Solved Software found trojans, but said it couldn't find to delete. Ran 5 step

Status
Not open for further replies.
L

lorilev

Posts: 38   +0
Below are reports from Kaspersky virus full scan, and SpyBot Search and Destroy from the last few weeks. It's been an ongoing daily scans to chase down these demons. I attempted to install ESET three times and it won't load. Says Error 2002. ESET said they would get back to me as to why, but nothing yet. So appreciate any help with this. Not very tech savvy.

2/3/2012 12:27:11 PM Task started File Anti-Virus Kaspersky Anti-Virus
2/3/2012 12:45:49 PM Task started File Anti-Virus Kaspersky Anti-Virus
2/3/2012 10:25:19 PM Task started File Anti-Virus Kaspersky Anti-Virus
2/3/2012 10:51:27 PM Task started File Anti-Virus Kaspersky Anti-Virus
2/4/2012 9:14:32 AM Task started File Anti-Virus Kaspersky Anti-Virus
2/14/2012 9:45:27 AM Task started File Anti-Virus Kaspersky Anti-Virus
2/14/2012 9:59:01 AM Processing error F:\30074812.203 Read error Windows Explorer
2/14/2012 9:59:33 AM Processing error F:\30074812.203 Read error Windows Explorer
2/17/2012 3:54:30 PM Task started File Anti-Virus Kaspersky Anti-Virus
2/17/2012 4:34:08 PM Detected: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
2/17/2012 4:34:36 PM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
2/17/2012 4:34:36 PM Detected: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\HP_OWNER\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
2/17/2012 4:34:38 PM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\HP_OWNER\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
2/18/2012 3:03:37 AM Detected: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\Default User\Start Menu\Programs\Multi-channel Sound Manager.lnk C11CBBDD5122A73CCEB671C227D9C1D0
2/18/2012 3:04:07 AM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\Default User\Start Menu\Programs\Multi-channel Sound Manager.lnk C11CBBDD5122A73CCEB671C227D9C1D0
2/18/2012 3:34:01 AM Task started File Anti-Virus Kaspersky Anti-Virus
2/18/2012 3:58:33 AM Detected: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427711.lnk Generic Host Process for Win32 Services
2/18/2012 3:58:46 AM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427711.lnk Generic Host Process for Win32 Services
2/18/2012 4:58:11 AM Detected: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427712.lnk Generic Host Process for Win32 Services
2/18/2012 4:58:17 AM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427712.lnk Generic Host Process for Win32 Services


Status: Deleted (events: 6)
2/18/2012 4:58:17 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427712.lnk High
2/18/2012 3:58:46 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427711.lnk High
2/17/2012 4:34:38 PM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\HP_Owner\Start Menu\Programs\Multi-channel Sound Manager.lnk High
2/18/2012 3:04:07 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\Default User\Start Menu\Programs\Multi-channel Sound Manager.lnk High
2/18/2012 3:33:58 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk High
2/17/2012 4:34:36 PM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk High

Next post I will paste in the log reports from the 5 steps as this appears to be full.
 
5 step logs added now below mbam, gmer, dds

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Owner :: LORISOFFICE [administrator]

Protection: Enabled

2/19/2012 12:14:39 PM
mbam-log-2012-02-19 (12-14-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184959
Time elapsed: 16 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-19 20:25:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160023AS rev.3.43
Running: m0fccivt.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\fxlcyfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB6EB758C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB6EB7E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB6EB8922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB6EB8E94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB6EB80EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB6EB6436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB6EB8D6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB6EB7192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB6EB8C28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB6EB734E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB6EB8FC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB6EBAC08]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThread [0xB6E855E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB6EB8CCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB6EBA5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB6EB69FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB6EB6D88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB6EB8576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB6EBB5CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB6EB6ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB6EB6F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB6EB8382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB6EBA68C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB6EB6412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB6EB6424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB6EBACBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB6EB70C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB6EB8F36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB6EB7E8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB6EB65DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB6EB8E04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB6EB7792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB6EBAC32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB6EB9068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB6EB76B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB6EB701E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB6EB6C46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB6EBAFD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB6EB6896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB6EBA922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB6EB6B0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB6EB62B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB6EB93F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB6EB92B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB6EBA39A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB6EBDE2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB6EBB4AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB6EB6248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB6EB865C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB6EB7CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB6EB9C4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB6EBA786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB6EBB114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB6EB671E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB6EBB1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB6EBB320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB6EBA526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB6EB790A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB6EB7860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB6EBAE8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB6EB79EA]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B6EAC4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B6EAC8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [4E, 73, EB, B6, C6, 8F, EB, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [8C, A6, EB, B6, 12, 64, EB, ...] {MOV WORD [ESI+0x6412b6eb], FS; JMP 0xffffffffffffffbe; AND AL, 0x64; JMP 0xffffffffffffffc2}
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [0E, 6B, EB, B6, B0, 62, EB, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [F8, B1, EB, B6, 20, B3, EB, ...] {CLC ; MOV CL, 0xeb; MOV DH, 0x20; MOV BL, 0xeb; MOV DH, 0x26; MOVSD ; JMP 0xffffffffffffffc2}
.text ntkrnlpa.exe!ZwCallbackReturn + 3038 805048D4 4 Bytes [EA, 79, EB, B6]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB99FE360, 0x1DE8FD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414DA0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00444C20 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 0046FCE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A20022

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B695DDC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B695DDC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by HP_Owner at 20:45:14 on 2012-02-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1870 [GMT -7:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Bitdefender Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
{6d53ec84-6aae-4787-aeee-f4628f01010c}
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\hp_owner\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177243704066
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{80098379-ACFB-4722-95C0-14E494A1FA61} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-2-3 315408]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-1-5 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-1 67584]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-19 40776]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-10 21520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
S2 UPDATESRV;BitDefender Desktop Update Service;"c:\program files\bitdefender\bitdefender 2012\updatesrv.exe" /service --> c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 530304]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-10-4 8576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
.
=============== Created Last 30 ================
.
2012-02-17 22:57:44 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-17 22:57:44 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-04 00:49:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 23:24:34 -------- d-----w- c:\program files\ESET
2012-02-03 19:25:58 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-02-03 19:25:58 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-02-03 19:24:33 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-02-03 19:24:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-03 19:20:00 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2012-02-03 19:17:39 172523 ----a-w- c:\documents and settings\all users\application data\1328296496.bdinstall.bin
2012-02-03 17:48:49 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-02-03 17:47:35 1249 ----a-w- c:\documents and settings\all users\application data\1328289714.240.bin
2012-02-03 17:31:28 -------- d-----w- c:\documents and settings\hp_owner\application data\QuickScan
2012-02-03 17:28:33 69417 ----a-w- c:\documents and settings\all users\application data\1328289714.3736.bin
2012-02-03 17:28:33 -------- d-----w- c:\program files\Bitdefender
2012-02-03 17:28:26 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.1384.bin
2012-02-03 17:27:59 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.2480.bin
2012-02-03 17:27:14 6209 ----a-w- c:\documents and settings\all users\application data\1328289714.640.bin
2012-02-03 17:27:14 1698 ----a-w- c:\documents and settings\all users\application data\1328289714.3816.bin
2012-02-03 17:27:14 1670 ----a-w- c:\documents and settings\all users\application data\1328289714.3804.bin
2012-02-03 17:27:14 10487 ----a-w- c:\documents and settings\all users\application data\1328289714.3700.bin
2012-02-03 17:22:00 179008 ----a-w- c:\documents and settings\all users\application data\1328289714.2128.bin
2012-02-03 17:21:58 14632 ----a-w- c:\documents and settings\all users\application data\1328289714.3928.bin
2012-02-03 17:21:54 43518 ----a-w- c:\documents and settings\all users\application data\1328289714.496.bin
2012-02-03 17:12:59 -------- d-----w- c:\program files\common files\Bitdefender
2012-02-02 04:14:45 -------- d-----w- c:\documents and settings\hp_owner\application data\GFI Software
2012-02-02 04:14:34 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
2012-02-02 04:13:07 -------- d-----w- c:\program files\GFI Software
2012-01-25 17:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 20:59:40 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
.
============= FINISH: 20:46:45.04 ===============
 
Wrong DDS report posted previously. Correct ones posted now

I'm very new at this and the pop up window after the DDS scan didn't ever show to let me know where the files went. I just found the two-attach and dds.txt. I believe these are correct now. So sorry. I really need help. My computer is running worse now that I've run these exe files. I think I deleted them. Cursor is very slow and processes are taking forever. DDS log reports below.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/13/2006 12:23:45 PM
System Uptime: 2/19/2012 11:08:15 AM (10 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 92.827 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.519 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP2582: 2/3/2012 6:54:21 AM - System Checkpoint
RP2583: 2/3/2012 11:12:42 AM - Removed VIPRE Internet Security.
RP2584: 2/3/2012 12:24:19 PM - Installed Kaspersky Anti-Virus 2010.
RP2585: 2/3/2012 8:24:50 PM - Software Distribution Service 3.0
RP2586: 2/17/2012 6:50:00 PM - System Checkpoint
RP2587: 2/18/2012 3:00:40 AM - Software Distribution Service 3.0
RP2588: 2/19/2012 7:47:27 AM - System Checkpoint
RP2589: 2/19/2012 12:36:17 PM - Configured ACS Hardcopy
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
Actiontec Gateway
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Amazon Seller Desktop
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Carbonite Online Backup Setup
Cda Product Service - shared component
Cobian Backup 10
Compatibility Pack for the 2007 Office system
CoolSpeech 5.0 with Mary
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Customer Experience Enhancement
DBXTriever 4.1
Destinations
DeviceDiscovery
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Fax
ffdshow [rev 2527] [2008-12-19]
Free 3GP Video Converter version 3.7.26.602
Free Video Flip and Rotate version 1.8.12.602
GdiplusUpgrade
Google Chrome
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService2
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Imaging Device Functions 14.0
HP Officejet Pro 8500 A909 Series
HP Solution Center 14.0
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPSystemDiagnostics
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Kaspersky Anti-Virus 2010
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe 1.4.62.1
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 2.0 SP3
Move Networks Media Player for Internet Explorer
MSN
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee Reveal Seagate Edition
MyDVD-VR Recorder
Netscape Browser (remove only)
Network
NVIDIA Drivers
OpenOffice.org Installer 1.0
PC-Doctor 5 for Windows
ProductContext
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickConnect
QuickTime
Qwest Installer
Qwest QuickAssist Desktop Tools
Rapport
RCA Detective™ 2.0.0.99
RCA Digital Voice Manager 5.1.1.2
RealPlayer
Remove IntelliMover Demo
Remove WeatherBug Installer
Safari
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD-VR
Sonic MyDVD Deluxe
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Status
Symantec Technical Support Web Controls
TextSound
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP (remove only)
Verizon V CAST Media Manager
VGA USB Camera
VLC media player 1.0.5
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
2/19/2012 3:48:03 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
2/19/2012 11:11:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/19/2012 11:11:31 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/19/2012 11:11:30 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
2/19/2012 1:15:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/18/2012 3:35:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif ftsata2 iaStor IntelIde SBRE ViaIde
2/14/2012 9:46:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif ftsata2 SBRE
2/14/2012 9:46:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
2/14/2012 9:46:59 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/14/2012 9:46:59 AM, error: Service Control Manager [7000] - The BitDefender Desktop Update Service service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by HP_Owner at 21:48:04 on 2012-02-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2263 [GMT -7:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Bitdefender Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\msfeedssync.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
{6d53ec84-6aae-4787-aeee-f4628f01010c}
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\hp_owner\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177243704066
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-2-3 315408]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-1-5 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-1 67584]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-10 21520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
S2 UPDATESRV;BitDefender Desktop Update Service;"c:\program files\bitdefender\bitdefender 2012\updatesrv.exe" /service --> c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 530304]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-10-4 8576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
.
=============== Created Last 30 ================
.
2012-02-17 22:57:44 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-17 22:57:44 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-04 00:49:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 23:24:34 -------- d-----w- c:\program files\ESET
2012-02-03 19:25:58 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-02-03 19:25:58 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-02-03 19:24:33 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-02-03 19:24:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-03 19:20:00 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2012-02-03 19:17:39 172523 ----a-w- c:\documents and settings\all users\application data\1328296496.bdinstall.bin
2012-02-03 17:48:49 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-02-03 17:47:35 1249 ----a-w- c:\documents and settings\all users\application data\1328289714.240.bin
2012-02-03 17:31:28 -------- d-----w- c:\documents and settings\hp_owner\application data\QuickScan
2012-02-03 17:28:33 69417 ----a-w- c:\documents and settings\all users\application data\1328289714.3736.bin
2012-02-03 17:28:33 -------- d-----w- c:\program files\Bitdefender
2012-02-03 17:28:26 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.1384.bin
2012-02-03 17:27:59 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.2480.bin
2012-02-03 17:27:14 6209 ----a-w- c:\documents and settings\all users\application data\1328289714.640.bin
2012-02-03 17:27:14 1698 ----a-w- c:\documents and settings\all users\application data\1328289714.3816.bin
2012-02-03 17:27:14 1670 ----a-w- c:\documents and settings\all users\application data\1328289714.3804.bin
2012-02-03 17:27:14 10487 ----a-w- c:\documents and settings\all users\application data\1328289714.3700.bin
2012-02-03 17:22:00 179008 ----a-w- c:\documents and settings\all users\application data\1328289714.2128.bin
2012-02-03 17:21:58 14632 ----a-w- c:\documents and settings\all users\application data\1328289714.3928.bin
2012-02-03 17:21:54 43518 ----a-w- c:\documents and settings\all users\application data\1328289714.496.bin
2012-02-03 17:12:59 -------- d-----w- c:\program files\common files\Bitdefender
2012-02-02 04:14:45 -------- d-----w- c:\documents and settings\hp_owner\application data\GFI Software
2012-02-02 04:14:34 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
2012-02-02 04:13:07 -------- d-----w- c:\program files\GFI Software
2012-01-25 17:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 20:59:40 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
.
============= FINISH: 21:49:00.23 ===============
 
Welcome to TechSpot! I'll help you sort through this.

One cause of problems is that you are running 2 antivirus programs:
AV: Bitdefender Antivirus *Disabled/Outdated*
AV: Kaspersky Anti-Virus *Disabled/Updated*

Bit Defender may be outdated, but if you want to use Kaspersky, please remove Bitdefender.

BitDefender Uninstall Tool
For Internet Explorer:
poza%202%20JPEG40.jpg

For Firefox:
poza%202b%20JPEG40.jpg

  1. .After the download completes go to the location where you downloaded and run (double-click) it;
  2. .After a couple of moments the uninstall tool interface will appear;
  3. .Click Uninstall;
  4. .Wait for the tool to display the completion message and then restart your computer.
===========================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===================================
Try the Eset scan again using the following instructions:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
Please describe the problems you are having. This will help me help you.
Also, open Spybot S&D and empty their quarantine folder.
=====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

Logs in next reply please/
 
Thank you!

. Thank you so much!! Nice to meet you.. I'm sure you are very busy. Majorly appreciate the help. Before I begin-I have to tell you that I just started up my computer in safe mode because malwarbytes or something kept freezing things up. I tried to stop it from running so I could see what was hogging by system in the files. IT was on top but couldn't stop it. I haven't run bitdefender for ever. Forgot I had it. I don't do much in safe mode and not sure everything works the same so just checking with you so that I follow directions correctly. Can I uninstall bit defender and follow your instructions from safe mode. Currently I have that computer offline, too.
 
Ran fine after the GMER. But not after the dds

After the GMER it ran great last night. But after running the DDS and then turning the computer off and back on...It hasn't been the same since. I uninstalled the BitDefender from safe mode. I just restarted the computer in regular mode and was able to turn off the malwarebytes and turn on Kaspersky but it's very slow in taking orders. On to the next step of your directions. I feel like perhaps the dds didn't get uninstalled properly but I can't find where it would be. I'm here working on this for another hour then have to go out for a few meetings. Will be back later this afternoon. If you see this...let me know about running in safe mode. It seems easier and faster.
 
Safe Mode is appropriate in some instances, but not all. Some processes don't run in Safe Mode. This mode is not meant for convenience because it's easier and faster. If there is a problem running a particular scan, then we will address that.

Yes, please go ahead and uninstall BitDefender. Although you may not be using it, there are processes running for it and this could cause a conflict that may make the system more vulnerable and slower.

DDS is fine and uninstalling BitDefender should not have harmed the system. It is more likely that the malware is trying to protect itself.
==================================
Please boot into Normal Mode and do the Combofix and Eset scans. I have a thought about which of the rogue programs is running, but Combofix will quarantine some of the entries. I will them have you use Safe Mode with Networking>>> but not yet!
 
Taking forever to accept commands in normal mode

Kaspersky is only a trial version so the annoying pop up to buy keeps coming up and I have to wait until I can get it off. I also uninstalled spybot just now in normal mode. Malwarebytes finally stopped running, too. I'm ready to check to see if I ever installed Combofix before installing that. It could take some time to even get into the control panel this way. I am connected to the internet at this point, until I download the Combofix, correct? Did anyone tell you that you were wonderful yet today? Thanks for holding my hand.
 
I see the ESET installer from previous attempts

I see the ESET installer from previous attempts in my download file.

Should I delete them before running ESET?

The autoscan is still running on the ComboFix so I ask this as I'm waiting for that to finish. It's on stage 4

THanks Bobbye. .
 
Bitdefender did not remove apparently! What to do?

My computer just rebooted as Combo fix is finishing it's log report. A pop up came up saying bit defender firewall is turned off. I ran the uninstall as directed. Will I need to do this process again to be sure the ComboFix ran properly? I'm waiting for it's report right now. In fact, Kapersky and Malwarebytes came on automatically as well when the computer rebooted. Combo Fix says don't run any programs unitl it has finished. What to do?
 
Combo Fix report below. But, should I re-do before ESET?

ComboFix 12-02-19.02 - HP_Owner 02/20/2012 11:14:30.1.1 - x86
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1328289714.3700.bin
c:\documents and settings\All Users\Application Data\1328289714.3928.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\HP_Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\HP_Owner\WINDOWS
C:\Install.exe
c:\windows\CdaC13BA.EXE
c:\windows\CdaC14BA.DLL
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\system32\351631
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\f
c:\windows\system32\ps2.bat
c:\windows\system32\SET15AF.tmp
c:\windows\system32\SET15BB.tmp
c:\windows\system32\SET15C4.tmp
c:\windows\system32\SET15C5.tmp
c:\windows\system32\SET15C6.tmp
c:\windows\system32\SET15C9.tmp
c:\windows\system32\setb0.tmp
c:\windows\XSxS
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Fax
-------\Service_Fax
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 16:10 . 2012-02-20 16:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-04 00:49 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 23:24 . 2012-02-03 23:24 -------- d-----w- c:\program files\ESET
2012-02-03 19:25 . 2012-02-03 19:41 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-02-03 19:25 . 2012-02-03 19:41 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-02-03 19:24 . 2012-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-02-03 19:24 . 2012-02-03 19:24 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-03 19:20 . 2012-02-03 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
2012-02-03 17:28 . 2012-02-03 17:28 -------- d-----w- c:\program files\Bitdefender
2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
2012-02-03 17:12 . 2012-02-03 19:17 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-13 68856]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-05-05 4950664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-05-19 421376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-09 198160]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-08-27 45992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2012-02-03 340520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
.
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 5:49 PM 652360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 5:49 PM 20464]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S2 UPDATESRV;BitDefender Desktop Update Service;"c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe" /service --> c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/20/2012 9:10 AM 40776]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe --> c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-MaxMenuMgr - c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
MSConfigStartUp-Philips Intelligent Agent - c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SPC_Monitor - c:\windows\Philips\SPC230NC\Monitor.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-CdaC13Ba - c:\windows\CdaC13BA.EXE
AddRemove-RCA Detective™_is1 - c:\documents and settings\HP_Owner\My Documents\RCA Detective\unins000.exe
AddRemove-RCA Digital Voice Manager_is1 - c:\documents and settings\HP_Owner\My Documents\RCA Digital Voice Manager\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 11:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-02-20 12:08:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 19:08
.
Pre-Run: 101,177,032,704 bytes free
Post-Run: 101,554,049,024 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4EF4295EA913F8881CC86346B021EC71
 
ESET will not get past step 2 Initialization. Error 2002

In Google Chrome, I followed the steps to launch ESET scanner, I saved the link on my desktop, I checked the proper boxes and then clicked start. As in the past (and in IE) I get to this same place- step 2 and it says 100% then a red Unexpected error 2002 appears on top of the status bar. The note underneath the bar says: ESET online scanner has already been run on this computer in the past. Only files necessary to update the current version will be downloaded. Please let me know how to proceed. My computer is running much better after the combofix ran. Easier to get around and type. Not as slow. Malwarebytes is off. Kaspersky is on. My only choice now is to hit a back arrow key in the box or check the x at top to close. Let me know. I will leave it open until I hear back. Thanks!
 
ESET scan will not finish. How do I continue clean?

I've contacted ESET techs, but get no response for troubleshooting my problem. It runs fine on my other computer without a hitch. Any suggestions so I can finish cleaning out the threats on my computer? Thank you.
 
Okay, here the problem:

You have installed and are currently running 3 antivirus programs:
1. 2012-02-03 23:24 -------- d-----w- c:\program files\ESET
2. 2012-02-03 19:24 -------- d-----w- c:\program files\Kaspersky Lab
3. 2012-02-03 17:28 -------- d-----w- c:\program files\Bitdefender

It appears they were all downloaded on the same day, 19 days ago. We need to get this down to ! antivirus. If you want to get the Kaspersky subscription, you should update the Trial NOW then Update the program itself for the latest definitions.

If you don't plan on keeping Kaspersky, uninstall it NOW. Download the archive kavremover.zip.
  • Unpack the archive (for example, using WinZip)
  • Double click on kavremover.exe
  • Enter the code from the picture. If you cannot read the code from the picture, click on the button next to the picture to generate a new code
    [o] The screen will display the products detected.
    [o] You can also select Remove all known products.
  • Click on the button Remove
    kavremover_1464_01new_en.jpg
  • Wait until a dialog window appears to inform you that the product was successfully removed
    kavremover_1464_04_en.jpg
  • Click OK
Images courtesy Kaspersky
Even the trial should be uninstallable. If it is not: Go to Add.Remove Programs> Uninstall Kaspersky> then use Windows Explorer to access Computer> Local Drive (C)> Programs> Find the Kaspersky folder and do a right click> Delete.

It appears that you may have downloaded the Eset program instead of the online scan. If that is the case, that's what's causing the problem. Follow the same uninstall direction I gave you for Kaspersky for Eset. IF you do not see it in Add/Remove Programs> open Tools in IE> Manage addons> Look in both sections: addons currently on system and addons previously on system> highlight and disable or remove Eset/Nod32 entry if present.

If you want to keep Bit Defender, be sure it's updated. But you will need to disable it to run the Combofix scan:
To temporarily disable BitDefender,you need to press the Settings button (upper right corner) and remove all checkmarks under all modules (Antivirus,Firewall,Antispam.. etc).
Hit Apply and OK to save the changes.

Reboot the computer. when you finish fixing the multiple AV programs. Hold off on Eset for now:
========================================
There are multiple entries to be removed from Combofix"
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
c:\windows\system32\drivers\klbg.sys
c:\windows\system32\drivers\klim5.sys 
c:\windows\system32\drivers\klmouflt.sys 
DDS""
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
{6d53ec84-6aae-4787-aeee-f4628f01010c}
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
E: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Clearjavacache::

Driver::
klbg
klim5
klmouflt
IEVkbdBHO Class
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
 
Do you have a link to a WinZip?

Good evening Bobbye,
Believe it...I don't have a WinZip or zip on this computer. Do you have a link to one that you like and is safe? Which Virus protector is best? I'm not sold on any but don't want one that's a big sytstem hog. I uninstalled the bitdefender last night after seeing that it didn't work the first time. Thanks.
 
2nd ComboFix ran -results below-What next?

Good Morning! Waiting for my next set of orders, now.


ComboFix 12-02-19.02 - HP_Owner 02/22/2012 1:31.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2497 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\My Documents\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 07:36 . 2012-02-22 07:36 341547 ----a-w- c:\documents and settings\All Users\Application Data\1329894479.bdinstall.bin
2012-02-22 07:29 . 2012-02-22 07:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Bitdefender
2012-02-22 07:27 . 2012-02-22 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2012-02-22 07:11 . 2012-02-22 07:11 -------- d-----w- c:\program files\Bitdefender
2012-02-22 07:08 . 2011-08-16 20:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-02-22 07:08 . 2011-10-27 21:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-02-22 06:57 . 2012-02-22 07:08 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-03 19:24 . 2012-02-22 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 00:15 . 2012-01-19 00:15 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-01-19 00:15 . 2012-01-19 00:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-20_18.55.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-22 08:00 . 2012-02-22 08:00 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2010-01-20 01:32 . 2010-01-20 01:32 85128 c:\windows\system32\drivers\bdvedisk.sys
- 2005-06-25 05:32 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-25 05:32 . 2012-02-22 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-24 22:25 . 2012-02-22 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2012-02-18 22:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-22 07:59 . 2012-02-22 07:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-02-03 17:48 . 2012-02-03 17:48 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
+ 2012-02-22 07:31 . 2012-02-22 07:31 2318848 c:\windows\Installer\192db4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-13 68856]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-05-05 4950664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-09 198160]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-08-27 45992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-01-24 1184640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
.
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [1/18/2012 5:15 PM 609984]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [1/23/2012 7:23 PM 50128]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [1/18/2012 5:15 PM 446696]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 01:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-22 02:01:53
ComboFix-quarantined-files.txt 2012-02-22 09:01
ComboFix2.txt 2012-02-20 19:08
.
Pre-Run: 99,860,074,496 bytes free
Post-Run: 100,059,688,960 bytes free
.
- - End Of File - - E1529B643AC4E20E09045407B9F64A33

Bobbye-Here's the quarantined-files.txt in case you need them, too. :)

2012-02-22 08:58:20 . 2012-02-22 08:58:20 606 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MSMSGS.reg.dat
2012-02-20 19:04:20 . 2012-02-20 19:04:20 2,116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RCA Digital Voice Manager_is1.reg.dat
2012-02-20 19:04:19 . 2012-02-20 19:04:19 1,856 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RCA Detective™_is1.reg.dat
2012-02-20 19:04:17 . 2012-02-20 19:04:17 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-CdaC13Ba.reg.dat
2012-02-20 19:03:43 . 2012-02-20 19:03:43 636 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SpybotSD TeaTimer.reg.dat
2012-02-20 19:03:43 . 2012-02-20 19:03:43 592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SPC_Monitor.reg.dat
2012-02-20 19:03:43 . 2012-02-20 19:03:43 688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-RoxWatchTray.reg.dat
2012-02-20 19:03:42 . 2012-02-20 19:03:42 746 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Philips Intelligent Agent.reg.dat
2012-02-20 19:03:42 . 2012-02-20 19:03:42 670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MaxMenuMgr.reg.dat
2012-02-20 19:03:41 . 2012-02-20 19:03:41 616 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-hpqSRMon.reg.dat
2012-02-20 19:03:40 . 2012-02-20 19:03:40 726 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BlackBerryAutoUpdate.reg.dat
2012-02-20 19:03:10 . 2012-02-20 19:03:11 142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Weather.reg.dat
2012-02-20 18:54:04 . 2004-04-30 13:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2012-02-20 18:30:50 . 2012-02-20 18:30:50 4,882 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Fax.reg.dat
2012-02-20 18:30:50 . 2012-02-20 18:30:50 766 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_Fax.reg.dat
2012-02-20 18:26:53 . 2012-02-22 08:48:02 8,377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-02-20 18:02:25 . 2012-02-22 08:25:52 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-02-03 17:27:14 . 2012-02-03 17:27:21 10,487 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\1328289714.3700.bin.vir
2012-02-03 17:21:58 . 2012-02-03 17:47:35 14,632 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\1328289714.3928.bin.vir
2010-08-13 09:25:05 . 2010-10-15 09:21:08 3,916 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\EventSystem.log.vir
2010-05-18 04:45:38 . 2010-05-18 04:47:23 1,532 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\f.vir
2008-01-21 00:50:02 . 2008-01-21 00:50:02 61,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\GoToAssistDownloadHelper.exe.vir
2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir
2007-05-10 18:40:37 . 2007-05-10 18:40:38 19,441 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\dasetup.log.vir
2006-10-19 03:47:22 . 2006-10-19 03:47:22 2,450,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15BB.tmp.vir
2006-10-19 03:47:18 . 2006-10-19 03:47:18 222,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15AF.tmp.vir
2006-10-19 03:47:18 . 2006-10-19 03:47:18 33,792 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C5.tmp.vir
2006-10-19 03:47:18 . 2006-10-19 03:47:18 37,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C6.tmp.vir
2006-10-19 03:47:16 . 2006-10-19 03:47:16 321,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C4.tmp.vir
2006-10-19 03:47:16 . 2006-10-19 03:47:16 175,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C9.tmp.vir
2006-10-07 12:04:42 . 2006-10-07 12:04:40 30,720 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\CdaC13BA.EXE.vir
2006-10-07 12:04:42 . 2006-10-07 12:04:40 112,128 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\CdaC14BA.DLL.vir
2006-07-06 19:06:12 . 2006-07-06 19:06:15 2,100 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\HPSU_48BitScanUpdate.log.vir
2006-04-06 12:36:42 . 2005-01-28 19:44:28 5,525,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\setb0.tmp.vir
2006-03-08 12:20:49 . 2006-03-08 12:20:49 118,842 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe.vir
2006-03-08 11:59:50 . 2004-10-25 22:17:56 90,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ps2.bat.vir

NOTES and Questions TO YOU: WHile I was uninstalling and reinstalling bitdefender-it asked me to uninstall the malwarbytes so it wouldn't conflict. I did that. The only defense I had on the system was the firewall that comes standard with Windows apparently. Warning signs came on so it was disabled in its security center. The other programs vp and spam were already off. I didn't know the center even existed.
Should I enable that now or ever? I don't see it's program file to uninstall or delete it. Where is it hiding and under what name? Should I reinstall Malwarebytes? The mouse seems a little slow but the keyboard is working fine as long as I don't have anything open at the same time. I sure hope it worked this time. Took hours. I went to bed.
 
I need more instruction

I thought I did run that Bobbye. I dragged the txt file and dropped it into the exe file and it started the combo fix run. What did I do run. I've never been a good drag and dropper. Could you explain it to this newbie? Thanks and I'll try it again.
 
It's in there.

The exe file says the txt file is already there. When I go to drag it in again-it says " do you want to replace and existing file?" Then it asks if I want to run it. What am I doing wrong?
 
Tried again

This time the txt file actually disappeared when I dragged and dropped into the ComboFIx. I'm sorry to be so lame. I don't understand why it said it was already there if it really wasn't. It's running now. I promise you are not wasting your time and I really do appreciate the time it takes to do all this.
 
Combo fix run number 3 txt file

ComboFix 12-02-22.01 - HP_Owner 02/22/2012 16:53:39.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2517 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
FILE ::
"c:\windows\system32\drivers\klbg.sys"
"c:\windows\system32\drivers\klim5.sys"
"c:\windows\system32\drivers\klmouflt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KLBG
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-22 07:36 . 2012-02-22 07:36 341547 ----a-w- c:\documents and settings\All Users\Application Data\1329894479.bdinstall.bin
2012-02-22 07:29 . 2012-02-22 07:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Bitdefender
2012-02-22 07:27 . 2012-02-22 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2012-02-22 07:11 . 2012-02-22 07:11 -------- d-----w- c:\program files\Bitdefender
2012-02-22 07:08 . 2011-08-16 20:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-02-22 07:08 . 2011-10-27 21:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-02-22 06:57 . 2012-02-22 07:08 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-03 19:24 . 2012-02-22 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 00:15 . 2012-01-19 00:15 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-01-19 00:15 . 2012-01-19 00:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-20_18.55.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-23 00:19 . 2012-02-23 00:19 16384 c:\windows\Temp\Perflib_Perfdata_924.dat
+ 2012-02-23 00:25 . 2012-02-23 00:25 16384 c:\windows\Temp\Perflib_Perfdata_240.dat
+ 2010-01-20 01:32 . 2010-01-20 01:32 85128 c:\windows\system32\drivers\bdvedisk.sys
+ 2005-06-25 05:32 . 2012-02-23 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-25 05:32 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-24 22:25 . 2012-02-23 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-22 07:59 . 2012-02-23 00:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-06-24 22:25 . 2012-02-18 22:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-03 17:48 . 2012-02-22 07:31 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
- 2012-02-03 17:48 . 2012-02-03 17:48 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
+ 2012-02-03 17:48 . 2012-02-22 07:31 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
+ 2012-02-22 07:31 . 2012-02-22 07:31 2318848 c:\windows\Installer\192db4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-01-24 1184640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HLBackupScheduler]
2011-05-05 14:11 4950664 ----a-w- c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2006-07-07 23:15 600896 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2006-07-07 23:14 576320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]
2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [1/18/2012 5:15 PM 609984]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [1/23/2012 7:23 PM 50128]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 240184]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [1/18/2012 5:15 PM 446696]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 17:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\Bitdefender\Bitdefender 2012\seccenter.exe
.
**************************************************************************
.
Completion time: 2012-02-22 17:52:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-23 00:52
ComboFix2.txt 2012-02-22 09:01
ComboFix3.txt 2012-02-20 19:08
.
Pre-Run: 108,592,693,248 bytes free
Post-Run: 108,604,989,440 bytes free
.
- - End Of File - - 9B5DFE4A854EDD36E1280BB181AFC4B9
 
I made a coding error in one of the entries you ran through the CFFix, so Ill give you that part again. But there are some entries we need to recheck:

We don't usually request the Qoobox file. However, in your case, seeing it permits me to advise you that there is a proper process for unintalling Combofix- we do that at the end of cleaning. But it appears that Combofix has been run on this system in 2004,2005, 2006, 2007, 2008, 2010 and the current 2/20.

Since uninstalling Combofix also removes the backups and logs it creates, it means that the uninstalls were never done. Some of the files showing in the Qoobox still appear in the Combofix log, so here's what I'd like you to do:


Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

When done, use Windows explorer (Windows key+E) to access Computer> Local Drive> Look on the C Drive and do a right click> Delete on any Combofix Directory (C:\Combofix)

Now go down to Programs (still in Windows Explorer)> click on Programs> If there is a Combofix folder> do a right click> Delete.
========================================
Reboot the computer
=====================================
Go back to my Reply #4 and pickup the Combofix download at this line:
"Download Combofix from HERE or HERE and save to the desktop

Follow the direction to run the new scan. Leave the new log in your next reply.

We're going to remove some of your 'old stuff' including old System Restore points that were infected. And by the way, did you know it appears you had an infected flash drive back in 2004??

The only log you need to leave is the log from the new Combofix log. (I don't need the Qoobox log)
 
Code error -your codefix corrected version is missing

Did you mean to include the corrected file for me to run the combo fix now? I don't see it here. I'll go ahead and clean off all the previous versions while I await your reply. Wow. No I had no idea this program had been done in the past. It wasn't done by me! And, I didn't know about a flash drive issue either. I rarely use them ever. Thanks Bobbye.
 
Combo fix done again.

Bobbye- this time I found all the hidden combo fix files, I hope! I even did extra searches to be sure I got everything with that word in it but who knows. I also deleted some lingering Norton files and folders from uninstalled programs that never deleted as I saw them in that doc and settings folder. Also, some old phone and camera folders and files that I don't own anymore.

While running the scan an error pop up came up saying PEV needs to close. I clicked Ok. It continued without issue. Computer seems to be running fine. Keyboard fast and mouse responsive again. Here's the text file from the log. Maybe I should have waited for you correction file? I sure hope not. Thank you.

ComboFix 12-02-23.01 - HP_Owner 02/23/2012 13:15:13.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2577 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 00:15 . 2012-01-19 00:15 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-01-19 00:15 . 2012-01-19 00:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-01-24 1184640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2006-07-07 23:15 600896 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2006-07-07 23:14 576320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]
2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [1/18/2012 5:15 PM 609984]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [1/23/2012 7:23 PM 50128]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 240184]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [1/18/2012 5:15 PM 446696]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
.
2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 13:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1856)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-23 13:42:38
ComboFix-quarantined-files.txt 2012-02-23 20:42
.
Pre-Run: 114,256,461,824 bytes free
Post-Run: 114,238,099,456 bytes free
.
- - End Of File - - 03BD4EB8606BB92A27008BD43D7FA1A1
 
Is it ok to turn off my computer while i await instructions?

Hi Bobbye,
I just wondered if it's alright to turn off the computer while I wait for your next scan instruction or do I need to leave it running. It's kind of noisy. Something with the fan. Thanks.
 
Status
Not open for further replies.

Similar threads

N
Solved MBAM found malware, want to make sure everything is clean
Replies
18
Views
5K
Broni
Broni
T
Solved Trojans galore
2
Replies
36
Views
5K
Broni
Broni
Cryhavoc
Solved I think I got it bad
Replies
21
Views
5K
Broni
Broni

Latest posts

Back