cleaninigpc44
-
Posts
7 -
Joined
-
Last visited
-
Hi, I had some concerns with the SP3 installation. I have an old style laptop which I puchased (cheap) mainly becos it had the MS Professional Suite on it. Becos I puchased it privately, I don't have the CD or the product key that usually comes with this package. The laptop also doesn't have a lot of RAM on it. I was wondering if installing SP3 would affect my MS Professional Suite (i.e clean/wipe out)? Or maybe there's way some back-up to ensure it doesn't affect? Pls advise. Thank you.
-
I agree....its time to upgrade to SP3. I'll wait on your feedback on the PCPitstop results before proceeding.
-
I think I figured it out ..... here is it..... http://pcpitstop.com/betapit/sec.asp?conid=24981600
-
Hi, I have registered (created a new account). I go to scan my system and it tells me I need to download "Neptune" because I'm using Firefox. I change over to Internet Explorer and get a message that reads "PC PitStop Utility can't download. Maybe I'm doing something wrong?
-
Hi, I uninstalled Spybot as you instructed. I also ran SystemLook. Here is what I got : SystemLook 30.07.11 by jpshortstuff Log created at 11:44 on 10/07/2012 by roaming Administrator - Elevation successful ========== filefind ========== Searching for "c:\windows\system32\drivers\usbehci.sys" No files found. -= EOF =-
-
Sorry it took so long...ComboFix couldn't run on my very old laptop....laptop would hang, I would get "virtual memory low" errors etc. Here there are MBAM was run first,the ComboFix and last DDS. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.10.03 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 roaming :: LAPPIE486 [administrator] Protection: Enabled 7/10/2012 12:36:49 AM mbam-log-2012-07-10 (00-36-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 188835 Time elapsed: 16 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ******************************************************************************************************************************* ComboFix 12-07-08.03 - roaming 07/10/2012 2:31.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223.19 [GMT -5:00] Running from: c:\documents and settings\roaming\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\roaming\Application Data\342024875.log c:\documents and settings\roaming\Application Data\602024875.log c:\documents and settings\roaming\Application Data\Nyqe c:\documents and settings\roaming\Application Data\Nyqe\zaci.exe c:\documents and settings\roaming\g2mdlhlpx.exe . c:\windows\system32\drivers\usbehci.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-06-24 15:33 . 2012-06-24 15:32 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-24 15:30 . 2012-06-24 15:32 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 15:20 . 2012-06-24 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-06-24 15:10 . 2012-06-24 15:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-24 15:10 . 2012-06-24 15:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 20:34 . 2012-06-23 20:34 -------- d-----w- c:\documents and settings\roaming\Application Data\Malwarebytes 2012-06-23 20:33 . 2012-06-23 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-06-23 20:33 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-23 20:33 . 2012-07-10 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-14 07:51 . 2012-06-23 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-06-14 07:51 . 2012-06-14 18:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-14 07:21 . 2012-06-14 07:21 -------- d-----w- c:\windows\system32\wbem\Repository . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-24 15:32 . 2011-07-23 20:36 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-10 10:25 . 2011-07-21 16:29 230808 ----a-r- c:\windows\system32\cpnprt2.cid 2006-12-29 14:15 . 2011-07-20 21:26 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2006-12-29 14:15 . 2011-07-20 21:26 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2006-12-29 14:15 . 2011-07-20 21:26 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2006-12-29 14:15 . 2011-07-20 21:26 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx 2009-07-30 18:19 . 2009-07-30 18:19 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-07-30 18:20 . 2009-07-30 18:20 185232 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-07-30 18:20 . 2009-07-30 18:20 99216 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2009-07-30 18:22 . 2009-07-30 18:22 42312 ----a-w- c:\program files\mozilla firefox\plugins\wbxtccli.dll 2009-07-30 18:22 . 2009-07-30 18:22 38216 ----a-w- c:\program files\mozilla firefox\plugins\wbxtcholcli.dll 2012-06-24 15:12 . 2012-04-24 22:54 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\documents and settings\roaming\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ EZ ConnectTM g 108Mbps Wireless USB Utility.lnk - c:\program files\SMC\EZ ConnectTM g 108Mbps Wireless USB Adapter\SMCWUSBT.exe [2006-4-26 471040] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/23/2012 3:33 PM 654408] R2 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [4/21/2004 5:51 PM 16384] R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [5/28/2009 8:20 PM 26624] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/23/2012 3:33 PM 22344] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 5:54 PM 113120] S3 SMCUSBT;EZ ConnectTM g 108Mbps Wireless USB Adapter Service;c:\windows\system32\drivers\smcusbt1.sys [11/6/2009 4:46 PM 360000] . --- Other Services/Drivers In Memory --- . *Deregistered* - MBAMSwissArmy . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-07-23 03:18] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 196.148.30.1 FF - ProfilePath - c:\documents and settings\roaming\Application Data\Mozilla\Firefox\Profiles\b1j5g1ua.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Agtoavl - c:\documents and settings\roaming\Application Data\Nyqe\zaci.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 02:54 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-07-10 03:01:43 ComboFix-quarantined-files.txt 2012-07-10 08:01 . Pre-Run: 7,700,586,496 bytes free Post-Run: 7,719,743,488 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 3021BEB4D889A36066E0887B7EB68939 ****************************************************************************************************************************** . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by roaming at 8:46:46 on 2012-07-10 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223.51 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SMC\EZ ConnectTM g 108Mbps Wireless USB Adapter\SMCWUSBT.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {E8558D71-5E4E-4217-B608-D2F5D3623AE3} - No File uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Agtoavl] "c:\documents and settings\roaming\application data\nyqe\zaci.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\roaming\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ezconn~1.lnk - c:\program files\smc\ez connecttm g 108mbps wireless usb adapter\SMCWUSBT.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 196.148.30.1 TCP: Interfaces\{ADECFFDA-2C63-4730-B7C9-355DB3554575} : DhcpNameServer = 196.148.30.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\roaming\application data\mozilla\firefox\profiles\b1j5g1ua.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-23 654408] R2 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384] R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2009-5-28 26624] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-23 22344] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120] S3 SMCUSBT;EZ ConnectTM g 108Mbps Wireless USB Adapter Service;c:\windows\system32\drivers\smcusbt1.sys [2009-11-6 360000] . =============== Created Last 30 ================ . 2012-07-10 06:13:51 -------- d-sha-r- C:\cmdcons 2012-07-10 04:49:33 98816 ----a-w- c:\windows\sed.exe 2012-07-10 04:49:33 518144 ----a-w- c:\windows\SWREG.exe 2012-07-10 04:49:33 256000 ----a-w- c:\windows\PEV.exe 2012-07-10 04:49:33 208896 ----a-w- c:\windows\MBR.exe 2012-06-24 15:33:36 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-24 15:30:24 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 15:10:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-24 15:10:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 20:34:19 -------- d-----w- c:\documents and settings\roaming\application data\Malwarebytes 2012-06-23 20:33:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-06-23 20:33:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-23 20:33:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-14 07:51:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-14 07:51:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-06-14 07:21:46 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-06-14 07:21:46 -------- d-----w- c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2012-06-24 15:32:51 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-10 10:25:42 230808 ----a-r- c:\windows\system32\cpnprt2.cid 2006-12-29 14:15:42 626688 ----a-w- c:\program files\common files\sapconsaccess.dll 2006-12-29 14:15:42 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx 2006-12-29 14:15:42 3100672 ----a-w- c:\program files\common files\sapxlhelper.dll 2006-12-29 14:15:42 192512 ----a-w- c:\program files\common files\sapconsr3.dll . ============= FINISH: 8:49:11.45 ===============
-
Hello, After clicking on a link I searched for (its a small business site that is valid), I immediately realized that it was a infected since its started downloading something to my sibling's laptop. Of course I tried to stop it and turned off the laptop but it was too late. Since this is an old laptop(Compaq with 224MB RAM), I didn't have Virus Protection running since its can barely run firefox and MS Office 2007 together(reason why I have it). I know that I have to fix that. The laptop runs fine and surfing resumed as normal...until I try to click any link from a "free virus scan" or " malwarebytes" search. Bascially I can't access this site from this laptop (using my desktop). I ran Malwareytes, both Quick and Full version, but nothing turned up. Would this infect another laptop if it used the same router port(router has less ports that we have devices) as the infected laptop? Thanks in advance. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by roaming at 10:03:06 on 2012-07-07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223.65 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SMC\EZ ConnectTM g 108Mbps Wireless USB Adapter\SMCWUSBT.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - No File BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {E8558D71-5E4E-4217-B608-D2F5D3623AE3} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Agtoavl] "c:\documents and settings\roaming\application data\nyqe\zaci.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\roaming\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ezconn~1.lnk - c:\program files\smc\ez connecttm g 108mbps wireless usb adapter\SMCWUSBT.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 192.168.20.1 TCP: Interfaces\{ADECFFDA-2C63-4730-B7C9-355DB3554575} : DhcpNameServer = 192.168.20.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\roaming\application data\mozilla\firefox\profiles\b1j5g1ua.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-23 654408] R2 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384] R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [2009-5-28 26624] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-23 22344] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120] S3 SMCUSBT;EZ ConnectTM g 108Mbps Wireless USB Adapter Service;c:\windows\system32\drivers\smcusbt1.sys [2009-11-6 360000] . =============== Created Last 30 ================ . 2012-06-24 15:33:36 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-24 15:30:24 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-24 15:10:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-24 15:10:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 20:34:19 -------- d-----w- c:\documents and settings\roaming\application data\Malwarebytes 2012-06-23 20:33:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-06-23 20:33:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-23 20:33:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-14 07:51:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-14 07:51:40 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-06-14 07:21:46 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-06-14 07:21:46 -------- d-----w- c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2012-06-24 15:32:51 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-10 10:25:42 230808 ----a-r- c:\windows\system32\cpnprt2.cid 2006-12-29 14:15:42 626688 ----a-w- c:\program files\common files\sapconsaccess.dll 2006-12-29 14:15:42 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx 2006-12-29 14:15:42 3100672 ----a-w- c:\program files\common files\sapxlhelper.dll 2006-12-29 14:15:42 192512 ----a-w- c:\program files\common files\sapconsr3.dll . ============= FINISH: 10:05:38.21 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/29/2009 2:04:32 AM System Uptime: 7/7/2012 6:40:17 AM (4 hours ago) . Motherboard: Compaq | | 07D4h Processor: Mobile AMD Athlon™ XP 1600+ | U23 | 1391/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 19 GiB total, 7.064 GiB free. D: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Video Controller (VGA Compatible) Device ID: PCI\VEN_1002&DEV_4336&SUBSYS_00B00E11&REV_00\4&1764180E&0&2808 Manufacturer: Name: Video Controller (VGA Compatible) PNP Device ID: PCI\VEN_1002&DEV_4336&SUBSYS_00B00E11&REV_00\4&1764180E&0&2808 Service: . Class GUID: Description: Ethernet Controller Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\4&3746BD07&0&0050 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_2051168C&REV_01\4&3746BD07&0&0050 Service: . ==== System Restore Points =================== . RP216: 5/8/2012 11:37:57 PM - System Checkpoint RP217: 5/11/2012 1:13:16 PM - System Checkpoint RP218: 5/12/2012 1:51:47 PM - System Checkpoint RP219: 5/14/2012 5:14:02 AM - System Checkpoint RP220: 5/17/2012 7:38:01 PM - System Checkpoint RP221: 5/19/2012 1:26:09 AM - System Checkpoint RP222: 5/21/2012 3:22:07 AM - System Checkpoint RP223: 5/23/2012 4:29:32 PM - System Checkpoint RP224: 5/25/2012 9:17:12 AM - System Checkpoint RP225: 5/26/2012 1:01:07 PM - System Checkpoint RP226: 5/27/2012 4:31:04 PM - System Checkpoint RP227: 5/29/2012 10:28:43 PM - System Checkpoint RP228: 5/31/2012 1:16:20 PM - System Checkpoint RP229: 6/1/2012 4:45:26 PM - System Checkpoint RP230: 6/2/2012 8:50:45 PM - System Checkpoint RP231: 6/3/2012 9:17:41 PM - System Checkpoint RP232: 6/4/2012 10:43:05 PM - System Checkpoint RP233: 6/6/2012 8:37:36 PM - System Checkpoint RP234: 6/8/2012 11:23:42 PM - System Checkpoint RP235: 6/10/2012 1:40:12 PM - System Checkpoint RP236: 6/11/2012 7:19:39 PM - System Checkpoint RP237: 6/13/2012 7:32:19 PM - System Checkpoint RP238: 6/14/2012 2:14:15 AM - Restore Operation RP239: 6/15/2012 5:03:36 PM - System Checkpoint RP240: 6/23/2012 1:08:17 PM - System Checkpoint RP241: 6/24/2012 10:27:28 AM - Removed Java™ 6 Update 31 RP242: 6/24/2012 10:31:46 AM - Installed Java™ 6 Update 33 RP243: 6/26/2012 1:35:51 AM - System Checkpoint RP244: 6/27/2012 12:54:45 PM - System Checkpoint RP245: 6/28/2012 3:09:09 PM - System Checkpoint RP246: 6/29/2012 7:12:24 PM - System Checkpoint RP247: 6/30/2012 7:55:11 PM - System Checkpoint RP248: 7/1/2012 8:24:37 PM - System Checkpoint RP249: 7/3/2012 3:02:05 PM - System Checkpoint RP250: 7/5/2012 2:48:02 PM - System Checkpoint RP251: 7/6/2012 6:16:54 PM - System Checkpoint . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Coupon Printer for Windows Crystal Reports 2008 SP3 EZ ConnectTM g 108Mbps Wireless USB Adapter GoToMeeting 4.8.0.723 Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB981793) Java Auto Updater Java™ 6 Update 23 Java™ 6 Update 33 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft redistributable runtime DLLs VS2005(x86) Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Microsoft WSE 2.0 SP3 Runtime Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSN MSXML 4.0 SP2 (KB954430) MyScribe SAP GUI 7.10 Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981350) Security Update for Windows XP (KB982381) Spybot - Search & Destroy Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB898461) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebEx Training Manager for Firefox or Chrome WebFldrs XP Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 . ==== Event Viewer Messages From Past Week ======== . 7/3/2012 3:39:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service. 7/3/2012 11:55:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 7/3/2012 11:55:56 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/2/2012 4:36:32 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{ADECFFDA-2C63-4730-B7C9-355DB3554575} because another computer on the network has the same name. The server could not start. 7/2/2012 4:11:38 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File ===========================