Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93078 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Jeffce - 2003 HP with Xp needs help [Solved]


  • This topic is locked This topic is locked
43 replies to this topic

#1 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 07 April 2014 - 06:14 PM

Hi Jeff!

 

I got all the updates I can possibly get on this 2003 HP with XP.  It has SP3 and IE8. This machine is not going to be on the internet after april 8th, and does not have an anti-virus program.  So I'm concerned about it having malaware, trojans and viruses on board.  do you have the time to help me with checking this machine out to make sure it's as safe as we can get it?

 

Also need some advice on XP and IE8 after april 8th.  I hear I have to disable or delete IE8.  I do have google chrome installed and I have firefox installed.

 

Any help will be appreciated!!!

 

Dar


Edited by peachy_dar, 07 April 2014 - 06:17 PM.

Darlene

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 April 2014 - 06:54 PM

Hi there.   :)
 
Let's get a look....I won't bore you with the normal intro.  I know you know what to do.  
--------------
 
Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


  • peachy_dar likes this
Posted Image
 
 

#3 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 07 April 2014 - 07:08 PM

Good Evening Jeff!!

 

Thanks for the speedy reply!!  It's 9 pm here in the Burgh and I had already shut down the HP, so I will follow thru with your set of instructions tomorrow evening after work an dinner!

 

thanks so much for your help!!  Cya tomorrow night with logs!

 

Dar


Darlene

#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 April 2014 - 12:04 PM

:thumbup:


Posted Image
 
 

#5 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 08 April 2014 - 04:08 PM

Jeff = here is one:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 18:05:23 on 2014-04-08
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.247.28 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Program Files\iSafe\iSafeSvc.exe
C:\Program Files\iSafe\iSafeSvc2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iSafe\iSafeTray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SoftPlanet Software Assistant\spassist.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://srch-us7.hpwis.com/
uSearch Page = hxxp://srch-us7.hpwis.com/
uDefault_Page_URL = hxxp://www.bing.com
uDefault_Search_URL = hxxp://srch-us7.hpwis.com/
mStart Page = hxxp://www.bing.com
mSearch Bar = hxxp://srch-us7.hpwis.com/
mDefault_Page_URL = hxxp://www.bing.com
uProxyOverride = 127.0.0.1
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: hp toolkit: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\hp\explorebar\HPTOOLKT.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: hp toolkit: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - c:\windows\system32\shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [LTMSG] LTMSG.exe 7
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1395508816421
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1395507478375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1395508714671
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{DC55BC3D-69D2-4548-8B78-FA5ECF5D4B22} : DHCPNameServer = 192.168.1.1 71.252.0.12
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\6nnb107u.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 iSafeNetFilter;iSafeNetFilter;c:\program files\isafe\iSafeNetFilter.sys [2014-3-29 54784]
R2 iSafeService;iSafeService;c:\program files\isafe\iSafeSvc.exe [2014-3-29 117928]
R3 iSafeKrnl;iSafeKrnl;c:\program files\isafe\iSafeKrnl.sys [2014-3-29 191488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2014-3-22 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-04-08 00:03:14    163840    ----a-w-    c:\windows\system32\igfxres.dll
2014-04-01 22:41:53    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-01 22:41:53    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-04-01 00:39:55    81768    ----a-w-    c:\windows\system32\xinput1_3.dll
2014-04-01 00:37:34    --------    d--h--w-    c:\windows\msdownld.tmp
2014-04-01 00:36:59    --------    d-----w-    c:\windows\Logs
2014-03-30 18:08:25    --------    d-----w-    c:\windows\pss
2014-03-30 15:08:47    438272    ----a-w-    c:\windows\system32\hpgmatk.dll
2014-03-30 15:08:31    --------    d-----w-    C:\sj588
2014-03-30 01:55:51    26368    -c--a-w-    c:\windows\system32\dllcache\usbstor.sys
2014-03-30 01:53:54    --------    d-----w-    c:\documents and settings\owner\application data\2BrightSparks
2014-03-30 01:53:01    --------    d-----w-    c:\documents and settings\owner\local settings\application data\2BrightSparks
2014-03-30 01:52:58    --------    d-----w-    c:\program files\2BrightSparks
2014-03-29 18:17:10    --------    d-----w-    c:\documents and settings\owner\application data\eCyber
2014-03-29 18:15:18    --------    d-----w-    c:\program files\iSafe
2014-03-29 18:15:17    --------    d-----w-    c:\documents and settings\owner\application data\iSafe
2014-03-29 18:02:01    --------    d-----w-    c:\program files\stinger
2014-03-29 17:43:29    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Adobe
2014-03-29 02:07:46    50648    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-29 02:07:46    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-29 02:07:46    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-03-27 23:09:46    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-27 23:09:19    --------    d-----w-    C:\4abe6078fc839d325f7ac9
2014-03-27 01:17:07    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Help
2014-03-27 01:12:03    --------    d-----w-    c:\program files\Hp
2014-03-27 00:34:55    6784    -c--a-w-    c:\windows\system32\dllcache\serscan.sys
2014-03-27 00:34:55    6784    ----a-w-    c:\windows\system32\drivers\serscan.sys
2014-03-27 00:34:54    71680    -c--a-w-    c:\windows\system32\dllcache\fnfilter.dll
2014-03-27 00:34:54    71680    ----a-w-    c:\windows\system32\fnfilter.dll
2014-03-27 00:34:54    37376    -c--a-w-    c:\windows\system32\dllcache\kousd.dll
2014-03-27 00:34:54    37376    ----a-w-    c:\windows\system32\kousd.dll
2014-03-27 00:28:46    17136    ----a-w-    c:\windows\system32\mucltui.dll.mui
2014-03-27 00:28:45    275696    ----a-w-    c:\windows\system32\mucltui.dll
2014-03-26 11:21:56    107736    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-26 00:41:21    --------    d-----w-    c:\documents and settings\all users\application data\Package Cache
2014-03-24 00:51:19    --------    d-----w-    c:\documents and settings\owner\application data\Windows Search
2014-03-24 00:37:36    --------    d-----w-    C:\342be214b1ada6a0c0f100caa4
2014-03-23 21:43:44    317440    -c----w-    c:\windows\system32\dllcache\mp4sdecd.dll
2014-03-23 21:40:33    --------    d-----w-    c:\documents and settings\owner\local settings\application data\PCHealth
2014-03-23 21:20:15    --------    d-----w-    c:\windows\system32\winrm
2014-03-23 21:20:06    --------    dc-h--w-    c:\windows\$968930Uinstall_KB968930$
2014-03-23 21:18:35    --------    d-----w-    c:\documents and settings\owner\application data\Windows Desktop Search
2014-03-23 21:16:38    --------    d-----w-    c:\program files\Windows Desktop Search
2014-03-23 21:16:37    --------    d-----w-    c:\windows\system32\GroupPolicy
2014-03-23 21:15:27    98304    -c----w-    c:\windows\system32\dllcache\nlhtml.dll
2014-03-23 21:15:27    29696    -c----w-    c:\windows\system32\dllcache\mimefilt.dll
2014-03-23 21:15:27    192000    -c----w-    c:\windows\system32\dllcache\offfilt.dll
2014-03-23 21:12:55    --------    d-----w-    c:\program files\Windows Media Connect 2
2014-03-23 21:02:41    6144    -c----w-    c:\windows\system32\dllcache\iecompat.dll
2014-03-23 20:04:06    --------    d-----w-    c:\windows\system32\XPSViewer
2014-03-23 20:03:10    89088    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-03-23 20:02:38    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-03-23 20:02:38    117760    ------w-    c:\windows\system32\prntvpt.dll
2014-03-23 20:02:37    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-03-23 20:02:37    597504    ------w-    c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-03-23 20:02:37    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2014-03-23 20:02:37    575488    ------w-    c:\windows\system32\xpsshhdr.dll
2014-03-23 20:02:36    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2014-03-23 20:02:36    1676288    ------w-    c:\windows\system32\xpssvcs.dll
2014-03-23 20:02:36    --------    d-----w-    C:\4b0e47c89508a58582748e49
2014-03-23 19:55:45    --------    d-----w-    C:\TempEI4
2014-03-23 19:52:46    1409    ----a-w-    c:\windows\system32\tmp11CA0.FOT
2014-03-23 19:52:36    1409    ----a-w-    c:\windows\system32\tmp25780.FOT
2014-03-23 18:25:26    --------    d-----w-    C:\sj646
2014-03-23 18:22:57    --------    d--h--w-    c:\windows\PIF
2014-03-23 17:23:36    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Google
2014-03-22 19:58:57    60160    -c--a-w-    c:\windows\system32\dllcache\drmk.sys
2014-03-22 19:58:57    60160    ----a-w-    c:\windows\system32\drivers\drmk.sys
2014-03-22 19:58:57    4096    -c--a-w-    c:\windows\system32\dllcache\ksuser.dll
2014-03-22 19:58:57    4096    ----a-w-    c:\windows\system32\ksuser.dll
2014-03-22 19:58:57    146048    -c--a-w-    c:\windows\system32\dllcache\portcls.sys
2014-03-22 19:58:57    146048    ----a-w-    c:\windows\system32\drivers\portcls.sys
2014-03-22 19:58:56    129536    ----a-w-    c:\windows\system32\ksproxy.ax
2014-03-22 18:53:21    --------    d-----w-    C:\i386
2014-03-22 18:42:34    --------    d---a-r-    C:\Program Files
2014-03-22 18:42:30    --------    d---a-r-    c:\documents and settings\all users\Documents
2014-03-22 18:42:04    --------    d---a-r-    c:\windows\Offline Web Pages
2014-03-22 18:40:34    --------    dcsha-r-    c:\windows\system32\dllcache
2014-03-22 18:01:20    8261    -c--a-w-    c:\windows\system32\dllcache\zoneoc.dll
2014-03-22 18:00:59    85504    ----a-w-    c:\program files\outlook express\wabimp.dll
2014-03-22 17:59:35    990208    ----a-w-    c:\windows\system32\syssetup.dll
2014-03-22 17:58:58    94208    ----a-w-    c:\windows\system32\odbcint.dll
2014-03-22 17:57:55    72704    ----a-w-    c:\windows\system32\admparse.dll
2014-03-22 17:53:06    --------    d-----w-    c:\windows\system32\SoftwareDistribution
2014-03-22 17:41:59    712704    ----a-w-    c:\windows\system32\windowscodecs.dll
2014-03-22 17:39:02    7168    -c--a-w-    c:\windows\system32\dllcache\asferror.dll
2014-03-22 17:38:59    99840    -c--a-w-    c:\windows\system32\dllcache\wmpshell.dll
2014-03-22 17:38:59    938496    -c--a-w-    c:\windows\system32\dllcache\WMNetmgr.dll
2014-03-22 17:38:59    8231936    -c--a-w-    c:\windows\system32\dllcache\wmploc.dll
2014-03-22 17:38:59    64000    -c--a-w-    c:\windows\system32\dllcache\wmplayer.exe
2014-03-22 17:38:59    4096    -c--a-w-    c:\windows\system32\dllcache\wmvdmod.dll
2014-03-22 17:38:59    4096    -c--a-w-    c:\windows\system32\dllcache\wmsdmod.dll
2014-03-22 17:38:59    303616    -c--a-w-    c:\windows\system32\dllcache\wmstream.dll
2014-03-22 17:38:59    2462720    -c--a-w-    c:\windows\system32\dllcache\WMVCore.dll
2014-03-22 17:38:59    20480    -c--a-w-    c:\windows\system32\dllcache\wmpui.dll
2014-03-22 17:38:59    20480    -c--a-w-    c:\windows\system32\dllcache\wmpcore.dll
2014-03-22 17:38:59    20480    -c--a-w-    c:\windows\system32\dllcache\wmpcd.dll
2014-03-22 17:38:59    115200    -c--a-w-    c:\windows\system32\dllcache\wmsdmoe.dll
2014-03-22 17:37:23    --------    d-----w-    c:\windows\network diagnostic
2014-03-22 17:37:21    144384    ----a-w-    c:\windows\system32\drivers\hdaudbus.sys
2014-03-22 17:37:20    10240    ----a-w-    c:\windows\system32\drivers\sffp_mmc.sys
2014-03-22 17:36:03    19569    ----a-w-    c:\windows\004850_.tmp
2014-03-22 17:20:20    --------    d-----w-    c:\documents and settings\owner\local settings\application data\ApplicationHistory
2014-03-22 17:08:49    --------    d-sh--w-    c:\documents and settings\owner\IECompatCache
2014-03-22 17:08:24    --------    d-sh--w-    c:\documents and settings\owner\PrivacIE
2014-03-22 17:07:37    --------    d-sh--w-    c:\documents and settings\owner\IETldCache
2014-03-22 17:04:59    --------    dc-h--w-    c:\windows\ie8
2014-03-22 16:36:30    --------    d-----w-    c:\windows\system32\wbem\AutoRecover
2014-03-22 16:28:08    --------    d-----w-    c:\windows\ServicePackFiles
2014-03-22 16:26:08    2897920    ----a-w-    c:\windows\system32\xpsp2res.dll
2014-03-22 16:24:36    19528    ----a-w-    c:\windows\002034_.tmp
2014-03-22 16:24:09    26144    ----a-w-    c:\windows\system32\spupdsvc.exe
2014-03-22 16:21:38    --------    d-----w-    c:\windows\EHome
2014-03-22 16:09:00    --------    d-sh--w-    c:\documents and settings\owner\UserData
2014-03-22 16:06:45    --------    d-----w-    C:\6in1ico
.
==================== Find3M  ====================
.
2014-03-30 15:10:55    1080    ----a-w-    c:\windows\AUTOLNCH.REG
2014-03-22 17:44:41    49152    ----a-w-    c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\PCHI18N.dll
2014-03-22 17:44:27    155907    ----a-w-    c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\PCHButton.exe
2014-03-22 17:44:25    127235    ----a-w-    c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\ContentUpdater.exe
2014-03-22 17:44:12    122880    ----a-w-    c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\SearchCtrl.dll
2014-03-22 17:43:55    77824    ----a-w-    c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\WinVerifyTrust.dll
2014-03-22 17:43:54    106496    ----a-w-    c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\bin\PluginCtrl.dll
2014-02-26 01:59:05    13312    ----a-w-    c:\windows\system32\xp_eos.exe
2014-02-24 11:46:36    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-24 11:45:58    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-24 10:54:21    385024    ----a-w-    c:\windows\system32\html.iec
2014-02-22 22:41:08    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-22 19:14:28    6656    ----a-w-    c:\windows\system32\haspvdd.dll
2014-02-22 19:14:28    47616    ----a-w-    c:\windows\system32\drivers\Haspnt.sys
2014-02-22 19:14:28    416256    ----a-w-    c:\windows\system32\drivers\hardlock.sys
2014-02-22 19:14:28    383    ----a-w-    c:\windows\system32\haspdos.sys
2014-02-22 19:14:28    23040    ----a-w-    c:\windows\system32\drivers\aksusb.sys
2014-02-07 02:01:37    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 08:55:04    562688    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 18:07:20.76 ===============
 


Darlene

#6 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 08 April 2014 - 04:08 PM

Jeff:

 

Here is the other:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/22/2014 11:06:48 AM
System Uptime: 4/8/2014 5:59:15 PM (1 hours ago)
.
Motherboard: Intel Corporation |  | NBGV - Northwood/Brookdale-G Validation Board
Processor:                 Intel® Celeron® CPU 2.20GHz | WMT478/NWD | 2192/mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 32 GiB total, 16.37 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.05 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP19: 3/23/2014 2:56:18 PM - Delete Me
RP20: 3/23/2014 2:59:28 PM - Delete Me
RP21: 3/23/2014 3:00:23 PM - Software Distribution Service 3.0
RP22: 3/23/2014 3:18:17 PM - Printer Driver Microsoft XPS Document Writer Installed
RP23: 3/23/2014 3:39:15 PM - Software Distribution Service 3.0
RP24: 3/23/2014 4:03:58 PM - Software Distribution Service 3.0
RP25: 3/23/2014 4:49:05 PM - Software Distribution Service 3.0
RP26: 3/23/2014 5:14:36 PM - Software Distribution Service 3.0
RP27: 3/23/2014 7:16:53 PM - Software Distribution Service 3.0
RP28: 3/23/2014 8:14:12 PM - avast! antivirus system restore point
RP29: 3/25/2014 5:47:53 PM - Software Distribution Service 3.0
RP30: 3/26/2014 6:13:09 PM - System Checkpoint
RP31: 3/26/2014 7:16:24 PM - Removed HP Photo and Imaging 1.1 - Photosmart Cameras
RP32: 3/26/2014 7:18:15 PM - Removed Simple Backup for My Pictures
RP33: 3/26/2014 7:20:09 PM - Removed Detto IntelliMover Demo
RP34: 3/26/2014 8:15:15 PM - Installed HP Support Solutions Framework
RP35: 3/26/2014 9:53:30 PM - Software Distribution Service 3.0
RP36: 3/27/2014 6:14:27 PM - Software Distribution Service 3.0
RP37: 3/27/2014 6:26:49 PM - Software Distribution Service 3.0
RP38: 3/28/2014 10:07:41 PM - System Checkpoint
RP39: 3/30/2014 8:23:48 AM - System Checkpoint
RP40: 3/31/2014 7:38:48 PM - Installed DirectX
RP41: 4/2/2014 6:53:37 PM - System Checkpoint
RP42: 4/5/2014 6:06:11 PM - System Checkpoint
RP43: 4/6/2014 6:32:21 PM - System Checkpoint
RP44: 4/7/2014 6:59:48 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
hp center
HP Instant Support
HP PrecisionScan LTX
hp toolkit
Indeo® Software
Intel® Extreme Graphics Driver
Malwarebytes Anti-Malware version 2.00.0.1000
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Windows 2000/XP Display Drivers
PS2
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SyncBackFree
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
YAC
.
==== Event Viewer Messages From Past Week ========
.
4/8/2014 6:23:08 AM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer DARLENES-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DC55BC3D-69D2-45. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 


Darlene

#7 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 08 April 2014 - 05:37 PM

Jeff

 

I came home from dinner and ran TDSSKILLER - and since it would not let me save the report, I had to CTRL-C and CTRL-V in the notepad to get it for ya!!

 

Dar

Attached Files


Darlene

#8 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 08 April 2014 - 05:45 PM

Jeff

 

Ran ADware - and here is the log file:

 

# AdwCleaner v3.023 - Report created 08/04/2014 at 19:41:14
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - EMBROIDERY
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : iSafeKrnl
Service Found : iSafeNetFilter
Service Found : iSafeService

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Documents and Settings\Owner\Application Data\eCyber
Folder Found C:\Documents and Settings\Owner\Application Data\iSafe
Folder Found C:\Program Files\iSafe
Folder Found C:\Program Files\MyPC Backup

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6nnb107u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [996 octets] - [08/04/2014 19:41:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1055 octets] ##########

 


Darlene

#9 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 08 April 2014 - 05:57 PM

Looks like we have some work to do.  :)

 

Do you recognize these by chance???  

 

C:\sj588
C:\6in1ico

 

 
 

Posted Image
 
 

#10 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 08 April 2014 - 07:14 PM

 

Looks like we have some work to do.   :)

 

Do you recognize these by chance???  

 

C:\sj588
C:\6in1ico

 

Jeff: - they don't sound famliar to me at all.  If you see SJ64gen and SJ645en - they are a patch from HP for a just as old scanner and the install software for the same.  The patch was to make this old scanner work with XP - now I can't get the scanner to be recognized by any of the 3 computers in the house!!  Not important tho!!

 

I did a "search" on this Xp and SJ588 looks like a setup for this old HP scanner it is:   HP scanjet 2200c

 

I searched for 6in1ico and it means nothing to me.

 

Do you see something bad?  I haven't had an antivirus, so I am not suprised!!

 

Let's get 'em!!

 

dar

 

 
 

 


Darlene

    Advertisements

Register to Remove


#11 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 09 April 2014 - 05:26 AM

No nothing terrible yet.   :)
 
Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


Posted Image
 
 

#12 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 09 April 2014 - 05:41 AM

Will do tonight Jeff!!

 

cya then!

 

dar


Darlene

#13 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 09 April 2014 - 05:42 AM

:)


Posted Image
 
 

#14 peachy_dar

peachy_dar

    Silver Member

  • Authentic Member
  • PipPipPip
  • 385 posts
  • Interests:Riding our 2009 Navy Metallic blue Honda Goldwing Trike<br />Taking pictures and videos while riding the trike

Posted 09 April 2014 - 06:15 PM

Jeff:

 

No luck here on this end....

 

I did download CF, it did prompt me to install Microsoft  Recovery Console:, and I ran CF.

 

After 30 minutes of it running, a box popped up from the machine and it stated:

 

"windows virtual memory minimum too low.  Your system is low on virtual memory.  Windows is increasing the size of your vitural memory paging file"

 

Since this machine HATES to multi task, I figured installing the console was too much for it to run CF...so I cancelled and rebooted.  I started CF once again at 6:15 pm and ran down stairs to the kitchen to make dinner.  I came up here at 8:05pm expecting to find a lof file to send.. but instead, CF was still scanning (so it said) adn the Windows Virtual memory message box again.

 

So, I rebooted just tell you this.  I"m going to shut this down tonight,and you can tell me what the next step will be.  I can follow thru tomorrow after dinner again.

 

Have a great night!

 

Dar


Darlene

#15 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 April 2014 - 05:36 AM

Hi,
 
Ok disregard ComboFix.   :)
 
N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------


Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users