Tweet
Here is my latest Shortcut.txt, attached
-
-
Hi again - I have not yet run the Combofix - should I go ahead and do that?
ThanksComment
-
Did you get a fixlog?
Please run CombofixComment
-
Here below is the fixlog. I will run Combofix
Fix result of Farbar Recovery Scan Tool (x86) Version: 13-07-2017
Ran by Patricia Murphy (15-07-2017 00:30:57) Run:1
Running from C:\Documents and Settings\Patricia Murphy\Desktop
Loaded Profiles: Patricia Murphy (Available Profiles: Patricia Murphy & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
CloseProcesses:
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\PATRIC~1\APPLIC~1\WSE_VO~1\UPDATE~1\UP DATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
C:\Program Files\EnterDigital
MSCONFIG\startupreg: ApnUpdater => “C:\Program Files\Ask.com\Updater\Updater.exe”
MSCONFIG\startupreg: MapsGalaxy Home Page Guard 32 bit => “C:\PROGRA~1\MAPSGA~2\bar\1.bin\AppIntegrator.exe”
MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => “C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe” /m=2 /w /h
MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~1\MAPSGA~2\bar\1.bin\39brmon.exe
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
CustomCLSID: HKU\S-1-5-21-693440143-1380487613-1125637980-1006_Classes\CLSID{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 → C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll => No File
Shortcut: C:\Documents and Settings\Patricia Murphy\NetHood\My Web Sites on MSN\target.lnk → hxxp://www.msnusers.co
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WebrootSpySweeperService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WebrootSpySweeperService => “”=“Service”
CMD: sc delete hpqddsvc
EmptyTemp:
CMD: FOR /F “usebackq delims==” %i IN ([ICODE]wevtutil el[/ICODE]) DO wevtutil cl “%i”
Processes closed successfully.
C:\WINDOWS\Tasks\At1.job => not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
C:\Program Files\EnterDigital => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy Home Page Guard 32 bit => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy Search Scope Monitor => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MapsGalaxy_39 Browser Plugin Loader => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched => key removed successfully.
HKU\S-1-5-21-693440143-1380487613-1125637980-1006_Classes\CLSID{26842a09-ffa8-4e2c-ae12-0c80f01c3295} => key removed successfully.
C:\Documents and Settings\Patricia Murphy\NetHood\My Web Sites on MSN\target.lnk => moved successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Min imal\WebrootSpySweeperService => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\WebrootSpySweeperService => key removed successfully.
========= sc delete hpqddsvc =========
[SC] DeleteService SUCCESS
========= End of CMD: =========
========= FOR /F “usebackq delims==” %i IN ([ICODE]wevtutil el[/ICODE]) DO wevtutil cl “%i” =========
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 10159 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 33103 B
Java, Flash, Steam htmlcache => 598081 B
Windows/system/dllcache/drivers => 98691617 B
Edge => 0 B
Chrome => 1532738 B
Firefox => 4526614 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 83584 B
All Users => 0 B
systemprofile => 1212165975 B
LocalService => 26237765 B
NetworkService => 16187757 B
Patricia Murphy => 77641174 B
Administrator => 83584 B
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 00:33:55 ====Comment
-
Here is the Combofix log - at least, I think this is the correct log:
ComboFix 17-07-07.01 - Patricia Murphy 07/19/2017 12:16:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.211 [GMT -4:00]
Running from: c:\documents and settings\Patricia Murphy\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup14885002.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup5314062.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup6967652.exe
c:\documents and settings\Patricia Murphy\WINDOWS
C:\Documents
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2017-06-19 to 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-18 14:05 . 2017-07-08 03:48 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\mpengine.dll
2017-07-14 04:03 . 2017-07-18 14:12 -------- d-----w- C:\FRST
2017-07-09 04:02 . 2017-07-09 04:04 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2017-07-08 05:30 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Chromium
2017-07-08 05:29 . 2017-07-08 05:29 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\chromium
2017-07-08 05:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2017-07-08 05:28 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data{512E6772-7586-0BCA-181E-2E223C76D2BA}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2017-07-08 03:48 . 2013-05-04 23:11 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-23 21:19 . 2014-10-16 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
“Download”=“c:\documents and settings\Patricia Murphy\Local Settings\Application Data\SupportSoft\ddoctorv2\Patricia Murphy\ssGet.exe” [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
“ISUSPM Startup”=“c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-06-10 249856]
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 81920]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2008-03-26 49152]
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe” [2008-03-13 81920]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2006-03-27 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
“WIAWizardMenu”=“c:\windows\system32\sti_ci.dll” [2008-04-14 136704]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Curr entVersion\Run]
“DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe” [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@=“Service”
.
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 05:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 05:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 05:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-12-28 17:56 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 17:55 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2005-12-12 21:06 874064 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-27 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-30 00:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe [12/12/2011 12:03 PM 363128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1 \MAPSGA~2\bar\1.bin\39barsvc.exe [7/31/2014 4:27 PM 88648]
S2 Update EnterDigital;Update EnterDigital;“c:\program files\EnterDigital\updateEnterDigital.exe” → c:\program files\EnterDigital\updateEnterDigital.exe [?]
S2 Util EnterDigital;Util EnterDigital;“c:\program files\EnterDigital\bin\utilEnterDigital.exe” → c:\program files\EnterDigital\bin\utilEnterDigital.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-22 17:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Inst aller\chrmstp.exe
.
Contents of the ‘Scheduled Tasks’ folder
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10FTI__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10FTI__alt__ddc_dss_bd_com&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - ExtSQL: !HIDDEN! 2009-09-01 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-09-15 20:17; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=&q=
FF - user.js: extensions.srchvstrn.id - 0015C50A7DE97147
FF - user.js: extensions.srchvstrn.instlDay - 16394
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:0:55
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_tier1_14_47_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 444550780
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN 0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyE tBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtA tG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F 0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG 0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE 0A0E2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: xpinstall.signatures.required - false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE “%1”
. - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
AddRemove-EnterDigital - c:\program files\EnterDigital\EnterDigitalUn.exe
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
- ORPHANS REMOVED - - - -
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-19 12:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\WINDOWS\system32\Macromed\F lash\FlashUtil32_15_0_0_189_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=“c:\WINDOWS\system32\Macromed\Flash\FlashUtil32_ 15_0_0_189_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker6”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=“{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders \À*¬ Æ]
“Path”=“c:\WINDOWS\system32\config\systemprofile\A pplication Data\Intel\Wireless\”
.
Completion time: 2017-07-19 12:41:08
ComboFix-quarantined-files.txt 2017-07-19 16:41
.
Pre-Run: 56,571,883,520 bytes free
Post-Run: 55,920,693,248 bytes free
.- End Of File - - EE699859D6F416609A51CF5B708E6B50
DEA9E81F0228B68C9ADAF84C9B0CF931
- End Of File - - EE699859D6F416609A51CF5B708E6B50
Comment
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
-
Hi - I found this log generated also - I think it is the same as the one above, but just pasting this onenow, just in case:
ComboFix 17-07-07.01 - Patricia Murphy 07/19/2017 12:16:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.211 [GMT -4:00]
Running from: c:\documents and settings\Patricia Murphy\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup14885002.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup5314062.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup6967652.exe
c:\documents and settings\Patricia Murphy\WINDOWS
C:\Documents
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2017-06-19 to 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-18 14:05 . 2017-07-08 03:48 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\mpengine.dll
2017-07-14 04:03 . 2017-07-18 14:12 -------- d-----w- C:\FRST
2017-07-09 04:02 . 2017-07-09 04:04 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2017-07-08 05:30 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Chromium
2017-07-08 05:29 . 2017-07-08 05:29 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\chromium
2017-07-08 05:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2017-07-08 05:28 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data{512E6772-7586-0BCA-181E-2E223C76D2BA}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2017-07-08 03:48 . 2013-05-04 23:11 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-23 21:19 . 2014-10-16 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
“Download”=“c:\documents and settings\Patricia Murphy\Local Settings\Application Data\SupportSoft\ddoctorv2\Patricia Murphy\ssGet.exe” [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
“ISUSPM Startup”=“c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-06-10 249856]
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 81920]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2008-03-26 49152]
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe” [2008-03-13 81920]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2006-03-27 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
“WIAWizardMenu”=“c:\windows\system32\sti_ci.dll” [2008-04-14 136704]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Curr entVersion\Run]
“DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe” [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@=“Service”
.
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 05:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 05:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 05:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-12-28 17:56 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 17:55 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2005-12-12 21:06 874064 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-27 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-30 00:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe [12/12/2011 12:03 PM 363128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1 \MAPSGA~2\bar\1.bin\39barsvc.exe [7/31/2014 4:27 PM 88648]
S2 Update EnterDigital;Update EnterDigital;“c:\program files\EnterDigital\updateEnterDigital.exe” → c:\program files\EnterDigital\updateEnterDigital.exe [?]
S2 Util EnterDigital;Util EnterDigital;“c:\program files\EnterDigital\bin\utilEnterDigital.exe” → c:\program files\EnterDigital\bin\utilEnterDigital.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-22 17:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Inst aller\chrmstp.exe
.
Contents of the ‘Scheduled Tasks’ folder
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10FTI__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10FTI__alt__ddc_dss_bd_com&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - ExtSQL: !HIDDEN! 2009-09-01 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-09-15 20:17; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=&q=
FF - user.js: extensions.srchvstrn.id - 0015C50A7DE97147
FF - user.js: extensions.srchvstrn.instlDay - 16394
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:0:55
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_tier1_14_47_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 444550780
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN 0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyE tBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtA tG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F 0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG 0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE 0A0E2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: xpinstall.signatures.required - false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE “%1”
. - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
AddRemove-EnterDigital - c:\program files\EnterDigital\EnterDigitalUn.exe
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
- ORPHANS REMOVED - - - -
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-19 12:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\WINDOWS\system32\Macromed\F lash\FlashUtil32_15_0_0_189_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=“c:\WINDOWS\system32\Macromed\Flash\FlashUtil32_ 15_0_0_189_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker6”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=“{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders \À*¬ Æ]
“Path”=“c:\WINDOWS\system32\config\systemprofile\A pplication Data\Intel\Wireless\”
.
Completion time: 2017-07-19 12:41:08
ComboFix-quarantined-files.txt 2017-07-19 16:41
.
Pre-Run: 56,571,883,520 bytes free
Post-Run: 55,920,693,248 bytes free
.- End Of File - - EE699859D6F416609A51CF5B708E6B50
DEA9E81F0228B68C9ADAF84C9B0CF931
- End Of File - - EE699859D6F416609A51CF5B708E6B50
Comment
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
-
Ok, here is the most recent FRST log, and I will follow with the Addition.txt log:
ComboFix 17-07-07.01 - Patricia Murphy 07/19/2017 12:16:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.211 [GMT -4:00]
Running from: c:\documents and settings\Patricia Murphy\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup14885002.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup5314062.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup6967652.exe
c:\documents and settings\Patricia Murphy\WINDOWS
C:\Documents
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2017-06-19 to 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-18 14:05 . 2017-07-08 03:48 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\mpengine.dll
2017-07-14 04:03 . 2017-07-18 14:12 -------- d-----w- C:\FRST
2017-07-09 04:02 . 2017-07-09 04:04 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2017-07-08 05:30 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Chromium
2017-07-08 05:29 . 2017-07-08 05:29 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\chromium
2017-07-08 05:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2017-07-08 05:28 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data{512E6772-7586-0BCA-181E-2E223C76D2BA}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2017-07-08 03:48 . 2013-05-04 23:11 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-23 21:19 . 2014-10-16 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
“Download”=“c:\documents and settings\Patricia Murphy\Local Settings\Application Data\SupportSoft\ddoctorv2\Patricia Murphy\ssGet.exe” [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
“ISUSPM Startup”=“c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-06-10 249856]
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 81920]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2008-03-26 49152]
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe” [2008-03-13 81920]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2006-03-27 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
“WIAWizardMenu”=“c:\windows\system32\sti_ci.dll” [2008-04-14 136704]
.
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Curr entVersion\Run]
“DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe” [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@=“Service”
.
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 05:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 05:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 05:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-12-28 17:56 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 17:55 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2005-12-12 21:06 874064 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-27 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-30 00:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe [12/12/2011 12:03 PM 363128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1 \MAPSGA~2\bar\1.bin\39barsvc.exe [7/31/2014 4:27 PM 88648]
S2 Update EnterDigital;Update EnterDigital;“c:\program files\EnterDigital\updateEnterDigital.exe” → c:\program files\EnterDigital\updateEnterDigital.exe [?]
S2 Util EnterDigital;Util EnterDigital;“c:\program files\EnterDigital\bin\utilEnterDigital.exe” → c:\program files\EnterDigital\bin\utilEnterDigital.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-22 17:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Inst aller\chrmstp.exe
.
Contents of the ‘Scheduled Tasks’ folder
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10FTI__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10FTI__alt__ddc_dss_bd_com&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - ExtSQL: !HIDDEN! 2009-09-01 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-09-15 20:17; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=&q=
FF - user.js: extensions.srchvstrn.id - 0015C50A7DE97147
FF - user.js: extensions.srchvstrn.instlDay - 16394
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:0:55
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_tier1_14_47_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 444550780
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN 0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyE tBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtA tG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F 0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG 0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE 0A0E2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: xpinstall.signatures.required - false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE “%1”
. - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
AddRemove-EnterDigital - c:\program files\EnterDigital\EnterDigitalUn.exe
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
- ORPHANS REMOVED - - - -
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-19 12:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
scan completed successfully
hidden files: 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\WINDOWS\system32\Macromed\F lash\FlashUtil32_15_0_0_189_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@=“c:\WINDOWS\system32\Macromed\Flash\FlashUtil32_ 15_0_0_189_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker6”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@=“{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface{2998 17DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders \À*¬ Æ]
“Path”=“c:\WINDOWS\system32\config\systemprofile\A pplication Data\Intel\Wireless\”
.
Completion time: 2017-07-19 12:41:08
ComboFix-quarantined-files.txt 2017-07-19 16:41
.
Pre-Run: 56,571,883,520 bytes free
Post-Run: 55,920,693,248 bytes free
.- End Of File - - EE699859D6F416609A51CF5B708E6B50
DEA9E81F0228B68C9ADAF84C9B0CF931
- End Of File - - EE699859D6F416609A51CF5B708E6B50
Comment
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
-
Here is the Addition.txt:
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by Patricia Murphy (19-07-2017 14:36:43)
Running from C:\Documents and Settings\Patricia Murphy\Local Settings\Temporary Internet Files\Content.IE5\S7H2IYQK
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-04-14 01:36:21)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================
Administrator (S-1-5-21-693440143-1380487613-1125637980-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-693440143-1380487613-1125637980-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-693440143-1380487613-1125637980-1005 - Limited - Disabled)
Patricia Murphy (S-1-5-21-693440143-1380487613-1125637980-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Patricia Murphy
SUPPORT_388945a0 (S-1-5-21-693440143-1380487613-1125637980-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (HKLM...{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}) (Version: 2.1.4 - Hewlett-Packard) Hidden
7zip Packages (HKU\S-1-5-21-693440143-1380487613-1125637980-1006...\7zip Packages) (Version: - ) <==== ATTENTION
Adobe Flash Player 15 ActiveX (HKLM...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM...{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Bicycle® Bridge (HKLM...\Bicycle® Bridge) (Version: - )
Blackhawk Striker 2 (HKLM...\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6) (Version: 09/20/2005 11:54 AM - WildTangent)
Blasterball 2 (HKLM...\D1A6F3FD-7B40-443F-8767-BADB25A0D222) (Version: 09/20/2005 11:55 AM - WildTangent)
Broadcom Management Programs (HKLM...{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
BufferChm (HKLM...{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (HKLM...{E535C94A-B87F-4182-BEA8-1E9322078D3E}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Chromium (HKLM...{887960B9-D8F9-B139-6979-C1B9B9F91239}) (Version: - )
Conexant HDA D110 MDC V.92 Modem (HKLM...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBS YS_14F100C3) (Version: - )
Copy (HKLM...{E133E97F-5186-4503-BEC8-752EB9E8EBD7}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Corel Paint Shop Pro X (HKLM...{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Corel Photo Album 6 (HKLM...{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
Critical Update for Windows Media Player 11 (KB959772) (HKLM...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM...\Dell Digital Jukebox Driver) (Version: - )
Dell Game Console (HKLM...\Dell Game Console) (Version: - WildTangent)
Dell System Restore (HKLM...{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM...{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Desktop Doctor (HKLM...{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Destination Component (HKLM...{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM...{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM...{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Content Portal (HKLM...{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM...{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
DJ_AIO_03_F4200_ProductContext (HKLM...{6365C963-4B72-43F8-8392-2A5441EC2A86}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (HKLM...{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (HKLM...{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
Driver Support (HKLM...{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.44 - PC Drivers Headquarters, LP) <==== ATTENTION
EducateU (HKLM...{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
eSupportQFolder (HKLM...{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (HKLM...{B61A79BE-E94C-42C0-921D-8B7E5217069C}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (HKLM...{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - )
Get High Speed Internet! (HKLM...{7A3F0566-5E05-4919-9C98-456F6B5CF831}) (Version: 1.00.0000 - Dell)
Google Chrome (HKLM...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (HKLM...{D16B4BE6-8B10-422f-8034-96D1CA9483B5}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Hoyle Card Games 2005 (HKLM...{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM...{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing (HKLM...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 11.0 (HKLM...\HP Solution Center & Imaging Support Tools) (Version: 11.0 - HP)
HPProductAssistant (HKLM...{27197499-7680-4208-8FD8-5439CDB0FDC1}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM...{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM...{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Graphics Media Accelerator Driver (HKLM...{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
Intel(R) PROSet/Wireless Software (HKLM...\ProInst) (Version: 10.1.0.3 - Intel Corporation)
Internal Network Card Power Management (HKLM...{1F528948-0E80-4C96-B455-DE4167CB1DF7}) (Version: 1.7.2 - )
Learn2 Player (Uninstall Only) (HKLM...\StreetPlugin) (Version: - )
MapsGalaxy Internet Explorer Toolbar (HKLM...\MapsGalaxy_39bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
mCore (HKLM...{E81667C6-2856-46D6-ABEA-6A2F42166779}) (Version: 5.45.0000 - Intel Corporation) Hidden
mDrWiFi (HKLM...{F6090A17-0967-4A8A-B3C3-422A1B514D49}) (Version: 5.45.0000 - Intel Corporation) Hidden
mHlpDell (HKLM...{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}) (Version: 5.45.0000 - Intel) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM...{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM...{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM...{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM...{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM...{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
mIWA (HKLM...{3E9D596A-61D4-4239-BD19-2DB984D2A16F}) (Version: 5.45.0000 - Intel Corporation) Hidden
mLogView (HKLM...{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}) (Version: 5.45.0000 - Intel Corporation) Hidden
mMHouse (HKLM...{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}) (Version: 5.45.0000 - Intel Corporation) Hidden
Modem Helper (HKLM...{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
Mozilla Firefox 19.0 (x86 en-US) (HKLM...\Mozilla Firefox 19.0 (x86 en-US)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
mPfMgr (HKLM...{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}) (Version: 5.45.0000 - Intel Corporation) Hidden
mPfWiz (HKLM...{90B0D222-8C21-4B35-9262-53B042F18AF9}) (Version: 5.45.0000 - Intel Corporation) Hidden
mProSafe (HKLM...{23FB368F-1399-4EAC-817C-4B83ECBE3D83}) (Version: 9.00.0000 - Intel) Hidden
MSN (HKLM...\MSNINST) (Version: - )
mSSO (HKLM...{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}) (Version: 5.45.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM...{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM...{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM...{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Musicmatch for Windows Media Player (HKLM...{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
Musicmatch® Jukebox (HKLM...{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.10.0097 - )
mWlsSafe (HKLM...{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}) (Version: 9.00.0000 - Intel) Hidden
mWMI (HKLM...{63DB9CCD-2B56-4217-9A3D-507AC78320CA}) (Version: 5.45.0000 - Intel Corporation) Hidden
mXML (HKLM...{9CC89556-3578-48DD-8408-04E66EBEF401}) (Version: 5.45.0000 - Intel Corporation) Hidden
mZConfig (HKLM...{94658027-9F16-4509-BBD7-A59FE57C3023}) (Version: 5.45.0000 - Intel Corporation) Hidden
NetWaiting (HKLM...{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
PowerDVD 5.7 (HKLM...{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PSSWCORE (HKLM...{09633A5E-3089-41A8-9FF1-382171423C5D}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Pure Networks Network Magic (HKLM...\Network Magic) (Version: 2.0.5346.1 - Pure Networks)
QuickSet (HKLM...{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.0.9 - )
QuickTime (HKLM...\QuickTime) (Version: - )
RealPlayer Basic (HKLM...\RealPlayer 6.0) (Version: - )
Scan (HKLM...{C89B5E3A-690F-4CEE-909A-BF869E198B0A}) (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Search Assist (HKLM...{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Shop for HP Supplies (HKLM...\Shop for HP Supplies) (Version: 11.0 - HP)
SmartWebPrinting (HKLM...{CC0E1AE3-091D-4969-B151-7AC142062C28}) (Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM...{593A6CAF-E114-4e31-884F-74FF349E8E36}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Sonic DLA (HKLM...{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic Encoders (HKLM...{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic RecordNow Audio (HKLM...{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM...{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM...{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM...{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Status (HKLM...{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM...\SynTPDeinstKey) (Version: 8.2.4.3 - Synaptics)
Toolbox (HKLM...{E96B0085-6659-486b-A221-5042A042728D}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (HKLM...{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM...\KB900325) (Version: - Microsoft Corporation)
URL Assistant (HKLM...{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VideoToolkit01 (HKLM...{22F761D1-8063-4170-ADF7-2D2F47834CA9}) (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM...\ViewpointMediaPlayer) (Version: - )
Vz In Home Agent (HKLM...{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}) (Version: 5.0207 - Verizon)
Vz In-Home Agent (HKLM...\VzInHomeAgent) (Version: 9.0.76.0 - Verizon)
WebFldrs XP (HKLM...{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM...{AA2E8A46-B45E-4aea-8A23-88AB57D04523}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
WildTangent Web Driver (HKLM...\WildTangent CDA) (Version: - )
Windows Defender (HKLM...{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM...\KB893803v2) (Version: - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM...\EmeraldQFE2) (Version: - Microsoft Corporation)
Windows Media Player 11 (HKLM...\Windows Media Player) (Version: - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM...\KB908246) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM...\XpsEPSC) (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers02: [DriveLetterAccess] → {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06] (Sonic Solutions)
ContextMenuHandlers05: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-12-14] (Intel Corporation)
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Documents and Settings\Patricia Murphy\Desktop\Email.lnk → C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) → hxxp://webmail.verizon.net
ShortcutWithArgument: C:\Documents and Settings\Patricia Murphy\Desktop\Laptop Items\Dell Download Center.lnk → C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) → hxxp://www.dell.com/download/
==================== Loaded Modules (Whitelisted) ==============
2005-12-28 14:11 - 2005-12-28 14:11 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
2005-12-28 14:11 - 2005-12-28 14:11 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2005-12-28 14:11 - 2005-12-28 14:11 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2005-08-16 06:18 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-16 06:18 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2005-08-16 06:18 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-16 06:18 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2005-08-16 06:18 - 2017-07-19 12:34 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-693440143-1380487613-1125637980-1006\Control Panel\Desktop\Wallpaper → C:\WINDOWS\Web\Wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupreg: Corel Photo Downloader => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ddoctorv2 => “C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe” /P ddoctorv2
MSCONFIG\startupreg: Dell QuickSet => C:\Program Files\Dell\QuickSet\quickset.exe
MSCONFIG\startupreg: DellSupport => “C:\Program Files\DellSupport\DSAgnt.exe” /startup
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: DVDLauncher => “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IntelWireless => “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
MSCONFIG\startupreg: IntelZeroConfig => “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
MSCONFIG\startupreg: ISUSPM Startup => “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
MSCONFIG\startupreg: ISUSScheduler => “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MimBoot => C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
MSCONFIG\startupreg: MMTray => C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
MSCONFIG\startupreg: ModemOnHold => C:\Program Files\NetWaiting\netWaiting.exe
MSCONFIG\startupreg: MSMSGS => “C:\Program Files\Messenger\msmsgs.exe” /background
MSCONFIG\startupreg: nmapp => “C:\Program Files\Pure Networks\Network Magic\nmapp.exe” -autorun -nosplash
MSCONFIG\startupreg: QuickTime Task => “C:\Program Files\QuickTime\qttask.exe” -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: ShowLOMControl =>
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [50000:UDP] => Enabled:IHA_MessageCenter
==================== Restore Points =========================
07-07-2017 23:44:56 Software Distribution Service 3.0
09-07-2017 03:00:26 Software Distribution Service 3.0
13-07-2017 00:19:38 System Checkpoint
13-07-2017 19:59:18 Software Distribution Service 3.0
14-07-2017 21:57:05 System Checkpoint
14-07-2017 23:39:09 Removed HP Update
14-07-2017 23:46:38 Removed Java 2 Runtime Environment, SE v1.4.2_03
14-07-2017 23:47:39 Removed Java 7 Update 21
14-07-2017 23:54:27 Removed NetZeroInstallers
16-07-2017 02:35:54 System Checkpoint
18-07-2017 10:05:04 Software Distribution Service 3.0
18-07-2017 10:24:25 Windows Defender Checkpoint
19-07-2017 13:31:33 System Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (07/19/2017 08:00:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application grep.3xe, version 0.0.0.0, faulting module grep.3xe, version 0.0.0.0, fault address 0x00009216.
Processing media-specific event for [grep.3xe!ws!]
Error: (07/19/2017 04:47:02 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service.
No Server Queue performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.
Error: (07/19/2017 04:47:02 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data from the Server service.
No Server performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.
Error: (07/19/2017 04:47:00 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service.
No Server Queue performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.
Error: (07/19/2017 04:47:00 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data from the Server service.
No Server performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.
Error: (07/14/2017 12:05:21 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (07/14/2017 12:05:21 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (07/13/2017 07:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hpqsrmon.exe, version 11.0.0.142, faulting module hpqsrmon.exe, version 11.0.0.142, fault address 0x000033c5.
Processing media-specific event for [hpqsrmon.exe!ws!]
Error: (07/13/2017 07:11:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ehshell.exe, version 5.1.2715.3011, faulting module ehui.dll, version 5.1.2715.3011, fault address 0x00061f80.
Processing media-specific event for [ehshell.exe!ws!]
Error: (09/22/2016 12:45:43 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.co...uthrootstl.cab > with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
[HEADING=1]System errors:[/HEADING]
Error: (07/19/2017 04:42:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
Error: (07/19/2017 04:23:19 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9
Error: (07/19/2017 04:22:59 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9
Error: (07/19/2017 04:21:12 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9
Error: (07/19/2017 04:16:32 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9
Error: (07/19/2017 04:16:04 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9
Error: (07/19/2017 01:02:41 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9
Error: (07/19/2017 01:01:02 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9
Error: (07/19/2017 01:00:08 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.
Error: (07/19/2017 01:00:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 62%
Total physical RAM: 502.37 MB
Available physical RAM: 190.66 MB
Total Virtual: 1226.68 MB
Available Virtual: 739.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:68.44 GB) (Free:52.67 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (Size: 73.1 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)
==================== End of Addition.txt ============================Comment
-
Copy the text between the lines of stars by highlighting and Ctrl + c.
Killall::
File::
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
Firefox::
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10FTI__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10FTI__alt__ddc_dss_bd_com&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDt CyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2 XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1 V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBt Gzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1 N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGz zyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&i r=&q=
FF - user.js: extensions.srchvstrn.id - 0015C50A7DE97147
FF - user.js: extensions.srchvstrn.instlDay - 16394
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:0:55
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_tier1_14_47_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 444550780
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN 0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyE tBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtA tG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F 0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG 0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE 0A0E2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: xpinstall.signatures.required - false
Driver::
MapsGalaxy_39Service
Update EnterDigital
Util EnterDigital
Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
c:\progra~1\MAPSGA~2
c:\program files\EnterDigital
C:\RECYCLER\S-1-5-21-693440143-1380487613-1125637980-1006
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
“Download”=-
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it’s still there.) You should see a file CFScript.txt on your desktop.
Pause your anti-virus.
Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
Post the new log.
Run FRST scan again with Addition.txt checked and post both logs.Comment
-
Hi - I started to do as you instructed, and Combofix started to run. And then there was a popup that read as follows, and ComboFix momentarily stopped:
Microsoft Windows Recovery Console
This machine does not have the ‘Microsoft Windows recovery console’ installed. Alternately, an existing installation of the recovery console may be present but requires updating.
Without it, CombFix shall not attempt the fixing of some serious infections.
Click ‘Yes’ to have ComboFix download/install it.
NOTE: this requires an active Internet connection
So, it gave me the yes and no click options. I have not clicked on either yet - what should I do here?
Also, on the anti-virus - I looked for this on the machine, and I do not think there is an active anti-virus program. Is there an easy way to see about this, like going to Control Panel or something? I don’t find any icon for an anti-virus program in the lower right corner eitherComment
-
Hi - ok, I went ahead and clicked on the ‘yes’ button as described in my previous post, and it could not download/install ‘Microsoft Windows recovery console’ anyway. When it is finished scanning and when I have the log, I will post it as instructed and then follow through with the FRST again.Comment
-
sorry, the machine shut down and I had to restart it. My question is this: on the instructions for ‘between the stars’ - can I just start to follow through with them again, or do other modifications have to be made? As always, many thanks for any help you can provide.Comment
-
Sorry for the delay. I’m not getting notices for some reason.
Just go ahead with the between the stars instructions.Comment
-
Hi - ok, I’ve had to restart with the between-the-stars instructions. When I did that, what happened on the screen was the following: an ‘AutoScan’ window popped up, and inside of it, it said this:
‘Scanning for infected files…
This typically doesn’t take more than 10 minutes
However, scan times for badly infected machines may easily double’
That screen has been there with the scanning taking place overnight, for about 12-13 hours now. It seems like something has gone wrong with this, so wondering what to do.Comment
-
Overnight is too long. Stop it and see if there is a log file. Usually it’s at C:\combofix.txt or C:\Combofix\combofix.txt
You may need to reboot to regain control of your PC.
When you started the between the stars stuff did you make the text log and drag it over to the combofix icon? Did it start from that?
Perhaps the killall: command is causing the problem. Some programs will fight it.
This is first time I’ve tried Combofix on this forum so there may be something in the way it formats the posts so I’ll make up a CFScript and attach it. Download it to the same folder where Combofix lives and drag it over to the combofix icon.Comment
Comment