Hi Super Dave:
Had to run Combo Fix in SAFE MODE. I hope it did what you were hoping for with that CFScript. I did peek and saw that Facebook and GeekPolice were no longer listed in the Trusted Sites area. I do not know where to look for Zone Alarm as I do not know where it was hiding to begin with. Hopefully it is gone as well.
How does the Combo Fix report look to you now?
ComboFix 13-02-23.01 - Owner 02/23/2013 13:30:10.16.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1608 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 )))))))))))))))))))))))))))))))
.
.
2013-02-23 21:14 . 2013-02-23 21:14 -------- dc----w- C:\Combo-Fix
2013-02-22 03:54 . 2013-02-22 03:54 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-19 22:36 . 2013-02-19 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2013-02-09 00:23 . 2013-02-09 00:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-02-08 23:12 . 2013-02-08 23:12 -------- d-----w- c:\program files\COMODO
2013-02-08 23:04 . 2013-02-08 23:04 130846192 ----a-w- c:\program files\cav_installer.exe
2013-02-08 14:23 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 14:23 . 2013-02-14 06:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-08 02:21 . 2013-02-08 02:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2013
2013-02-07 01:40 . 2013-02-07 01:40 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2013-02-07 01:11 . 2013-02-07 01:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2013-02-06 12:02 . 2013-02-06 20:50 36760 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-02-06 11:15 . 2013-02-06 11:15 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-02-03 22:08 . 2013-02-03 22:09 -------- d-----w- c:\program files\QuickTime
2013-02-03 22:08 . 2013-02-03 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-02-03 22:07 . 2013-02-03 22:07 -------- d-----w- c:\program files\Common Files\Apple
2013-02-03 22:06 . 2013-02-03 22:06 -------- d-----w- c:\program files\Apple Software Update
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-02-03 07:37 . 2013-02-03 22:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-01-29 07:52 . 2012-05-09 02:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-29 07:52 . 2010-11-27 02:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-29 07:24 . 2013-01-29 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-27 20:54 . 2013-01-27 20:54 4189792 ----a-w- c:\program files\ccsetup327.exe
2013-01-25 06:43 . 2013-01-25 06:43 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-25 06:43 . 2013-01-25 06:43 354752 ----a-w- c:\windows\system32\guard32.dll
2013-01-25 06:42 . 2013-01-25 06:42 40656 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-01-25 06:42 . 2013-01-25 06:42 263888 ----a-w- c:\windows\system32\cmdvrt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 22:03 . 2011-09-14 18:56 40437664 ----a-w- c:\program files\QuickTimeInstaller.exe
2013-01-29 07:21 . 2012-12-28 02:22 21494224 ----a-w- c:\program files\asc-setup.exe
2013-01-26 03:55 . 2003-07-16 20:40 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-17 03:51 . 2013-01-17 03:51 98752 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-17 03:51 . 2013-01-17 03:51 586728 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-01-17 03:51 . 2013-01-17 03:51 32824 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-17 03:51 . 2013-01-17 03:51 18536 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-01-16 02:49 . 2012-12-28 03:56 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-12 21:50 . 2013-01-12 21:50 4178040 ----a-w- c:\program files\ccsetup326.exe
2013-01-12 20:32 . 2012-11-24 22:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 20:32 . 2011-07-22 08:54 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 00:40 . 2012-11-18 00:43 24265736 ----a-w- c:\program files\dotnetfx.exe
2013-01-07 01:16 . 2003-07-16 20:39 2193024 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2002-08-29 01:04 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2003-07-16 20:34 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2003-05-13 17:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-12-18 19:00 . 2012-11-03 00:40 4976384 ----a-w- c:\program files\defragsetup.exe
2012-12-16 12:23 . 2003-07-16 20:24 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-18 00:57 . 2012-11-18 00:57 2959376 ----a-w- c:\program files\dotnetfx35setup.exe
2012-10-28 00:17 . 2012-10-28 00:17 38984 ----a-w- c:\program files\DellPCDiagnostics.exe
2012-10-27 22:47 . 2012-10-27 22:47 347424 ----a-w- c:\program files\MicrosoftFixit.AudioPlayback.Run.exe
2012-10-27 19:10 . 2012-10-27 19:10 10669896 ----a-w- c:\program files\mbam-setup.exe
2012-02-24 00:50 . 2012-02-24 00:50 8669472 ----a-w- c:\program files\Windows7UpgradeAdvisorSetup.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"ZoneAlarm Installer"="c:\program files\CheckPoint\Install\Launcher.exe" "c:\program files\CheckPoint\Install\Install.exe" /r install /c "c:\program files\CheckPoint\Install\Install.xml" /l /w
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
"COMODO Internet Security"=c:\program files\COMODO\COMODO Internet Security\cistray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/28/2013 11:52 PM 14776]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/16/2013 7:51 PM 18536]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [1/16/2013 7:51 PM 586728]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/16/2013 7:51 PM 32824]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R3 ch7009;ch7009;c:\windows\system32\drivers\ch7009.sys [10/27/2012 11:32 AM 20224]
R3 ch7017;ch7017;c:\windows\system32\drivers\ch7017.sys [10/27/2012 11:32 AM 26368]
R3 fs454;fs454;c:\windows\system32\drivers\fs454.sys [10/27/2012 11:32 AM 15616]
R3 igdmini;igdmini;c:\windows\system32\drivers\igdmini.sys [10/27/2012 11:32 AM 256896]
R3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [10/27/2012 11:32 AM 5632]
R3 ns2501;ns2501;c:\windows\system32\drivers\ns2501.sys [10/27/2012 11:32 AM 7424]
R3 ns387;ns387;c:\windows\system32\drivers\ns387.sys [10/27/2012 11:32 AM 5376]
R3 sii164;sii164;c:\windows\system32\drivers\sii164.sys [10/27/2012 11:32 AM 4992]
R3 th164;th164;c:\windows\system32\drivers\th164.sys [10/27/2012 11:32 AM 4736]
R3 ti410;ti410;c:\windows\system32\drivers\ti410.sys [10/27/2012 11:32 AM 4864]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [1/24/2013 10:42 PM 127184]
S3 d3dUtil;d3dutil;c:\windows\system32\drivers\d3dutil.sys [10/27/2012 11:32 AM 2560]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 12:47 PM 14336]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [9/3/2012 9:54 PM 22640]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys --> c:\documents and settings\Owner\Desktop\SysProt\SysProt\SysProtDrv.sys [?]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-01-25 06:42]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-23 21:52]
.
2013-02-05 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2012-12-18 19:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page =
hxxp://www.dogpile.com/uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%sTCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig -
hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-02-23 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,89,37,d4,0f,f6,56,43,88,58,fb,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(744)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
.
**************************************************************************
.
Completion time: 2013-02-23 13:57:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-23 21:57
.
Pre-Run: 16,315,092,992 bytes free
Post-Run: 16,370,515,968 bytes free
.
- - End Of File - - 116E12C9F1A6A2D6CCBAD24515A865FF
Thanks,
Karen