2012-09-11 01:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo! 2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-09-10 01:56 . 2012-01-09 22:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys 2012-09-10 01:56 . 2012-01-09 22:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys 2012-09-07 15:07 . 2012-09-07 15:07 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-11 02:08 . 2012-09-11 02:05 210925 ----a-w- C:\MGlogs.zip 2012-09-07 21:04 . 2010-04-05 13:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-01 13:04 . 2012-04-06 02:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-01 13:04 . 2011-05-15 01:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-06 02:07 . 2007-05-02 02:04 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-06 02:06 . 2012-08-04 22:33 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 02:06 . 2011-05-29 16:06 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:05 . 2004-08-10 04:00 139784 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2004-08-10 04:00 385024 ------w- c:\windows\system32\html.iec 2012-07-21 19:03 . 2011-05-14 15:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{da3116fa-099a-5814-4183-e1a9eeb94f35}"= "c:\program files\Bucksbee Loyalty Plugin - Air Installer\Helper.dll" [2012-05-13 361984] . [HKEY_CLASSES_ROOT\clsid\{da3116fa-099a-5814-4183-e1a9eeb94f35}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{58A52AA3-40A4-B184-E12A-7F02C33D6D41}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9}] 2012-02-09 04:19 13632 ----a-w- c:\program files\Bucksbee Loyalty Plugin - Air Installer\BucksBee Loyalty Plugin.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408] "PlaxoUpdate"="c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe" [2009-10-01 403015] "PlaxoSysTray"="c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe" [2009-10-01 20480] "AbacastDistributedOnDemand:11"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712] "STC"="c:\program files\Innovative Solutions\System Tray Cleaner\stc.exe" [2011-11-04 2618288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-07-22 73392] "Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-07-12 892928] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-07-14 738984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269] . c:\documents and settings\Mary Gainey-Sutton\Start Menu\Programs\Startup\ PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136] . c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A] Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [N/A] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] Wireless Connection Manager.lnk - c:\program files\eHome\Wireless G EH102\wirelesscm.exe [2007-1-20 10244096] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-8 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Bucksbee Loyalty Plugin - Air Installer\\TroubleShooter.exe"= . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/1/2010 10:10 PM 28552] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9/9/2012 9:56 PM 11352] R1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [8/9/2012 10:06 PM 228376] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/7/2012 11:07 AM 71480] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/7/2012 11:07 AM 166840] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 10:44 AM 27056] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 10:44 AM 497320] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/7/2012 11:07 AM 976728] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 4:40 PM 21520] S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?] S2 gupdate1c9d17f8aa53c4a;Google Update Service (gupdate1c9d17f8aa53c4a);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 10:11 PM 250568] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [11/4/2007 7:46 PM 11648] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 8:27 PM 113120] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:04] . 2011-05-29 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-10-31 01:55] . 2012-09-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 01:06] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56] . 2012-09-20 c:\windows\Tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uDefault_Search_URL = about:blank uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uInternet Settings,ProxyOverride = *.r5.attbi.com;<local>;*.local uInternet Settings,ProxyServer = sas.r5.attbi.com:8000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - c:\program files\Yapta\YaptaSidebar.dll Trusted Zone: aol.com\free Trusted Zone: trymedia.com TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB DPF: {EB533642-0AFC-4559-A494-8CFFA296ACAE} - hxxps://mail.alticor.com/images/whlcache.cab?egap=internal FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms} FF - prefs.js: network.proxy.ftp - sas.r5.attbi.com FF - prefs.js: network.proxy.ftp_port - 8000 FF - prefs.js: network.proxy.http - sas.r5.attbi.com FF - prefs.js: network.proxy.http_port - 8000 FF - prefs.js: network.proxy.socks - sas.r5.attbi.com FF - prefs.js: network.proxy.socks_port - 8000 FF - prefs.js: network.proxy.ssl - sas.r5.attbi.com FF - prefs.js: network.proxy.ssl_port - 8000 FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.hmpg - true FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms} FF - user.js: extensions.zonealarm_i.dnsErr - true FF - user.js: extensions.zonealarm_i.newTab - true FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=c056723000000000000000195b04ab21&q= FF - user.js: extensions.zonealarm.id - c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.instlDay - 15552 FF - user.js: extensions.zonealarm.vrsn - 1.6.4.5 FF - user.js: extensions.zonealarm.vrsni - 1.6.4.5 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.4.522:35 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1001 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN00212370455149-1001 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-19 22:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1015641442-117758955-2228853932-1007\Software\Microsoft\Driver Signing] @Denied: (2) (Administrators) @Allowed: (2) (Administrators) @SACL= "Policy"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(912) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(5004) c:\windows\system32\WININET.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-09-19 22:17:47 ComboFix-quarantined-files.txt 2012-09-20 02:17 ComboFix2.txt 2012-09-20 01:03 ComboFix3.txt 2012-09-19 02:47 . Pre-Run: 194,557,706,240 bytes free Post-Run: 194,535,858,176 bytes free . - - End Of File - - 3D94F418B427EAB72B5A7338079A14FA
  4. The Combofix scan that I did last night was in Normal mode. I disabled the ZoneAlarm Free Firewall Antivirus program when I ran it. Do you want me to run it again?
  5. As mentioned in one of earlier posts, while in Safe Mode when the malware was still on my computer, I went to Control Panel and removed MS Security Essentials before I installed the ZoneAlarm Free Firewall Antivirus. So I'm not sure why the log says I still have the MS AV. When I get home tonight I'll check in Normal mode whether the MS AV is still on my computer.
  6. The one thing that Combofix fixed is the Start Menu. The QuickLaunch bar still doesn't have it's icons, Dropbox is still missing from the Systray, some of my desktop shortcuts are still missing. Firefox no longer has an icon on the desktop & when I try to start it, I get the same error message as posted previously. Here's the Combofix log: ComboFix 12-09-18.06 - Compaq_Administrator 09/18/2012 21:38:05.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.303 [GMT -4:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: ZoneAlarm Free Firewall Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\20635428 c:\documents and settings\All Users\Start Menu\Programs\ClickPotato c:\documents and settings\All Users\Start Menu\Programs\ClickPotato\About Us.lnk c:\documents and settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk c:\documents and settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery c:\documents and settings\Compaq_Administrator\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Mary Gainey-Sutton\WINDOWS c:\program files\Internet Explorer\SET198.tmp c:\program files\Internet Explorer\SET199.tmp c:\program files\Internet Explorer\SET19B.tmp c:\program files\Internet Explorer\SET52.tmp c:\program files\Internet Explorer\SET53.tmp c:\program files\Internet Explorer\SET55.tmp c:\program files\Internet Explorer\SET7E.tmp c:\program files\Internet Explorer\SET7F.tmp c:\program files\Internet Explorer\SET81.tmp c:\program files\RadioPI_4eEI c:\program files\StartNow Toolbar c:\program files\StartNow Toolbar\Resources\images\engine_images.png c:\program files\StartNow Toolbar\Resources\images\engine_maps.png c:\program files\StartNow Toolbar\Resources\images\engine_news.png c:\program files\StartNow Toolbar\Resources\images\engine_videos.png c:\program files\StartNow Toolbar\Resources\images\engine_web.png c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files\StartNow Toolbar\Resources\images\icon_games.png c:\program files\StartNow Toolbar\Resources\images\icon_msn.png c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files\StartNow Toolbar\Resources\images\icon_travel.png c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files\StartNow Toolbar\Resources\installer.xml c:\program files\StartNow Toolbar\Resources\protect\index.html c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png c:\program files\StartNow Toolbar\Resources\protect\window.css c:\program files\StartNow Toolbar\Resources\protect\window.js c:\program files\StartNow Toolbar\Resources\reactivate\index.html c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css c:\program files\StartNow Toolbar\Resources\reactivate\window.css c:\program files\StartNow Toolbar\Resources\reactivate\window.js c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files\StartNow Toolbar\Resources\skin\separator.png c:\program files\StartNow Toolbar\Resources\skin\splitter.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files\StartNow Toolbar\Resources\toolbar.xml c:\program files\StartNow Toolbar\Resources\update.xml c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files\StartNow Toolbar\uninstall.dat c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wt c:\windows\wt\data.wts c:\windows\wt\updater\wcmdmgr.exe c:\windows\wt\updater\wcmdmgrl.exe c:\windows\wt\updater\wt.ini c:\windows\wt\webdriver.dll c:\windows\wt\webdriver\4.1.1\actorobject.dll c:\windows\wt\webdriver\4.1.1\dx5drv.dll c:\windows\wt\webdriver\4.1.1\dx7drv.dll c:\windows\wt\webdriver\4.1.1\objectbundle.dll c:\windows\wt\webdriver\4.1.1\sound.dll c:\windows\wt\webdriver\4.1.1\wdcaps.ded c:\windows\wt\webdriver\4.1.1\wdengine.dll c:\windows\wt\webdriver\4.1.1\webdriver.dll c:\windows\wt\webdriver\4.1.1\wthost.exe c:\windows\wt\webdriver\4.1.1\wthostctl.dll c:\windows\wt\webdriver\4.1.1\wtmulti.dll c:\windows\wt\webdriver\4.1.1\wtmulti.jar c:\windows\wt\webdriver\4.1.1\wtwmplug.ax c:\windows\wt\webdriver\4.1.1\wtwmplug.ini c:\windows\wt\webdriver\jdriver.dll c:\windows\wt\webdriver\rdriver.dll c:\windows\wt\webdriver\wildtangent.jar c:\windows\wt\wt3d.dll c:\windows\wt\wt3d.ini c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll c:\windows\wt\wtupdates\wtupdater\appinfo.dat c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts c:\windows\wt\wtvh.dll D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Service_Updater Service for StartNow Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 ))))))))))))))))))))))))))))))) . . 2012-09-17 23:56 . 2012-09-18 00:53 399264 ----a-w- c:\windows\unhide.exe 2012-09-17 23:54 . 2012-09-17 23:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Downloads 2012-09-17 11:08 . 2012-09-17 11:08 -------- d-----w- C:\_OTL 2012-09-15 01:19 . 2012-09-15 01:19 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2012-09-13 01:52 . 2012-09-13 01:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2012-09-11 02:05 . 2012-09-11 02:08 -------- d-----w- C:\MGtools 2012-09-11 01:49 . 2012-09-11 01:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-09-11 01:40 . 2012-09-11 01:40 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-09-11 01:14 . 2012-09-11 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ 2012-09-11 01:08 . 2012-09-11 01:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo! 2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2012-09-10 23:14 . 2012-09-10 23:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2012-09-10 01:56 . 2012-01-09 22:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys 2012-09-10 01:56 . 2012-01-09 22:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys 2012-09-07 15:07 . 2012-09-07 15:07 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-11 02:08 . 2012-09-11 02:05 210925 ----a-w- C:\MGlogs.zip 2012-09-07 21:04 . 2010-04-05 13:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-01 13:04 . 2012-04-06 02:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-01 13:04 . 2011-05-15 01:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-06 13:58 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-06 02:07 . 2007-05-02 02:04 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-06 02:06 . 2012-08-04 22:33 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 02:06 . 2011-05-29 16:06 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:05 . 2004-08-10 04:00 139784 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2004-08-10 04:00 385024 ------w- c:\windows\system32\html.iec 2012-07-21 19:03 . 2011-05-14 15:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{da3116fa-099a-5814-4183-e1a9eeb94f35}"= "c:\program files\Bucksbee Loyalty Plugin - Air Installer\Helper.dll" [2012-05-13 361984] . [HKEY_CLASSES_ROOT\clsid\{da3116fa-099a-5814-4183-e1a9eeb94f35}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{58A52AA3-40A4-B184-E12A-7F02C33D6D41}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9}] 2012-02-09 04:19 13632 ----a-w- c:\program files\Bucksbee Loyalty Plugin - Air Installer\BucksBee Loyalty Plugin.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408] "PlaxoUpdate"="c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe" [2009-10-01 403015] "PlaxoSysTray"="c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe" [2009-10-01 20480] "AbacastDistributedOnDemand:11"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712] "STC"="c:\program files\Innovative Solutions\System Tray Cleaner\stc.exe" [2011-11-04 2618288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-28 81920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-07-22 73392] "Reader Application Helper"="c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-07-12 892928] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-07-14 738984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269] . c:\documents and settings\Mary Gainey-Sutton\Start Menu\Programs\Startup\ PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136] . c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A] Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [N/A] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] Wireless Connection Manager.lnk - c:\program files\eHome\Wireless G EH102\wirelesscm.exe [2007-1-20 10244096] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-8 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-8 27136] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Bucksbee Loyalty Plugin - Air Installer\\TroubleShooter.exe"= . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/1/2010 10:10 PM 28552] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9/9/2012 9:56 PM 11352] R1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [8/9/2012 10:06 PM 228376] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [9/7/2012 11:07 AM 71480] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [9/7/2012 11:07 AM 166840] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 10:44 AM 27056] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 10:44 AM 497320] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [9/7/2012 11:07 AM 976728] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 4:40 PM 21520] S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?] S2 gupdate1c9d17f8aa53c4a;Google Update Service (gupdate1c9d17f8aa53c4a);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 10:11 PM 250568] S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [11/4/2007 7:46 PM 11648] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 10:56 AM 133104] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 8:27 PM 113120] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 14336] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:04] . 2011-05-29 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-10-31 01:55] . 2012-09-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 01:06] . 2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56] . 2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 14:56] . 2012-09-19 c:\windows\Tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uDefault_Search_URL = about:blank uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uInternet Settings,ProxyOverride = *.r5.attbi.com;<local>;*.local uInternet Settings,ProxyServer = sas.r5.attbi.com:8000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - c:\program files\Yapta\YaptaSidebar.dll Trusted Zone: aol.com\free Trusted Zone: trymedia.com TCP: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB DPF: {EB533642-0AFC-4559-A494-8CFFA296ACAE} - hxxps://mail.alticor.com/images/whlcache.cab?egap=internal FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\5uykrio1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms} FF - prefs.js: network.proxy.ftp - sas.r5.attbi.com FF - prefs.js: network.proxy.ftp_port - 8000 FF - prefs.js: network.proxy.http - sas.r5.attbi.com FF - prefs.js: network.proxy.http_port - 8000 FF - prefs.js: network.proxy.socks - sas.r5.attbi.com FF - prefs.js: network.proxy.socks_port - 8000 FF - prefs.js: network.proxy.ssl - sas.r5.attbi.com FF - prefs.js: network.proxy.ssl_port - 8000 FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.hmpg - true FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21&q={searchTerms} FF - user.js: extensions.zonealarm_i.dnsErr - true FF - user.js: extensions.zonealarm_i.newTab - true FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN00212370455149-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=c056723000000000000000195b04ab21&q= FF - user.js: extensions.zonealarm.id - c056723000000000000000195b04ab21 FF - user.js: extensions.zonealarm.instlDay - 15552 FF - user.js: extensions.zonealarm.vrsn - 1.6.4.5 FF - user.js: extensions.zonealarm.vrsni - 1.6.4.5 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.4.522:35 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1001 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN00212370455149-1001 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-DealRunner - c:\program files\DealRunner\DealRunner.exe AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-18 22:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1015641442-117758955-2228853932-1007\Software\Microsoft\Driver Signing] @Denied: (2) (Administrators) @Allowed: (2) (Administrators) @SACL= "Policy"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(860) c:\windows\system32\Ati2evxx.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(916) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'explorer.exe'(3680) c:\windows\system32\WININET.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll c:\documents and settings\Compaq_Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\snmp.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\dllhost.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\ARPWRMSG.EXE c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\program files\Common Files\Java\Java Update\jucheck.exe c:\hp\KBD\KBD.EXE . ************************************************************************** . Completion time: 2012-09-18 22:47:20 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-19 02:47 . Pre-Run: 193,152,876,544 bytes free Post-Run: 194,610,675,712 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 786F3BFEF723070854E10EE3AC280393
  7. The unhide program partially fixed the problem. Some of the Desktop icons are visible now & most of the Systray icons are back (Dropbox is missing) & the programs are visible. I'm having a problem with Firefox. When I try running it, I get a message "Firefox is already running, but is not responding. To open a new window, you must 1st close the existing Firefox process, or restart your system." Firefox isn't running & restarting doesn't fix this. Also the Quicklaunch bar is missing all of the icons and the Start Menu is missing some sections.
  8. This appeared to fix quite a few things. Most of my Desktop icons are still hidden & my All Programs folder is empty plus my Desktop background is all red. Here's the OTL log after it rebooted: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully. C:\Program Files\StartNow Toolbar\Toolbar32.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully. File C:\Program Files\StartNow Toolbar\Toolbar32.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}\ deleted successfully. C:\Program Files\blekkotb_soc\blekkotb_019X.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tJeOfxpyoLkuKU.exe deleted successfully. C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe moved successfully. ========== FILES ========== File\Folder C:\Program Files\StartNow Toolbar\Toolbar32.dll not found. File\Folder C:\Program Files\blekkotb_soc\blekkotb_019X.dll not found. File\Folder C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 5016 bytes User: All Users User: Compaq_Administrator User: Default User ->Flash cache emptied: 41661 bytes User: LocalService User: Mary Gainey-Sutton ->Flash cache emptied: 42272 bytes User: NetworkService User: TEMP Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 195058129 bytes ->Temporary Internet Files folder emptied: 289763616 bytes ->Flash cache emptied: 0 bytes User: All Users User: Compaq_Administrator User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 1056408 bytes ->Temporary Internet Files folder emptied: 36556 bytes User: Mary Gainey-Sutton ->Temp folder emptied: 1965087 bytes ->Temporary Internet Files folder emptied: 42854343 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 24665093 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 4394762 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: TEMP %systemdrive% .tmp files removed: 26878492 bytes %systemroot% .tmp files removed: 2134636 bytes %systemroot%\System32 .tmp files removed: 56226298 bytes %systemroot%\System32\dllcache .tmp files removed: 56400384 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 329098182 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 370116444 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,336.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.61.5 log created on 09172012_070853 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF72ED.tmp not found! File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7311.tmp not found! File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7441.tmp not found! File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7490.tmp not found! C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7UQ18TI\index[2].htm moved successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DCD1HGKT\fastbutton[1].htm moved successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8KI55S14\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\WINDOWS\temp\ZLT03620.TMP moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  9. Here's the contents of the OTL log: OTL logfile created on: 9/15/2012 3:12:26 PM - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 959.29 Mb Total Physical Memory | 405.79 Mb Available Physical Memory | 42.30% Memory free 2.26 Gb Paging File | 1.84 Gb Available in Paging File | 81.38% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 224.54 Gb Total Space | 176.64 Gb Free Space | 78.67% Space Free | Partition Type: NTFS Drive D: | 8.33 Gb Total Space | 0.36 Gb Free Space | 4.32% Space Free | Partition Type: FAT32 Drive J: | 465.76 Gb Total Space | 430.86 Gb Free Space | 92.51% Space Free | Partition Type: NTFS Computer Name: COMPAQ | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe () SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (srescan) -- system32\ZoneLabs\srescan.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found DRV - (DwProt) -- system32\drivers\dwprot.sys File not found DRV - (Changer) -- File not found DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys () DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportCerberus_42020) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys () DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys (Trusteer Ltd.) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation) DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows ® 2000 DDK provider) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (W8335XP) -- C:\WINDOWS\system32\drivers\MRV8335XP.sys (Marvell Semiconductor, Inc) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071706000001.dll File not found FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/30 22:38:17 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/21 15:03:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/03/25 12:50:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2012/08/14 20:44:38 | 000,000,000 | ---D | M] [2012/05/07 20:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/21 15:03:57 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/21 07:42:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/05/13 17:27:34 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml [2012/06/21 07:42:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) O2 - BHO: (Yapta BHO) - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll (Yapta, Inc.) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.4.5\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files\blekkotb_soc\blekkotb_019X.dll () O2 - BHO: (Bucksbee Loyalty Plugin - Air Installer) - {86A5A4F7-990C-F0B4-096E-6B6BFDC90EC9} - C:\Program Files\Bucksbee Loyalty Plugin - Air Installer\BucksBee Loyalty Plugin.dll (Freecause Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.4.5\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (Blekko search bar) - {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files\blekkotb_soc\blekkotb_019X.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft) O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.) O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found O4 - HKLM..\Run: [tJeOfxpyoLkuKU.exe] C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe (AAW) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\eHome\Wireless G EH102\wirelesscm.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll () O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe () O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.) O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mail.alticor.com/iNotes6W.cab (iNotes6 Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264893462500 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aiche.webex.com/client/T27LB/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {EB533642-0AFC-4559-A494-8CFFA296ACAE} https://mail.alticor.com/images/whlcache.cab?egap=internal (Whale Attachment Wiper for IE4 and higher) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98F06CAA-461C-40E2-804E-81B72764D147}: DhcpNameServer = 192.168.2.1 75.75.76.76 75.75.75.75 O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 ========== Files/Folders - Created Within 30 Days ========== [2012/09/15 15:09:20 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/09/14 21:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb [2012/09/12 21:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp [2012/09/12 21:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2012/09/12 20:03:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2012/09/12 20:00:48 | 004,749,988 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2012/09/10 22:05:10 | 000,000,000 | ---D | C] -- C:\MGtools [2012/09/10 22:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller [2012/09/10 21:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2012/09/10 21:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine [2012/09/10 21:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HPQ [2012/09/10 21:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo! [2012/09/10 19:17:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos [2012/09/10 19:17:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools [2012/09/10 19:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2012/09/10 19:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2012/09/10 19:14:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2012/09/10 19:14:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2012/09/09 21:56:55 | 000,011,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl2.sys [2012/09/09 21:56:53 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys [2012/09/09 21:56:28 | 000,485,808 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2012/09/09 16:46:04 | 000,373,248 | -H-- | C] (AAW) -- C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe [2012/08/23 16:20:08 | 000,065,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys [2012/08/17 21:00:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reader for PC [2012/08/17 20:59:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Sony Shared [2012/08/17 20:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [135 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [133 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/15 15:09:23 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/09/15 14:57:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/09/14 22:00:09 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job [2012/09/14 21:56:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/09/14 21:17:58 | 093,133,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe [2012/09/13 23:00:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/09/12 21:57:42 | 000,048,795 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bulbar ALS.pdf [2012/09/12 20:00:48 | 004,749,988 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2012/09/10 22:08:55 | 000,210,925 | ---- | M] () -- C:\MGlogs.zip [2012/09/10 21:40:51 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/09/10 21:39:24 | 001,670,275 | ---- | M] () -- C:\MGtools.exe [2012/09/10 21:36:12 | 002,193,184 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip [2012/09/10 21:32:08 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe [2012/09/10 21:24:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2012/09/09 22:19:54 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/09 22:02:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/09/09 17:35:19 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat [2012/09/09 17:25:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/09/09 16:43:40 | 000,373,248 | -H-- | M] (AAW) -- C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe [2012/09/03 10:59:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/08/23 16:20:08 | 000,065,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys [2012/08/18 08:49:21 | 000,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/08/17 21:00:18 | 000,001,798 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Reader for PC.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [135 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [133 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/14 21:17:29 | 093,133,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe [2012/09/12 21:57:42 | 000,048,795 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bulbar ALS.pdf [2012/09/10 22:05:12 | 000,210,925 | ---- | C] () -- C:\MGlogs.zip [2012/09/10 21:40:51 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/09/10 21:39:16 | 001,670,275 | ---- | C] () -- C:\MGtools.exe [2012/09/10 21:36:12 | 002,193,184 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip [2012/09/10 21:31:55 | 001,378,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe [2012/09/10 21:24:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2012/08/17 21:00:18 | 000,001,798 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Reader for PC.lnk [2012/02/24 23:55:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/05/24 19:01:00 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20635428r [2011/05/24 19:01:00 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~20635428 [2011/05/24 18:50:09 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\20635428 [2011/05/14 11:33:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/10/30 16:56:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2006/08/08 04:39:53 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat ========== LOP Check ========== [2010/10/31 12:34:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2012/09/14 21:58:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor [2010/10/30 15:42:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2010/10/19 21:20:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2012/05/13 17:27:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2011/11/11 23:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2010/05/28 18:48:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access [2010/10/19 21:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/08/04 22:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation [2010/02/24 21:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN [2007/11/04 18:08:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2011/12/04 17:16:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma [2007/09/19 21:40:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/10/19 21:18:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2007/06/17 14:14:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/07/25 14:11:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2007/11/04 19:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2011/03/25 12:52:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/05/29 13:44:06 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2012/09/14 22:00:09 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1CDB8788-0302-498C-A121-64AE4E2D6ADD}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2007/01/15 22:18:08 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK [2011/05/29 12:09:37 | 000,000,280 | RHS- | M] () -- C:\boot.ini [2004/08/09 17:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/04/04 15:41:23 | 000,025,874 | ---- | M] () -- C:\CybDefInstallInfo.log [2006/08/08 05:33:21 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log [2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012/09/10 22:08:55 | 000,210,925 | ---- | M] () -- C:\MGlogs.zip [2012/09/10 21:39:24 | 001,670,275 | ---- | M] () -- C:\MGtools.exe [2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/09 17:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/22 22:34:53 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/09/15 14:57:14 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys [2011/05/28 14:07:33 | 000,000,481 | ---- | M] () -- C:\Shortcut to Documents.lnk [2012/09/10 22:04:12 | 000,090,410 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_10.09.2012_22.02.48_log.txt [2012/07/30 22:35:13 | 000,000,125 | ---- | M] () -- C:\user.js [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\Fonts\*.com > [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > [2006/02/19 13:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll < %systemroot%\Fonts\*.ini > [2005/08/31 00:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2001/08/29 00:00:00 | 000,008,192 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD3q.DLL [2001/08/29 00:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP3q.DLL [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > [2004/01/05 10:57:16 | 000,000,130 | -H-- | M] () -- C:\Documents and Settings\All Users\Favorites\Alticor VPN Tester.url < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2005/08/30 16:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005/08/30 16:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005/08/30 16:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > [2008/08/22 22:47:33 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2006/08/08 04:47:45 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini [2005/08/31 00:06:40 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf < %USERPROFILE%\Desktop\*.exe > [2012/09/12 20:00:48 | 004,749,988 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2012/09/14 21:17:58 | 093,133,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\drweb-cureit.exe [2012/09/15 15:09:23 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/09/10 21:32:08 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > [9 C:\Program Files\Internet Explorer\*.tmp files -> C:\Program Files\Internet Explorer\*.tmp -> ] < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > [2001/07/08 22:56:36 | 001,555,948 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\4146xdat.exe [2001/09/08 15:13:10 | 001,457,229 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\4157xdat.exe [2001/09/12 14:36:28 | 000,508,240 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\My Documents\ie6setup.exe [2001/05/19 13:12:56 | 001,871,940 | -H-- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Administrator\My Documents\igd312au.exe [2001/05/19 13:03:06 | 004,129,397 | -H-- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Administrator\My Documents\MF0215au.exe [2001/01/06 02:09:02 | 004,776,971 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\sdat4114.exe [2001/04/08 01:12:26 | 004,819,433 | -H-- | M] (Network Associates Inc.) -- C:\Documents and Settings\Administrator\My Documents\sdat4132.exe < %USERPROFILE%\*.exe > < %systemroot%\*. /rp /s > < %systemroot%\ADDINS\*.* > [2004/08/10 00:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > [2005/08/31 00:06:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini < %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > [2012/09/15 15:09:05 | 000,081,920 | -H-- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat < %SystemRoot%\system32\fonts\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-08-15 01:30:40 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction < End of report > Here's the Extras log: OTL Extras logfile created on: 9/15/2012 3:12:26 PM - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 959.29 Mb Total Physical Memory | 405.79 Mb Available Physical Memory | 42.30% Memory free 2.26 Gb Paging File | 1.84 Gb Available in Paging File | 81.38% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 224.54 Gb Total Space | 176.64 Gb Free Space | 78.67% Space Free | Partition Type: NTFS Drive D: | 8.33 Gb Total Space | 0.36 Gb Free Space | 4.32% Space Free | Partition Type: FAT32 Drive J: | 465.76 Gb Total Space | 430.86 Gb Free Space | 92.51% Space Free | Partition Type: NTFS Computer Name: COMPAQ | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation) "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.) "C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.) "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YEMF38AF\svchost[1].exe" = C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YEMF38AF\svchost[1].exe:*:Enabled:ldrsoft "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon "C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Compaq_Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Bucksbee Loyalty Plugin - Air Installer\TroubleShooter.exe" = C:\Program Files\Bucksbee Loyalty Plugin - Air Installer\TroubleShooter.exe:*:Enabled:Bucksbee Loyalty Plugin - Air Installer (Helper) -- (FreeCause Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{02F29E25-2B7A-43BA-AF95-D0978593F399}" = Reader for PC "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2CAAE352-4E07-4787-8ED0-C56915DC0F0E}" = ZoneAlarm Firewall "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1 "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{599AEC85-1EB3-4F26-9D2A-B6A1360B9803}" = ZoneAlarm Security "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap "{6D5D1791-756B-4C79-98DF-3505C45FDD2F}" = ZoneAlarm Antivirus "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{704BA20C-E4D5-4265-92B4-9768345AB76B}" = AVG 2011 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3 "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config "{84CC9583-C2D6-42E6-A373-6FDDDA6A8BA6}" = Garmin Communicator Plugin "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2 "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1 "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40 "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D78E3B21-DBE8-4B54-8EBB-8E5A24DFEB9D}" = eHome EH102 Wireless G Desktop Adapter "{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview "{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E1ACFF16-2555-48B0-8EFB-008818A42613}" = calibre "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E42E14F4-D4BB-4C3E-88DE-CB79A1C003DA}" = MLDownloader "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F324D324-6531-33DC-F5BA-CD360B156275}" = Comcast Access "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "AbacastNode:11" = Abacast Distributed On-Demand "ActiveScan 2.0" = Panda ActiveScan 2.0 "ActiveTouchMeetingClient" = WebEx "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor "ATI Display Driver" = ATI Display Driver "AwayMode160" = Microsoft Away Mode "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "blekkotb_soc" = Blekko search bar "Bucksbee Loyalty Plugin - Air Installer" = Bucksbee Loyalty Plugin - Air Installer "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP "com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access "DISCover" = DISCover "Glary Utilities_is1" = Glary Utilities 2.29.0.1032 "Google Updater" = Google Updater "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.5 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Money2006b" = Microsoft Money 2006 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Netscape Browser" = Netscape Browser (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial "PC Tune-Up" = PC Tune-Up "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "Plaxo" = Plaxo Toolbar for Windows "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "Rapport_msi" = Rapport "RealPlayer 6.0" = RealPlayer "Rhapsody" = Rhapsody "Round Robin Calculator_is1" = Round Robin Calculator v2.21 "StartNow Toolbar" = StartNow Toolbar "STC3_is1" = System Tray Cleaner 3 "thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE "tradetrk2_is1" = TradeTrakker "WildTangent CDA" = WildTangent Web Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid_is1" = Xvid 1.2.1 final uninstall "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update "Yahoo! Toolbar" = Yahoo! Toolbar "Yapta" = Yapta "YInstHelper" = Yahoo! Install Manager "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar "ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/3/2012 10:16:57 PM | Computer Name = COMPAQ | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\TRADETRAKKER DATA\STOCKS.$$1> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/3/2012 10:16:57 PM | Computer Name = COMPAQ | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\TRADETRAKKER DATA\STOCKS.BAK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/3/2012 10:21:17 PM | Computer Name = COMPAQ | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\MY DOCUMENTS\TRADETRAKKER DATA\STOCKS.TTD> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/9/2012 9:50:51 PM | Computer Name = COMPAQ | Source = MPSampleSubmission | ID = 5000 Description = Error - 9/9/2012 9:56:46 PM | Computer Name = COMPAQ | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 9/9/2012 11:18:48 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0 Description = Error - 9/10/2012 10:08:52 PM | Computer Name = COMPAQ | Source = WmiAdapter | ID = 4099 Description = Open of service failed. Error - 9/11/2012 10:01:16 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0 Description = Error - 9/11/2012 10:18:24 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0 Description = Error - 9/14/2012 9:57:27 PM | Computer Name = COMPAQ | Source = Media Center Scheduler | ID = 0 Description = [ System Events ] Error - 9/14/2012 9:57:59 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Error - 9/14/2012 10:03:25 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/14/2012 10:04:32 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips ftsata2 intelppm KLIF pavboot Error - 9/14/2012 11:07:32 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/14/2012 11:08:39 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips ftsata2 intelppm KLIF pavboot Error - 9/14/2012 11:14:11 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} Error - 9/14/2012 11:52:44 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/15/2012 2:57:36 PM | Computer Name = COMPAQ | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.2.5 for the Network Card with network address 00195B04AB21 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error - 9/15/2012 2:59:02 PM | Computer Name = COMPAQ | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips ftsata2 intelppm KLIF pavboot Error - 9/15/2012 3:01:11 PM | Computer Name = COMPAQ | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report >
  10. I downloaded & installed Dr. Web Cureit in Safe Mode. It seemed to responding slowly. The message about buying their program came up but the program hung up after that.
  11. I used the killall command in the Run box but Combofix stalled at the same point it did yesterday.
  12. To clarify, when the Combofix hung up, the computer was running in Safe Mode.
  13. The Combofix was run while the computer was in Safe Mode.
  14. I tried running Combofix twice but both times it stalled at the same point, when it was creating Output folder: C:\32788R22FWJFW.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.