Jump to content

Podger

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey Gringo, one last thing. There is a folder on my desktop that was created by one of the programs (I think CCleaner) called "backups". Should I keep that folder or delete it? Thanks.
  2. Thank you so much for your help. My computer is running great! I only have one final concern. I use the audio buttons on my keyboard to control the volume on my speakers and there are usually virtual bars that show up on the screen that show the volume going up and down. At some point those virtual bars disappeared. It was either after to combo-fix or the hijack this. Not sure. Any ideas? Thanks again.
  3. Okay, here is the report from running the Eset Scan today: C:\hp\bin\wbug\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application D:\I386\APPS\APP02017\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application D:\I386\APPS\APP02017\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application
  4. I ran the Eset online scanner last night as I was leaving work. I figured when I got in in the morning it would be open still with the information from the scan. It wasn't. There were no programs open at all. Not sure what to do, so I'm running the scan again right now. I'm just not sure what the results were from last night's scan.
  5. Here is the hijack this log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:33:03 PM, on 9/5/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\system32\wltray.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Configura CET Designer\cm2\bin\CETService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\hasplms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\internet explorer\iexplore.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdMgr.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://*.trymedia.com (HKLM) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CETService - Configura Sverige AB - C:\Program Files\Configura CET Designer\cm2\bin\CETService.exe O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 14753 bytes
  6. Okay, I have done all of those steps. Here is the log from MBAM. The hijack this log will follow. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.05.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 HP_Administrator :: YOUR-4DACD0EA75 [administrator] 9/5/2013 4:20:48 PM mbam-log-2013-09-05 (16-20-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 257776 Time elapsed: 7 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. Here is the report: 32 Bit HP CIO Components Installer 8500A909_eDocs 8500A909_Help 8500A909a Adobe Acrobat 9 Standard Adobe Acrobat 9.5.2 - CPSID_83708 Adobe Flash Player 11 ActiveX Adobe Reader 7.0.5 Apple Application Support Apple Mobile Device Support Apple Software Update AutoUpdate BlackBerry Desktop Software 4.5 Bonjour Borroughs Configura version 5.52 BPD_DSWizards bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Canon i960 CET Designer CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig CueTour Customer Experience Enhancement Data Fax SoftModem with SmartCP Destination Component DeviceDiscovery DISCover DivX DocMgr DocProc Dynex Wireless G USB Network Adapter Setup Easy Internet Sign-up Enhanced Multimedia Keyboard Solution Fax FAXCreator FaxSender FullDPAppQFolder GemMaster Mystic Google Chrome Google SketchUp 7 Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.4.0.1082 GPBaseService2 High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 10 (KB910393) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Boot Optimizer HP Customer Participation Program 12.0 HP DigitalMedia Archive HP Document Manager 2.0 HP Driver Diagnostics HP DVD Play 2.1 HP Imaging Device Functions 12.0 HP Photosmart for Media Center PC HP Photosmart Premier Software 6.5 HP Smart Web Printing HP Solution Center 12.0 HP Update HP Web Helper HPPhotoSmartExpress HPProductAssistant HpSdpAppCoreApp HPSSupply InstantShareAlert InstantShareDevices Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Intel® PRO Network Connections Drivers Intel® Quick Resume Technology Drivers Intel® Viiv™ Software iSqFt Full Viewer V4.01 iTunes J2SE Runtime Environment 5.0 Update 6 LightScribe 1.4.105.1 Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 1.0 Security Update (KB2742607) Microsoft .NET Framework 1.0 Security Update (KB2833951) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Money 2006 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works MPM MSVCSetup MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) muvee autoProducer 5.0 muvee autoProducer unPlugged 2.0 My HP Games Netscape Browser (remove only) Network OCR Software by I.R.I.S. 12.0 Officejet Pro 8500 A909 Series OptionalContentQFolder Otto PC-Doctor 5 for Windows Pdf995 PhotoGallery ProductContext Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quicken 2006 QuickTime RandMap RealPlayer Realtek High Definition Audio Driver Rhapsody Roxio Media Manager Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834905-v2) Security Update for Windows Media Player (KB2834905) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Shop for HP Supplies SkinsHP1 SlideShow SlideShowMusic SmartWebPrinting Smead Smartstrip SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Status Toolbox TrayApp Unload UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2345886) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) WebFldrs XP WebReg WildTangent Web Driver Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Media Format Runtime Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB912067 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 Yahoo! Toolbar Yahoo! Toolbar for Internet Explorer
  8. Okay, Just followed the new instructions and here is the log: ComboFix 13-09-02.02 - HP_Administrator 09/03/2013 11:59:48.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1328 [GMT -6:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt.txt . . ((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 ))))))))))))))))))))))))))))))) . . 2013-08-27 09:02 . 2013-08-27 09:06 -------- d-----w- c:\windows\system32\MRT 2013-08-12 20:07 . 2013-08-12 20:07 -------- d-----w- C:\spoolerlogs 2013-08-09 22:34 . 2013-08-09 22:34 407 ----a-w- c:\windows\system32\drivers\etc\networks.dat 2013-08-09 22:34 . 2013-08-09 22:34 17463 ----a-w- c:\windows\system32\drivers\etc\services.dat 2013-08-09 22:34 . 2013-08-09 22:34 1358 ----a-w- c:\windows\system32\drivers\etc\protocol.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-21 14:29 . 2012-04-05 19:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-21 14:29 . 2011-09-14 17:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-31 23:20 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wmvdmod.dll 2013-07-26 02:47 . 2004-08-10 04:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-07-26 02:47 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-26 02:47 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-07-25 15:52 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec 2013-07-10 10:37 . 2004-08-10 04:00 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03 . 2004-08-10 11:00 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08 . 2004-08-10 11:00 2028544 ------w- c:\windows\system32\ntkrnlpa.exe 2001-12-03 23:09 . 2010-04-07 22:37 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-17 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-06-23 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-21 274608] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe -t [2009-8-26 1458176] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe -startup [2006-9-20 36903] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= . R2 CETService;CETService;c:\program files\Configura CET Designer\cm2\bin\CETService.exe [11/11/2011 4:18 PM 404936] R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [8/26/2009 11:40 AM 198528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-30 11:39 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:29] . 2013-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 22:03] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 22:03] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www Trusted Zone: trymedia.com TCP: DhcpNameServer = 192.168.0.1 8.8.4.4 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-03 12:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(800) c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(6012) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2013-09-03 12:08:31 ComboFix-quarantined-files.txt 2013-09-03 18:08 ComboFix2.txt 2013-09-03 16:56 . Pre-Run: 107,045,478,400 bytes free Post-Run: 107,113,717,760 bytes free . - - End Of File - - 447CEA7A83306ABCAC3903B4609F612B D11C727E03BB7318DCDA069B06E652F0
  9. Hello Gringo, I ran the combo-fix. There were really no problems in running the scan. Computer seems to be working well. Below is the log: ComboFix 13-09-02.02 - HP_Administrator 09/03/2013 10:38:31.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1514 [GMT -6:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\Administrator\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\HP_Administrator\g2mdlhlpx.exe c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\WINDOWS c:\hp\bin\cloaker.exe c:\windows\iun6002.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\wininit.ini D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 ))))))))))))))))))))))))))))))) . . 2013-08-27 09:02 . 2013-08-27 09:06 -------- d-----w- c:\windows\system32\MRT 2013-08-12 20:07 . 2013-08-12 20:07 -------- d-----w- C:\spoolerlogs 2013-08-09 22:34 . 2013-08-09 22:34 407 ----a-w- c:\windows\system32\drivers\etc\networks.dat 2013-08-09 22:34 . 2013-08-09 22:34 17463 ----a-w- c:\windows\system32\drivers\etc\services.dat 2013-08-09 22:34 . 2013-08-09 22:34 1358 ----a-w- c:\windows\system32\drivers\etc\protocol.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-21 14:29 . 2012-04-05 19:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-21 14:29 . 2011-09-14 17:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-31 23:20 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wmvdmod.dll 2013-07-26 02:47 . 2004-08-10 04:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-07-26 02:47 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-26 02:47 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-07-25 15:52 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec 2013-07-10 10:37 . 2004-08-10 04:00 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03 . 2004-08-10 11:00 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08 . 2004-08-10 11:00 2028544 ------w- c:\windows\system32\ntkrnlpa.exe 2001-12-03 23:09 . 2010-04-07 22:37 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-17 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-06-23 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-21 274608] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe -t [2009-8-26 1458176] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe -startup [2006-9-20 36903] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= . R2 CETService;CETService;c:\program files\Configura CET Designer\cm2\bin\CETService.exe [11/11/2011 4:18 PM 404936] R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [8/26/2009 11:40 AM 198528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-30 11:39 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:29] . 2013-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 22:03] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-17 22:03] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: isqft.com\www Trusted Zone: isqft.com\www Trusted Zone: trymedia.com TCP: DhcpNameServer = 192.168.0.1 8.8.4.4 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file) HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe HKLM-Run-RTHDCPL - RTHDCPL.EXE HKLM-Run-PCDrProfiler - (no file) c:\documents and settings\Default User\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat c:\documents and settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk - c:\hp\bin\cloaker.exe c:\hp\bin\PinMcLnkToStart.bat AddRemove-Install WeatherBug - c:\hp\bin\cloaker.exe AddRemove-OfficeTrial - c:\hp\bin\cloaker.exe AddRemove-Penco_Pricing_3.0 - c:\windows\iun6002.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-03 10:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(800) c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(3244) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\wltrysvc.exe c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\hasplms.exe c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe c:\program files\Updates from HP\9972322\Program\Updates from HP.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\wdfmgr.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\windows\eHome\ehmsas.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\windows\system32\msiexec.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2013-09-03 10:56:53 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-03 16:56 . Pre-Run: 103,750,750,208 bytes free Post-Run: 107,117,015,040 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 9D4F1A8B6707FA87895BD88E47B7614F D11C727E03BB7318DCDA069B06E652F0
  10. Hello, Sorry I am just getting back to you. For some reason a notification was never sent to my email telling me you had replied. I will run combo-fixon Tuesday September 3rd and report back to you as soon as possible. Thank you for your help.
  11. Okay, first is the system log and next is the mbar log. Let me know if you need something else. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.866000 GHz Memory total: 2137399296, free: 1180196864 Downloaded database version: v2013.08.26.06 Downloaded database version: v2013.08.06.01 ======================================= Initializing... ------------ Kernel report ------------ 08/26/2013 15:27:42 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS viaide.sys intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys iastor.sys atapi.sys ftsata2.sys \WINDOWS\system32\DRIVERS\SCSIPORT.SYS disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys bb-run.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\ELacpi.sys \SystemRoot\system32\DRIVERS\igxpmp32.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\e1e5132.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\HSXHWBS2.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\HSX_DP.sys \SystemRoot\system32\DRIVERS\HSX_CNXT.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\PS2.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \??\C:\WINDOWS\System32\Drivers\Elkbd.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\RimSerial.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \??\C:\WINDOWS\System32\Drivers\Elmon.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\WINDOWS\System32\Drivers\Elmou.sys \??\C:\WINDOWS\System32\Drivers\Elhid.sys \??\C:\WINDOWS\System32\Drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\igxpgd32.dll \SystemRoot\System32\igxprd32.dll \SystemRoot\System32\igxpdv32.DLL \SystemRoot\System32\igxpdx32.DLL \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\DRIVERS\aksfridge.sys \??\C:\WINDOWS\system32\drivers\hardlock.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR6 Upper Device Object: 0xffffffff8982f920 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xffffffff89723030 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR5 Upper Device Object: 0xffffffff899293a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xffffffff89593230 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff8984aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff89657268 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff897cc920 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xffffffff896339f8 Lower Device Driver Name: \Driver\usbstor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a8567d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff8a854030 Lower Device Driver Name: \Driver\iaStor\ IRP handler 15 of \Driver\iaStor is hooked Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk4\DR6 Upper Device Object: 0xffffffff8982f920 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xffffffff89723030 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR5 Upper Device Object: 0xffffffff899293a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xffffffff89593230 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff8984aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff89657268 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff897cc920 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xffffffff896339f8 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a8567d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff8a854030 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Initialization returned 0x0 Load Function returned 0x0 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a8567d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a8565a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a8567d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a854030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffe16bf878, 0xffffffff8a8567d0, 0xffffffff8995aab8 Lower DeviceData: 0xffffffffe4bee258, 0xffffffff8a854030, 0xffffffff89a02b58 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\acpi.sys Infected: C:\WINDOWS\SYSTEM32\drivers\acpi.sys --> [Rootkit.RLoader] Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: CAB10BEE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 470254617 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 470270745 Numsec = 18121320 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff897cc920, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff897ca448, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff897cc920, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff896339f8, DeviceName: \Device\00000079\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff8984aab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8983d1f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8984aab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89657268, DeviceName: \Device\0000007a\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff899293a0, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89892020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff899293a0, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89593230, DeviceName: \Device\0000007b\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff8982f920, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89835020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8982f920, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89723030, DeviceName: \Device\0000007c\, DriverName: \Driver\usbstor\ ------------ End ---------- Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C] Infected: C:\RECYCLER\S-1-5-18\$0fbf672b7af459277c3b0512a4a4ec9f --> [Trojan.Siredef.C] Infected: C:\RECYCLER\S-1-5-21-1205138098-2353596489-2923169117-1007\$0fbf672b7af459277c3b0512a4a4ec9f --> [Trojan.Siredef.C] Scan finished Creating System Restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.866000 GHz Memory total: 2137399296, free: 1711005696 ======================================= Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.08.26.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 HP_Administrator :: YOUR-4DACD0EA75 [administrator] 8/26/2013 3:27:51 PM mbar-log-2013-08-26 (15-27-51).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 283702 Time elapsed: 45 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\RECYCLER\S-1-5-18\$0fbf672b7af459277c3b0512a4a4ec9f (Trojan.Siredef.C) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1205138098-2353596489-2923169117-1007\$0fbf672b7af459277c3b0512a4a4ec9f (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 1 C:\WINDOWS\SYSTEM32\drivers\acpi.sys (Rootkit.RLoader) -> Replace on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end)
  12. Hello Gringo, I actually ran Malwarebytes Anti-Rootkit last night after posting this and it found 2 cases of malware. I had it remove them, rebooted, and I am now able to use google and yahoo again. Was this a mistake? I have been getting a strange Microsoft error report since doing so. I would be happy to send you any logs if you would like to take a look at anything further. Thank you for your help.
  13. Hello, I am recently unable to use either the google or yahoo search engine. Some research on another machine tells me this is malware of some sort, but I did a quick scan with my malwarebytes software and nothing came up. It seems mildly familiar to the google redirect virus, but it's not redirecting me. I just can't even get www.google.com to pull up at all on my PC. The google search function in my toolbar won't work either. I am able to get to www.yahoo.com, but once I'm there am unable to perform a search. It just sits there and looks like it's trying to load forever and then a page come up that says "unable to display web page" or something like that. How can I fix this? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.