zanth07

Windows Ilivid / searchqu Toolbar Addon not completely gone

19 posts in this topic

I noticed recently that an add on was associated with my IE8 on the laptop that I use for work. I followed instructions that I found on line to delete the registry keys associated with it (Windows Ilivid / searchqu Toolbar), but now that I look at the add ons it's not identified as Ilivid, but it does seem to be lingering still as "Control Name is not Available", so it doesn't appear to be completely gone yet.

Here's the DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by sandys at 13:59:01 on 2012-01-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.848 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\System32\svchost.exe -k Cognizance

c:\Program Files\Fingerprint Sensor\AtService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Prot_srv.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

c:\Program Files\ActivIdentity\ActivClient\accoca.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\pstartSr.exe

C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe

C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe

C:\Program Files\CheckPoint\Tray\DNTray.exe

C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe

C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Access97\Office\OSA.EXE

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\CMSI\Configuration Manager 8.5.08\ConfigManager.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\dcsi\e-term32\ws_ftp pro\wsbho2k0.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule

mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Check Point Endpoint Tray Application] c:\program files\common files\check point\uiframework\cptray.exe

mRun: [DN4TRAY] "c:\program files\checkpoint\tray\DNTray.exe"

mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Windows iLivid Toolbar"

mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\windows ilivid toolbar\datamngr\ToolBar"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\access97\office\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: cmsinc.com\ajwstb06-tb62

Trusted Zone: origenate.com\ajwstb06-xpress

Trusted Zone: origenate.com\svxpress

Trusted Zone: rfap05

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 172.16.25.191 172.16.25.192

TCP: Interfaces\{2D54C050-F7F0-43C7-A06D-2645DB23CB9C} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FAAEB0BB-78CB-40EA-B819-06EE06157D18} : DhcpNameServer = 172.16.25.191 172.16.25.192

Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll

Notify: ackpbsc - c:\windows\system32\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: ckpNotify - ckpNotify.dll

Notify: igfxcui - igfxdev.dll

Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll

AppInit_DLLs: APSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Notification Packages = scecli ASWLNPkg

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sandys\application data\mozilla\firefox\profiles\dq4aybnb.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2010-2-23 36784]

R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2010-2-23 63408]

R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2010-2-23 35376]

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2010-2-22 224816]

R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2010-2-23 55216]

R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2010-2-23 24496]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-6-5 109184]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-6-5 51376]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-5 12928]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2009-12-15 2245624]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-6-5 12496]

R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2010-2-23 46592]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-10-21 21496]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-10-21 212568]

R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-15 1176824]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2009-12-15 47504]

R2 DisknetClient;Check Point ESME Client Service;c:\program files\checkpoint\pointsec protector client\disknet.exe [2010-2-23 1402248]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-6-5 256512]

R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2010-2-22 649776]

R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2010-2-22 231984]

R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2011-10-12 2804312]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-10-21 74104]

R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2011-10-12 181616]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2009-12-15 126680]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2009-12-15 684280]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216]

.

=============== Created Last 30 ================

.

2011-12-13 15:26:57 -------- d-----w- c:\program files\Verizon

2011-12-06 22:34:35 -------- d-----w- c:\windows\.jagex_cache_32

.

==================== Find3M ====================

.

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 03:03:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec

2011-11-02 15:42:03 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-02 15:42:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-12 16:29:46 42864 ----a-w- c:\windows\system32\sbbd.exe

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 13:59:55.83 ===============

attach.zip

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

I did a full scan, here's the log:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.09.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

sandys :: SANDYS-LT [administrator]

1/9/2012 11:03:10 AM

mbam-log-2012-01-09 (11-03-10).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 416420

Time elapsed: 1 hour(s), 52 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The machine is behaving fine, it's IE8 that is behaving poorly, ever since that searchqu toolbar appeared in my add ons I will get a

Internet Explorer cannot display the webpage

What you can try:

Diagnose Connection Problems

More information

screen when there are no connection problems. This doesn't happen on all webpages, and it doesn't even happen on the same webpage (I've gotten that screen, then immediately reloaded the page with no problems). I really wish that I could uninstall IE8 and all addons and do a completely new install because it's just been a mess to deal with since the searchqu add on somehow got installed.

Thanks in advance for your help.

Share this post


Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

I haven't used IE8 much since combo fix finished, but it did delete some things, here's the log:

ComboFix 12-01-09.06 - sandys 01/09/2012 20:50:06.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1141 [GMT -5:00]

Running from: c:\documents and settings\sandys\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\FindXplorer

c:\documents and settings\host\WINDOWS

c:\program files\FindXplorer

c:\windows\system32\ctl3d32.dll.tmp

c:\windows\system32\MSMAsk32.ocx

.

.

((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))

.

.

2011-12-13 15:26 . 2011-12-13 15:26 -------- d-----w- c:\program files\Verizon

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 20:24 . 2010-04-05 16:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 03:03 . 2011-05-18 11:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec

2011-11-02 15:42 . 2011-11-02 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-02 15:42 . 2010-04-15 20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 08:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-12 16:29 . 2011-10-12 16:29 42864 ----a-w- c:\windows\system32\sbbd.exe

2011-11-17 15:57 . 2011-11-17 15:57 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2011-11-25 13:48 . 2011-06-17 20:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]

"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-05-13 435504]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-10-31 65536]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024]

"DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2010-02-23 710032]

"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\documents and settings\host\Start Menu\Programs\Startup\

Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1996-7-31 14848]

.

c:\documents and settings\sandys\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Office Startup.lnk - c:\program files\Access97\Office\OSA.EXE [1997-9-25 51984]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2009-12-15 18:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\APSHook.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"=

.

R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2/23/2010 7:00 PM 36784]

R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2/23/2010 6:59 PM 63408]

R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2/23/2010 6:59 PM 35376]

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2/22/2010 2:32 PM 224816]

R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2/23/2010 6:59 PM 55216]

R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2/23/2010 6:59 PM 24496]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/5/2008 7:08 PM 109184]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [6/5/2008 7:08 PM 51376]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/5/2008 7:08 PM 12928]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064]

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/15/2009 1:40 PM 2245624]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/5/2008 7:08 PM 12496]

R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2/23/2010 6:48 PM 46592]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/21/2011 10:33 AM 21496]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/30/2011 5:56 AM 101624]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [10/21/2011 10:20 AM 212568]

R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 5:11 PM 1176824]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 1:41 PM 47504]

R2 DisknetClient;Check Point ESME Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [2/23/2010 6:59 PM 1402248]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/10/2008 1:13 PM 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6/5/2008 7:07 PM 256512]

R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2/22/2010 2:33 PM 649776]

R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2/22/2010 2:33 PM 231984]

R2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/12/2011 11:28 AM 2804312]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/21/2011 10:33 AM 74104]

R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/12/2011 11:28 AM 181616]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [12/15/2009 1:40 PM 126680]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 1:40 PM 684280]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 3:29 PM 475520]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/31/2008 3:58 AM 193840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 2:16 PM 41216]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: cmsinc.com\ajwstb06-tb62

Trusted Zone: origenate.com\ajwstb06-xpress

Trusted Zone: origenate.com\svxpress

Trusted Zone: rfap05

TCP: DhcpNameServer = 192.168.1.1

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\sandys\Application Data\Mozilla\Firefox\Profiles\dq4aybnb.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

SafeBoot-disknet

AddRemove-FindXplorer - c:\program files\FindXplorer\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-09 21:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????$??????????????|?M?|?????M?|~?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1008)

c:\windows\system32\pssogina.dll

c:\windows\system32\LogonAgentAPI.dll

c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program files\Hewlett-Packard\IAM\bin\brand.dll

c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll

c:\windows\system32\acomx.dll

c:\windows\system32\aclog.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\ackpbsc.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll

c:\windows\system32\acbsi21.dll

c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll

c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL

c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL

c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll

c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll

c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL

c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll

c:\windows\system32\xenroll.dll

c:\windows\system32\WININET.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

c:\windows\system32\ckpNotify.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll

c:\windows\system32\APSHook.dll

.

- - - - - - - > 'Explorer.exe'(4632)

c:\windows\system32\WININET.dll

c:\windows\system32\APSHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\DCSi\E-Term32\WS_FTP Pro\nsftpch.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe

c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\mqsvc.exe

c:\windows\system32\mqtgsvc.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\msiexec.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe

c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

c:\windows\system32\igfxsrvc.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2012-01-09 21:06:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-10 02:06

.

Pre-Run: 284,449,026,048 bytes free

Post-Run: 284,567,097,344 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 6EC4C3D6696B4998FA99145B777953E9

Share this post


Link to post
Share on other sites

I just tried to shut the laptop down for the night and a pop up box came up saying nsAppShell is not responding. I've never seen that before.

Share this post


Link to post
Share on other sites

I just tried to shut the laptop down for the night and a pop up box came up saying nsAppShell is not responding. I've never seen that before.

That's a mozilla firefox file

Share this post


Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
c:\program files\Windows iLivid Toolbar
c:\program files\windows ilivid toolbar\datamngr\ToolBar

Folder::
c:\program files\Windows iLivid Toolbar


ClearJavaCache::

FireFox::
FF - ProfilePath - c:\documents and settings\sandys\Application Data\Mozilla\Firefox\Profiles\dq4aybnb.default\
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

IE8 was slightly better today, but I still was getting the webpage cannot be displayed screen when I had no connectivity issues. The firefox error on shutdown was a one time thing. I noticed this evening when I tried to use IE8 to log on to facebook that I had to do each keystroke 2 times, this seems to only be happening on facebook, and the facebook login screen (I don't have this issue when I log on facebook using Mozilla Firefox).

Here is the log file:

ComboFix 12-01-10.02 - sandys 01/10/2012 18:41:57.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1268 [GMT -5:00]

Running from: c:\documents and settings\sandys\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\sandys\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))

.

.

2011-12-13 15:26 . 2011-12-13 15:26 -------- d-----w- c:\program files\Verizon

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 20:24 . 2010-04-05 16:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 03:03 . 2011-05-18 11:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec

2011-11-02 15:42 . 2011-11-02 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-02 15:42 . 2010-04-15 20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-04 08:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-11-17 15:57 . 2011-11-17 15:57 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2011-11-25 13:48 . 2011-06-17 20:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-10_02.02.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-10 23:57 . 2012-01-10 23:57 16384 c:\windows\temp\Perflib_Perfdata_794.dat

+ 2004-08-07 13:14 . 2012-01-10 02:05 82766 c:\windows\system32\perfc009.dat

- 2004-08-07 13:14 . 2011-12-30 18:02 82766 c:\windows\system32\perfc009.dat

+ 2004-08-07 13:14 . 2012-01-10 02:05 476808 c:\windows\system32\perfh009.dat

- 2004-08-07 13:14 . 2011-12-30 18:02 476808 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]

"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-05-13 435504]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-10-31 65536]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024]

"DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2010-02-23 710032]

"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\documents and settings\host\Start Menu\Programs\Startup\

Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1996-7-31 14848]

.

c:\documents and settings\sandys\Start Menu\Programs\Startup\

Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Office Startup.lnk - c:\program files\Access97\Office\OSA.EXE [1997-9-25 51984]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2009-12-15 18:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"=

.

R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2/23/2010 7:00 PM 36784]

R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2/23/2010 6:59 PM 63408]

R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2/23/2010 6:59 PM 35376]

R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2/22/2010 2:32 PM 224816]

R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2/23/2010 6:59 PM 55216]

R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2/23/2010 6:59 PM 24496]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/5/2008 7:08 PM 109184]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [6/5/2008 7:08 PM 51376]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/5/2008 7:08 PM 12928]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064]

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/15/2009 1:40 PM 2245624]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/5/2008 7:08 PM 12496]

R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2/23/2010 6:48 PM 46592]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/21/2011 10:33 AM 21496]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/30/2011 5:56 AM 101624]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [10/21/2011 10:20 AM 212568]

R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576]

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 5:11 PM 1176824]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 1:41 PM 47504]

R2 DisknetClient;Check Point ESME Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [2/23/2010 6:59 PM 1402248]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/10/2008 1:13 PM 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6/5/2008 7:07 PM 256512]

R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2/22/2010 2:33 PM 649776]

R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2/22/2010 2:33 PM 231984]

R2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/12/2011 11:28 AM 2804312]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/21/2011 10:33 AM 74104]

R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/12/2011 11:28 AM 181616]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [12/15/2009 1:40 PM 126680]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 1:40 PM 684280]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 3:29 PM 475520]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/31/2008 3:58 AM 193840]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 2:16 PM 41216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: cmsinc.com\ajwstb06-tb62

Trusted Zone: origenate.com\ajwstb06-xpress

Trusted Zone: origenate.com\svxpress

Trusted Zone: rfap05

TCP: DhcpNameServer = 192.168.1.1

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\sandys\Application Data\Mozilla\Firefox\Profiles\dq4aybnb.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-10 19:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????$??????????????|?M?|?????M?|~?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1012)

c:\windows\system32\pssogina.dll

c:\windows\system32\LogonAgentAPI.dll

c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

c:\program files\Hewlett-Packard\IAM\bin\brand.dll

c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll

c:\windows\system32\acomx.dll

c:\windows\system32\aclog.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\ackpbsc.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll

c:\windows\system32\acbsi21.dll

c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll

c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL

c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL

c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll

c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll

c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll

c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll

c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL

c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll

c:\windows\system32\xenroll.dll

c:\windows\system32\WININET.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

c:\windows\system32\ckpNotify.dll

c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll

c:\windows\system32\APSHook.dll

.

- - - - - - - > 'Explorer.exe'(2956)

c:\windows\system32\WININET.dll

c:\windows\system32\APSHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\DCSi\E-Term32\WS_FTP Pro\nsftpch.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe

c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\mqsvc.exe

c:\windows\system32\mqtgsvc.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\msiexec.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe

c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

c:\windows\system32\igfxsrvc.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

.

**************************************************************************

.

Completion time: 2012-01-10 19:03:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-11 00:03

ComboFix2.txt 2012-01-10 02:06

.

Pre-Run: 285,627,154,432 bytes free

Post-Run: 285,734,920,192 bytes free

.

- - End Of File - - E38B42F97FCEC288668BCA06AF609548

Share this post


Link to post
Share on other sites

Give this a try

FOR WINDOWS XP

1. Click Start, then click Run.

2. In the Run dialog box, type cmd and press Enter.

3. In the Command Prompt window, enter this text and press Enter:

regsvr32 actxprxy.dll

4. Restart your computer.

Share this post


Link to post
Share on other sites

Ok, I did that and restarted. I actually have to leave for the evening, but I'll post tomorrow how IE8 is running for me. Thanks very much for all your help and patience.

Sandy

Share this post


Link to post
Share on other sites

Ok, at this point I'm really getting frustrated. It looks like Ilivid and searchqu are completely gone, but I'm still getting the cannot display webpage screens (not nearly as often though). I haven't found a way to remove IE8 and reinstall it, and I cannot go above IE8 due to work. Would installing IE7 remove IE8?

Thanks again for all of your help.

Sandy

Share this post


Link to post
Share on other sites

Remove IE8

http://support.microsoft.com/kb/957700

I suggest you do this:

Uninstall Internet Explorer 8 to return to Internet Explorer 7 on Windows XP

Click "Start," and then click "Control Panel."

Click "Add or Remove Programs."

Check "Show Updates" at the top of the dialog box.

Scroll down the list and highlight the version of Internet Explorer 8 that you are running, and then click "Change/Remove."

Remove IE 8

Share this post


Link to post
Share on other sites

Thank you SO MUCH!!!! I will try this 1st thing tomorrow and let you know how it works. You are awesome!

Sandy

Share this post


Link to post
Share on other sites

Good morning Larry, hopefully you aren't experiencing any issues from all the snow which is possibly out your way :P

I did 2 things this morning, and it seems that the combo has resolved the issues that I've been having. I followed the instructions to remove IE8, installed IE7 (confirmed 8 was completely gone). That didn't solve my issue, the "Internet explorer cannot display the website" screen was still coming up. So then I went to tools on IE7, then Internet Options, then clicked on Advanced. I did a Reset Internet Explorer settings, restarted IE7 and haven't had a problem since.

I have also verified that the issues that I was experiencing on facebook (having to press the keys 2-3 times to have the letter appear on facebook) are gone too. I wonder if having reset the internet explorer options, if I can safely go back to IE8?

So it looks like even though you helped me to get rid of that awful Ilivid / searchqu thing, it must have changed other settings when it installed itself which have been causing me issues since.

This was a tough lesson to learn, and I appreciate all your help in repairing this. That I can recall I never received any indication that these toolbars / BMO's were going to be installed on my computer. I was home sick one day and just wanted to watch a couple of episodes of NCIS which I found on a website that I will never be visiting again.

I think it's safe to close this topic now, please do add the information to donate, your help has been invaluable.

Sandy

Share this post


Link to post
Share on other sites

Yes that installs without your permission to do so.

Are for a donation, donate the amount you wanted to donate to your local Salvation Army, a local homeless shelter or food back.

You're more than welcome.

Glad we were able to help

Peace be with you wavey.gif

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.