sorry for the delay maniac and thanks again for your help here are the results from the combofix log. It did ask say that there was an update for combofix but did not do did not know if it would change previous steps done. thanks again ComboFix 11-01-18.04 - HP_Administrator 01/20/2011 23:17:08.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.598 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt FILE :: "c:\windows\system32\ddessa64.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ddessa64.dll . ((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 ))))))))))))))))))))))))))))))) . 2011-01-19 22:44 . 2011-01-19 22:44 -------- d-----w- c:\windows\system32\LogFiles 2011-01-19 21:25 . 2011-01-21 04:11 -------- d-----w- c:\windows\LastGood 2011-01-19 02:18 . 2011-01-19 02:18 -------- d-----w- c:\windows\Sun 2011-01-16 21:27 . 2004-08-04 07:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2011-01-16 21:27 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-01-16 21:27 . 2004-08-04 07:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-16 21:27 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-01-16 21:27 . 2004-08-04 07:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-01-16 21:10 . 2011-01-16 21:20 -------- d-----r- c:\documents and settings\All Users\Documents 2011-01-16 21:05 . 2011-01-19 21:25 -------- d-sh--r- c:\windows\system32\dllcache 2011-01-16 18:26 . 2011-01-16 18:26 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2011-01-16 18:25 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-01-16 18:25 . 2006-03-04 05:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll 2011-01-16 18:25 . 2006-03-04 05:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe 2011-01-16 18:25 . 2006-03-04 05:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2011-01-16 18:25 . 2006-03-04 05:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2011-01-16 18:25 . 2006-03-04 05:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2011-01-16 18:25 . 2006-03-04 05:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2011-01-16 18:23 . 2006-04-13 01:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2011-01-16 18:23 . 2006-04-13 01:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2011-01-16 18:23 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll 2011-01-16 18:23 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll 2011-01-16 18:23 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll 2011-01-16 18:23 . 2006-04-13 01:04 282624 ----a-r- c:\windows\system32\HPZc3212.dll 2011-01-16 18:23 . 2006-04-13 01:04 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2011-01-16 17:34 . 2011-01-19 01:46 -------- d-----w- c:\documents and settings\HP_Administrator 2011-01-16 17:34 . 2006-08-01 02:30 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2011-01-16 17:33 . 2006-08-01 02:30 -------- d-----w- c:\documents and settings\Default User\WINDOWS 2011-01-16 09:49 . 2011-01-16 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2011-01-16 07:47 . 2011-01-16 07:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-01-16 07:36 . 2011-01-19 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-16 07:17 . 2011-01-16 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-01-16 07:13 . 2011-01-16 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-16 07:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-16 07:13 . 2011-01-16 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-16 07:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-16 07:04 . 2011-01-16 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack 2011-01-16 06:28 . 2011-01-16 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2011-01-16 06:27 . 2011-01-16 06:27 -------- d-----w- C:\bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((( SnapShot@2011-01-19_20.57.33 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-07 00:24 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll + 2004-08-10 04:00 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe + 2011-01-19 21:25 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-10 04:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-10 04:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-10 04:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll + 2011-01-19 21:25 . 2004-08-10 04:00 36864 c:\windows\LastGood\system32\wups.dll + 2011-01-19 21:25 . 2004-08-10 04:00 66560 c:\windows\LastGood\system32\cdm.dll + 2004-08-10 04:00 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll + 2004-08-10 04:00 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll + 2004-08-10 04:00 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll + 2004-08-10 04:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2004-08-10 04:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2004-08-10 04:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2011-01-19 21:25 . 2004-08-10 04:00 120320 c:\windows\LastGood\system32\wuweb.dll + 2011-01-19 21:25 . 2004-08-10 04:00 112640 c:\windows\LastGood\system32\wucltui.dll + 2011-01-19 21:25 . 2004-08-10 04:00 111104 c:\windows\LastGood\system32\wuauclt.exe + 2011-01-19 21:25 . 2004-08-10 04:00 430592 c:\windows\LastGood\system32\wuapi.dll + 2004-08-10 04:00 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll + 2004-08-10 04:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2011-01-19 21:25 . 2004-08-10 04:00 1134592 c:\windows\LastGood\system32\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] "nwiz"="nwiz.exe" [2006-05-09 1519616] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-7-31 36903] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= S0 giuq;giuq;c:\windows\system32\drivers\kbnxtkej.sys --> c:\windows\system32\drivers\kbnxtkej.sys [?] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop Trusted Zone: trymedia.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-20 23:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-01-20 23:21:11 ComboFix-quarantined-files.txt 2011-01-21 04:21 ComboFix2.txt 2011-01-19 21:20 ComboFix3.txt 2011-01-19 20:59 Pre-Run: 214,585,716,736 bytes free Post-Run: 214,576,992,256 bytes free - - End Of File - - 899E00F7E8740847AA2C0BD718D361B9