Jump to content

dacarrera

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Looks like all is well. No one has been redirected over the last few days. Thank you for help.
  2. Sorry. I removed MS Essentials. Then went to the link and had to download winzip to extract the donetfx.exe file. I was not able to breakout all the files as indicated, but ran the manual update this morning and it seemed to work. I hav not had a chance to verify the redirect issue is gone. I will check it out after work tonight and let you know. My son is back at school and I work during the day. Thanks for checking back.
  3. Jeff, I downloaded Avast and have it running with Malwarebytes. MS Essentials still does not activate. Windows Automatic Updates gives the following message: "The following updates were not installed: "Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)"" Today the account Cris was redirected using Internet Explorer. Neither AVAST or Malwarebytes scans show anything. Is there something else I can run?
  4. Jeff, Thank you for all your help. I have actually had my son working through this with you while he was home from college. I have been checking on progress periodically and very happy with how quickly you responded after each scan. He tells me that everything you listed in your last post has been done. The only item which we still have a question on is weather MS Security Essentials should be able to run in conjunction with Malwarebytes. He was not able to reactivate it with Malwarebytes on the machine. If not, do you feel the Malwarebytes provides adequate protection? This machine was a hand me down from my company, so when CA software license expired I planned on just using MS Essentials. I had used McAffee on previous machines, but it really slowed them down. Thanks again.
  5. Everything seem to be running good still. No redirects form search engines. Heres the log: ComboFix 13-01-08.01 - Cris 01/09/2013 15:13:12.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1454 [GMT -5:00] Running from: c:\documents and settings\Cris\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cris\Desktop\CFScript.txt AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . FILE :: "c:\documents and settings\Conner\Local Settings\Temp\is1438683437\dealply.exe" "c:\documents and settings\Conner\Local Settings\Temp\is1438683437\MyBabylonTB.exe" "c:\documents and settings\Conner\Local Settings\Temp\nsj9A4.tmp\OCSetupHlp.dll" "c:\documents and settings\Conner\Local Settings\Temp\tmp915.tmp.exe" "c:\documents and settings\Conner\My Documents\Downloads\ArcadeWebSetup (1).exe" "c:\documents and settings\Conner\My Documents\Downloads\ArcadeWebSetup.exe" "c:\documents and settings\Conner\My Documents\Downloads\digitaldj.exe" "c:\documents and settings\Conner\My Documents\Downloads\DJSoftwareInstaller.exe" "c:\documents and settings\Conner\My Documents\Downloads\flstudio_10.0.9c.exe" "c:\documents and settings\Conner\My Documents\Downloads\GameHouse-Installer_am-plantsvszombiestm_gamehouse_.exe" "c:\documents and settings\Conner\My Documents\Downloads\s-w-a-t-assault-2.exe" "c:\documents and settings\Cris\My Documents\Downloads\winzip155.exe" "c:\documents and settings\Kyle 2\My Documents\Downloads\winzip155.exe" . . ((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 ))))))))))))))))))))))))))))))) . . 2013-01-09 15:26 . 2013-01-09 15:26 -------- d-----w- c:\documents and settings\Cris\Local Settings\Application Data\Sun 2013-01-09 15:22 . 2013-01-09 15:22 -------- d-----w- c:\program files\Common Files\Java 2013-01-09 15:22 . 2013-01-09 15:21 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-09 15:22 . 2013-01-09 15:21 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-09 15:22 . 2013-01-09 15:21 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-09 15:21 . 2013-01-09 15:21 -------- d-----w- c:\program files\Java 2013-01-09 15:18 . 2013-01-09 15:18 0 ----a-w- c:\windows\system32\RENE2.tmp 2013-01-09 15:18 . 2013-01-09 15:18 0 ----a-w- c:\windows\system32\RENE1.tmp 2013-01-09 09:01 . 2013-01-09 15:55 -------- d-----w- c:\windows\LastGood 2013-01-08 14:55 . 2013-01-08 14:55 -------- d-----w- C:\_OTL 2013-01-07 22:08 . 2013-01-07 22:08 -------- d-----w- c:\documents and settings\Cris\Application Data\Malwarebytes 2013-01-07 18:04 . 2013-01-07 18:05 -------- d-----w- c:\documents and settings\Administrator 2013-01-07 17:27 . 2013-01-07 17:27 -------- d-----w- c:\documents and settings\Cris\Local Settings\Application Data\Max Secure Software 2013-01-06 16:09 . 2013-01-06 16:09 -------- d-----w- c:\windows\system32\Debug 2013-01-06 13:31 . 2013-01-06 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-06 13:31 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:24 . 2013-01-06 13:24 -------- d-----w- c:\program files\Google 2013-01-05 21:48 . 2013-01-05 21:48 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-05 19:48 . 2013-01-05 19:48 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes 2013-01-05 19:36 . 2013-01-05 19:36 -------- d-sh--w- c:\documents and settings\Conner\IECompatCache 2013-01-05 17:44 . 2013-01-05 17:44 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes 2013-01-05 17:44 . 2013-01-05 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-05 17:10 . 2013-01-05 17:24 -------- d-----w- c:\documents and settings\Home\Application Data\Nico Mak Computing 2013-01-05 17:10 . 2012-02-08 15:29 17224 ----a-w- c:\windows\system32\roboot.exe 2013-01-04 20:29 . 2013-01-05 22:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-01-04 20:29 . 2013-01-05 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2013-01-03 13:23 . 2013-01-03 13:23 143360 --sha-r- c:\windows\system32\h323msp3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 17:00 . 2012-04-27 22:27 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 17:00 . 2011-10-25 09:21 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-11 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-11 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2004-08-11 23:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\documents and settings\Home\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2000478354-1708537768-1801674531-1132\Scripts\Logon\0\0] "Script"=\\HAWAinc.com\SysVol\HAWAinc.com\scripts\Logon.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] 2004-11-11 16:26 26112 ----a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2007-03-19 15:54 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-03-19 15:54 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Cris\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - JAVAQUICKSTARTERSERVICE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 17:00] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 13:24] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 13:24] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597500394-3868431695-1891137809-1009Core.job - c:\documents and settings\Cris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 00:12] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597500394-3868431695-1891137809-1009UA.job - c:\documents and settings\Cris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 00:12] . 2006-02-17 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 09:42] . 2013-01-09 c:\windows\Tasks\smqmwxn.job - c:\windows\system32\h323msp3.dll [2013-01-03 13:23] . 2013-01-09 c:\windows\Tasks\User_Feed_Synchronization-{A26D3008-BDF6-4225-916F-EC010B115A23}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en uInternet Connection Wizard,ShellNext = iexplore IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 192.168.1.1 DPF: {773373E5-DD6A-40EB-9ED3-B16FB47F316A} - hxxp://prolog.gilbaneco.com/pw/FileMgt.CAB . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-09 15:20 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2064) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-01-09 15:23:23 ComboFix-quarantined-files.txt 2013-01-09 20:23 ComboFix2.txt 2013-01-09 03:15 ComboFix3.txt 2013-01-07 18:52 . Pre-Run: 119,835,226,112 bytes free Post-Run: 120,058,634,240 bytes free . - - End Of File - - 6F2AF00398D05C7A6E9BE55E82B64172
  6. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Cris :: C3000-08 [administrator] 1/9/2013 10:29:49 AM mbam-log-2013-01-09 (10-29-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 410250 Time elapsed: 23 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) For the ESET Scanner: C:\Documents and Settings\Conner\Local Settings\Temp\tmp915.tmp.exe Win32/Toolbar.Zugo application C:\Documents and Settings\Conner\Local Settings\Temp\is1438683437\dealply.exe a variant of Win32/DealPly.A application C:\Documents and Settings\Conner\Local Settings\Temp\is1438683437\MyBabylonTB.exe Win32/Toolbar.Babylon application C:\Documents and Settings\Conner\Local Settings\Temp\nsj9A4.tmp\OCSetupHlp.dll Win32/OpenCandy application C:\Documents and Settings\Conner\My Documents\Downloads\ArcadeWebSetup (1).exe a variant of Win32/Adware.Gamevance.CF application C:\Documents and Settings\Conner\My Documents\Downloads\ArcadeWebSetup.exe a variant of Win32/Adware.Gamevance.CF application C:\Documents and Settings\Conner\My Documents\Downloads\digitaldj.exe a variant of Win32/InstallIQ application C:\Documents and Settings\Conner\My Documents\Downloads\DJSoftwareInstaller.exe Win32/FreeInstaller application C:\Documents and Settings\Conner\My Documents\Downloads\flstudio_10.0.9c.exe Win32/OpenCandy application C:\Documents and Settings\Conner\My Documents\Downloads\GameHouse-Installer_am-plantsvszombiestm_gamehouse_.exe Win32/OpenCandy application C:\Documents and Settings\Conner\My Documents\Downloads\s-w-a-t-assault-2.exe a variant of Win32/InstallCore.AL application C:\Documents and Settings\Cris\My Documents\Downloads\winzip155.exe Win32/OpenCandy application C:\Documents and Settings\Kyle 2\My Documents\Downloads\winzip155.exe Win32/OpenCandy application C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0004147.exe a variant of Win32/MaxPCsecure application
  7. It appears we are no longer getting redirects! Here's the log: ComboFix 13-01-08.01 - Cris 01/08/2013 22:05:51.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1513 [GMT -5:00] Running from: c:\documents and settings\Cris\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cris\Desktop\CFScript.txt AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . FILE :: "c:\windows\system32\h323msp3.dll" "c:\windows\Tasks\smqmwxn.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Cris\Application Data\GetRightToGo c:\documents and settings\Cris\Application Data\GetRightToGo\Download_MaxDownloadMgrtrial.data . . ((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 ))))))))))))))))))))))))))))))) . . 2013-01-08 14:55 . 2013-01-08 14:55 -------- d-----w- C:\_OTL 2013-01-07 22:08 . 2013-01-07 22:08 -------- d-----w- c:\documents and settings\Cris\Application Data\Malwarebytes 2013-01-07 18:04 . 2013-01-07 18:05 -------- d-----w- c:\documents and settings\Administrator 2013-01-07 17:27 . 2013-01-07 17:27 -------- d-----w- c:\documents and settings\Cris\Local Settings\Application Data\Max Secure Software 2013-01-06 16:09 . 2013-01-06 16:09 -------- d-----w- c:\windows\system32\Debug 2013-01-06 13:31 . 2013-01-06 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-06 13:31 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:24 . 2013-01-06 13:24 -------- d-----w- c:\program files\Google 2013-01-05 21:48 . 2013-01-05 21:48 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-05 19:48 . 2013-01-05 19:48 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes 2013-01-05 19:36 . 2013-01-05 19:36 -------- d-sh--w- c:\documents and settings\Conner\IECompatCache 2013-01-05 17:44 . 2013-01-05 17:44 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes 2013-01-05 17:44 . 2013-01-05 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-05 17:10 . 2013-01-05 17:24 -------- d-----w- c:\documents and settings\Home\Application Data\Nico Mak Computing 2013-01-05 17:10 . 2012-02-08 15:29 17224 ----a-w- c:\windows\system32\roboot.exe 2013-01-04 20:29 . 2013-01-05 22:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-01-04 20:29 . 2013-01-05 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2013-01-03 13:23 . 2013-01-03 13:23 143360 --sha-r- c:\windows\system32\h323msp3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2004-08-11 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 15:00 . 2012-04-27 22:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 15:00 . 2011-10-25 09:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25 . 2004-08-11 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2004-08-11 23:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . c:\documents and settings\Home\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2000478354-1708537768-1801674531-1132\Scripts\Logon\0\0] "Script"=\\HAWAinc.com\SysVol\HAWAinc.com\scripts\Logon.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] 2004-11-11 16:26 26112 ----a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2007-03-19 15:54 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-03-19 15:54 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Cris\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 15:00] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 13:24] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 13:24] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597500394-3868431695-1891137809-1009Core.job - c:\documents and settings\Cris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 00:12] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597500394-3868431695-1891137809-1009UA.job - c:\documents and settings\Cris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 00:12] . 2006-02-17 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 09:42] . 2013-01-08 c:\windows\Tasks\smqmwxn.job - c:\windows\system32\h323msp3.dll [2013-01-03 13:23] . 2013-01-09 c:\windows\Tasks\User_Feed_Synchronization-{A26D3008-BDF6-4225-916F-EC010B115A23}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en uInternet Connection Wizard,ShellNext = iexplore IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 192.168.1.1 DPF: {773373E5-DD6A-40EB-9ED3-B16FB47F316A} - hxxp://prolog.gilbaneco.com/pw/FileMgt.CAB . - - - - ORPHANS REMOVED - - - - . WebBrowser-{311B58DC-A4DC-4B04-B1B5-60299AD3D803} - (no file) SafeBoot-79611441.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-08 22:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-01-08 22:15:13 ComboFix-quarantined-files.txt 2013-01-09 03:15 ComboFix2.txt 2013-01-07 18:52 . Pre-Run: 119,536,754,688 bytes free Post-Run: 120,379,699,200 bytes free . - - End Of File - - 9693BA716A8946934F5B68805473BCB6
  8. https://www.virustotal.com/file/40d8f8ee311c0d698af6a3c5ba3f938d359f165fda69b025a0b451e9574d6dbe/analysis/1357690941/
  9. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Cris at 18:29:01 on 2013-01-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1548 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: *Disabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig/dell?hl=en uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en uInternet Connection Wizard,ShellNext = iexplore BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: WeatherBarObj Class: {CE7C3CF0-4B15-11D1-ABED-809549C14812} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime uRun: [Google Update] "c:\documents and settings\cris\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: disablecad = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262119077494 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357422198281 DPF: {773373E5-DD6A-40EB-9ED3-B16FB47F316A} - hxxp://prolog.gilbaneco.com/pw/FileMgt.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{A19E7298-45C7-4FC6-A30D-EA2D61EA81A6} : DHCPNameServer = 192.168.10.18 65.24.0.168 65.24.0.169 TCP: Interfaces\{BF525652-382D-4822-AE47-FBACC27C349C} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1" . =============== Created Last 30 ================ . 2013-01-08 14:55:29 -------- d-----w- C:\_OTL 2013-01-07 22:08:35 -------- d-----w- c:\documents and settings\cris\application data\Malwarebytes 2013-01-07 18:36:47 -------- d-sha-r- C:\cmdcons 2013-01-07 18:28:41 98816 ----a-w- c:\windows\sed.exe 2013-01-07 18:28:41 256000 ----a-w- c:\windows\PEV.exe 2013-01-07 18:28:41 208896 ----a-w- c:\windows\MBR.exe 2013-01-07 17:27:01 -------- d-----w- c:\documents and settings\cris\local settings\application data\Max Secure Software 2013-01-07 16:43:56 -------- d-----w- c:\documents and settings\cris\application data\GetRightToGo 2013-01-06 16:09:40 -------- d-----w- c:\windows\system32\Debug 2013-01-06 13:31:45 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:31:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 21:48:34 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-05 17:44:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-01-05 17:10:16 17224 ----a-w- c:\windows\system32\roboot.exe 2013-01-04 20:29:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-01-04 20:29:30 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2013-01-03 13:23:41 143360 --sha-r- c:\windows\system32\h323msp3.dll . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 15:00:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 15:00:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 18:30:12.87 =============== atttach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/17/2006 8:32:20 AM System Uptime: 1/8/2013 9:56:06 AM (9 hours ago) . Motherboard: Dell Inc. | | 0YC523 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 145 GiB total, 111.357 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver Device ID: PCI\VEN_1737&DEV_1032&SUBSYS_00241737&REV_10\4&5855BE9&0&20F0 Manufacturer: Linksys, A Division of Cisco Systems, Inc Name: Linksys EG1032 v3 Instant Gigabit Desktop Network Adapter Driver PNP Device ID: PCI\VEN_1737&DEV_1032&SUBSYS_00241737&REV_10\4&5855BE9&0&20F0 Service: RTL8023xp . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet 6500 E709a Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 6500 E709a PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP1: 1/4/2013 10:12:18 AM - System Checkpoint RP2: 1/4/2013 1:34:23 PM - Software Distribution Service 3.0 RP3: 1/5/2013 12:14:49 PM - WinZip Registry Optimizer Sat, Jan 05, 13 12:14 RP4: 1/5/2013 4:56:52 PM - Removed WinZip 15.5 RP5: 1/5/2013 4:57:51 PM - Removed WinZip Courier RP6: 1/6/2013 11:09:37 AM - Removed CA eTrustITM Agent RP7: 1/6/2013 11:10:30 AM - Removed CA iTechnology iGateway RP8: 1/7/2013 11:15:20 AM - System Checkpoint RP9: 1/8/2013 12:00:15 PM - System Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 6500_E709_eDocs 6500_E709_Help 6500_E709a Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 ATI Control Panel ATI Display Driver Autodesk Architectural 2005 Object Enabler Autodesk Design Review 2010 bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Bullzip PDF Printer 8.2.0.1406 Compatibility Pack for the 2007 Office system Coupon Printer for Windows Critical Update for Windows Media Player 11 (KB959772) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Driver Reset Tool Dell Resource CD Dell System Restore Destinations DeviceDiscovery Digital Content Portal DocMgr DocProc DWG TrueView 2010 Fax Foxit Reader 5.1 Google Chrome Google Update Helper GPBaseService2 HD View Hewlett-Packard ACLM.NET v1.1.0.0 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Customer Participation Program 14.0 HP Document Manager 2.0 HP Imaging Device Functions 14.0 HP Officejet 6500 E709 Series HP Product Detection HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPProductAssistant HPSSupply Intel Matrix Storage Manager Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections Java Auto Updater Java 6 Update 30 Macromedia Flash Player Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio Viewer 2003 (English) Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) Network OCR Software by I.R.I.S. 14.0 OGA Notifier 2.0.0048.0 Pdf995 PdfEdit995 ProductContext QuickTime RealPlayer RuneScape Launcher 1.0.4 RxViewXR8 Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies SigmaTel Audio Skype™ 5.5 SmartWebPrinting SolutionCenter Spelling Dictionaries Support For Adobe Reader 8 Status swMSM Toolbox TrayApp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VBA (2627.01) WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Management Framework Core Windows Media Connect Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 XML Paper Specification Shared Components Pack 1.0 Xvid Video Codec . ==== Event Viewer Messages From Past Week ======== . 1/7/2013 2:39:26 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '33450153.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 1/7/2013 12:38:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Cinemsup Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 1/7/2013 12:38:32 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 1/7/2013 12:38:32 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/7/2013 12:38:32 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/7/2013 12:38:32 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 1/7/2013 12:37:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 1/7/2013 1:34:00 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 1/5/2013 2:24:49 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user C3000-08\Conner SID (S-1-5-21-3597500394-3868431695-1891137809-1012). This security permission can be modified using the Component Services administrative tool. 1/5/2013 12:34:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cinemsup Fips intelppm MpFilter 1/5/2013 12:34:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/4/2013 10:09:55 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. 1/2/2013 3:05:09 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00137208ADF0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File ===========================
  10. tdsskiller (Log is too long to post) aswMBR aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-07 16:48:49 ----------------------------- 16:48:49.640 OS Version: Windows 5.1.2600 Service Pack 3 16:48:49.640 Number of processors: 2 586 0x403 16:48:49.640 ComputerName: C3000-08 UserName: Cris 16:48:49.656 Initialze error C0000061 - driver not loaded 16:50:28.906 AVAST engine defs: 13010700 16:50:41.312 Service scanning 16:50:41.843 Modules scanning 16:50:41.843 Disk 0 trace - called modules: 16:50:41.843 16:50:41.843 AVAST engine scan C:\WINDOWS 16:50:41.859 AVAST engine scan C:\WINDOWS\system32 16:50:41.859 AVAST engine scan C:\WINDOWS\system32\drivers 16:50:41.859 AVAST engine scan C:\Documents and Settings\Cris 16:50:41.859 AVAST engine scan C:\Documents and Settings\All Users 16:50:41.875 Scan finished successfully 16:50:56.109 The log file has been saved successfully to "C:\Documents and Settings\Cris\Desktop\aswMBR.txt" Malwarebytes Anti-Malware Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Cris :: C3000-08 [limited] 1/7/2013 5:09:19 PM mbam-log-2013-01-07 (17-09-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228160 Time elapsed: 4 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. Thank you Jeff! Here are the logs as requested. adwcleaner # AdwCleaner v2.104 - Logfile created 01/07/2013 at 13:15:50 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - C3000-08 # Boot Mode : Normal # Running from : C:\Documents and Settings\Cris\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\WINDOWS\Tasks\DealPlyUpdate.job Folder Deleted : C:\Documents and Settings\Conner\Local Settings\Application Data\AskToolbar ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [2060 octets] - [07/01/2013 13:15:50] ########## EOF - C:\AdwCleaner[s1].txt - [2120 octets] ########## RogueKiller RogueKiller V8.4.2 [Jan 6 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Cris [Restricted rights] Mode : Scan -- Date : 01/07/2013 13:20:52 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HOSTS] HKLM\[...]\Parameters : DataBasePath () -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ Finished : << RKreport[1]_S_01072013_02d1320.txt >> RKreport[1]_S_01072013_02d1320.txt ComboFix ComboFix 13-01-06.01 - Administrator 01/07/2013 13:40:35.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1585 [GMT -5:00] Running from: c:\documents and settings\Cris\Desktop\ComboFix.exe AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt c:\windows\system32\SET1B95.tmp c:\windows\system32\SET1B97.tmp c:\windows\system32\SET1BA5.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 ))))))))))))))))))))))))))))))) . . 2013-01-07 18:04 . 2013-01-07 18:05 -------- d-----w- c:\documents and settings\Administrator 2013-01-07 17:27 . 2013-01-07 17:27 -------- d-----w- c:\documents and settings\Cris\Local Settings\Application Data\Max Secure Software 2013-01-07 16:43 . 2013-01-07 16:44 -------- d-----w- c:\documents and settings\Cris\Application Data\GetRightToGo 2013-01-06 16:09 . 2013-01-06 16:09 -------- d-----w- c:\windows\system32\Debug 2013-01-06 13:31 . 2013-01-06 13:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-06 13:31 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:24 . 2013-01-06 13:24 -------- d-----w- c:\program files\Google 2013-01-05 21:48 . 2013-01-05 21:48 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-05 19:48 . 2013-01-05 19:48 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes 2013-01-05 19:36 . 2013-01-05 19:36 -------- d-sh--w- c:\documents and settings\Conner\IECompatCache 2013-01-05 17:44 . 2013-01-05 17:44 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes 2013-01-05 17:44 . 2013-01-05 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-05 17:10 . 2013-01-05 17:24 -------- d-----w- c:\documents and settings\Home\Application Data\Nico Mak Computing 2013-01-05 17:10 . 2012-02-08 15:29 17224 ----a-w- c:\windows\system32\roboot.exe 2013-01-04 20:29 . 2013-01-05 22:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-01-04 20:29 . 2013-01-05 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2013-01-03 13:23 . 2013-01-03 13:23 143360 --sha-r- c:\windows\system32\h323msp3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2004-08-11 23:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 15:00 . 2012-04-27 22:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 15:00 . 2011-10-25 09:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25 . 2004-08-11 23:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2004-08-11 23:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . c:\documents and settings\Home\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2000478354-1708537768-1801674531-1132\Scripts\Logon\0\0] "Script"=\\HAWAinc.com\SysVol\HAWAinc.com\scripts\Logon.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 09:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] 2004-11-11 16:26 26112 ----a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2007-03-19 15:54 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-03-19 15:54 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Cris\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 15:00] . 2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 13:24] . 2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 13:24] . 2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597500394-3868431695-1891137809-1009Core.job - c:\documents and settings\Cris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 00:12] . 2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597500394-3868431695-1891137809-1009UA.job - c:\documents and settings\Cris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-11 00:12] . 2006-02-17 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 09:42] . 2013-01-07 c:\windows\Tasks\smqmwxn.job - c:\windows\system32\h323msp3.dll [2013-01-03 13:23] . 2013-01-07 c:\windows\Tasks\User_Feed_Synchronization-{A26D3008-BDF6-4225-916F-EC010B115A23}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 192.168.1.1 DPF: {773373E5-DD6A-40EB-9ED3-B16FB47F316A} - hxxp://prolog.gilbaneco.com/pw/FileMgt.CAB . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe MSConfigStartUp-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe MSConfigStartUp-iwvwccos - c:\documents and settings\JRL\Local Settings\Application Data\hseena\rjddsysguard.exe MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-07 13:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-01-07 13:52:56 ComboFix-quarantined-files.txt 2013-01-07 18:52 . Pre-Run: 118,120,218,624 bytes free Post-Run: 119,689,375,744 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - EA123E0D86931A51EB1CFBA7B519224A
  12. Hi Gringo, We have been having what seems to be a very similar problem recently on our computer. Redirects to the same ad websites as mentioned earlier in a thread by haysee5. I have been following your responses in order but still no luck. I have run SecurityCheck, adwcleaner, RogueKiller, ComboFix, tdsskiller, aswMBR, OTL, Malwarebytes Anti-Malware, and HijackThis, and saved all the logs from each program. Do you think you might be able to help us? Thank you, Doug
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.