Sequoia33

ComboFix.txtHere is the ComboFix log. Neat program.

OK. Will run that program now. P.S. The envelope in the recycle bin disappeared a few minutes ago. That was very strange.

I have internet access, I turned on Windows Firewall, and I checked for updates (there were none). The only problem I had was that the machine ran very slowly (noticed by 3 users). I received a pop-up to update Java to .25 or something. I was unable to receive the update because one program was running. When I checked the Task Mgr, it showed isq.exe running.

System was clean. system-log.txt mbar-log-2013-06-29 (16-49-57).txt

Never mind. I got lucky when clicking around.

How do you unzip the file?

Sorry, here's the rest dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: NameServer = 192.168.2.1 TCP: Interfaces\{7C311264-6170-45ED-828A-DCC804474CC3} : DHCPNameServer = 192.168.2.1 . ============= SERVICES / DRIVERS =============== . R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-5-3 152064] R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-5-3 49152] R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-17 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-17 682344] R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-5-3 246936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-17 21104] S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-17 35144] S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S4 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2011-5-6 193192] S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-8-16 14336] . =============== File Associations =============== . ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1" . =============== Created Last 30 ================ . 2013-06-08 19:22:04 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun 2013-06-08 19:21:25 867240 ----a-w- c:\windows\system32\npDeployJava1.dll . ==================== Find3M ==================== . 2013-06-29 14:13:10 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-22 19:09:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-22 19:09:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll 2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec 2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 14:06:50.98 ===============

Here are the RogueKiller results: | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160812AS +++++ --- User --- [MBR] c398dd1232c8f96914f850ac21485b16 [bSP] eb56c44a5e637616a189ce643b9b2203 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 147683 Mo 2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 302552145 | Size: 4855 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_06292013_142845.txt >>

Thank you for your quick response. Here are the results of the scan(s). DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by User at 14:06:12 on 2013-06-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.644 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\lxeccoms.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/7/2011 3:35:57 PM System Uptime: 6/29/2013 7:58:50 AM (7 hours ago) . Motherboard: Dell Inc. | | 0WG864 Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 144 GiB total, 121.3 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ROOT\LEGACY_SASKUTIL\0000 Manufacturer: Name: PNP Device ID: ROOT\LEGACY_SASKUTIL\0000 Service: . ==== System Restore Points =================== . RP232: 6/17/2013 8:55:46 AM - NEW RP233: 6/17/2013 9:40:23 PM - NEW RP234: 6/18/2013 7:43:13 PM - NEW RP235: 6/27/2013 5:26:48 PM - NEW RP236: 6/18/2013 7:42:53 PM - NEW RP237: 6/29/2013 8:03:01 AM - NEW RP238: 6/29/2013 8:02:42 AM - Removed Java 7 Update 21 RP239: 6/29/2013 8:02:30 AM - Installed Java 7 Update 25 RP240: 6/29/2013 7:57:52 AM - Removed Java 7 Update 25 . ==== Installed Programs ====================== . 924PLC32 Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) AOLIcon ATI Catalyst Control Center ATI Display Driver Belkin Setup and Router Monitor Belkin USB Print and Storage Center CCleaner Conexant D850 56K V.9x DFVc Modem Defraggler Dell CinePlayer Dell Driver Reset Tool Dell System Restore Digital Content Portal Digital Line Detect Documentation & Support Launcher ELIcon Games, Music, & Photos Launcher Google Earth Google Update Helper Hotfix for Windows XP (KB954550-v5) Image Plugin Intel® Matrix Storage Manager Intel® PRO Network Connections Internet Explorer (Enable DEP) Lexmark Pro800-Pro900 Series Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Standard 2006 Microsoft Digital Image Standard 2006 Editor Microsoft Digital Image Standard 2006 Library Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Word Viewer 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Word 2002 Microsoft Works Microsoft Works Suite 2006 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Modem Helper MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data SearchAssist Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2839229) Sonic Activation Module Sonic Encoders Sonic Update Manager Speccy swMSM Update for Windows Internet Explorer 8 (KB2598845) Wager Pro WebFldrs XP WinDirStat 1.1.2 Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 6/29/2013 7:12:45 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 6/27/2013 3:51:06 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 6/23/2013 10:00:25 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001676CCC978 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 6/22/2013 7:01:09 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.2.2. The machine with the IP address 192.168.2.1 did not allow the name to be claimed by this machine. . ==== End Of File =========================== Just noticed that the recycle bin has a folder, indicating contents. When I opened the bin, nothing was listed, but when I attempted to empty it the pop-up stated that I was trying to delete Windows.

Computer slowed, so used cont/alt/del and discovered iqs.exe running in background. MB did not prevent, remove, or discover this file. What next?

attach.zipdds.zip Difficulty accessing web. Ran scan, quarantined, removed infection. Still having difficulty accessing web.