qdraw

Members
  • Content count

    26
  • Joined

  • Last visited

About qdraw

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Hey maniac I think I found the problem I got rid of avg all together and have had no problems except for when combofix was uninstalled I still have a boot option that it left in my startup menu
  2. Yes still having problems of the ie being unresponsive and randomly will not close the browser and just lagging in general
  3. Yes I have enabled windows updates and updated to service pack 3 of xp and upgraded to ie 8
  4. hey maniac im back again after monitoring the system for another day or so still having some unresponsive errors with ie and sometimes the browser will not close at all any suggestions?
  5. Do I need to do anything with defogger
  6. Yes everything seems to be running normally thank you
  7. seems to be working much better thank you very much for your help I greatly appreciate it. What next steps do you suggest we take
  8. I use internet explorer not sure what version but got a notifaction of an upgrade to 8.0. The errors are just that the pages themselves are very slow to respond almost like it is freezing. The internet explorer has closed several times with an unresponsive error not the normal (not responding) error. Still not showing any infections or viruses from either malwarebytes or avg ?
  9. Hey maniac after several days I have seen improvement but the browser is still up and down it very often gets unresponsive errors and has to close. But I am able to connect. Thank you in advance for your help and everything you have done so far
  10. Ok thank you again ill keep you posted
  11. Ok sounds good would you suggest another anti virus besides avg or will it suffice Thank you ill let u know
  12. Seems to be running good thank you. Haven't used much mostly just to post til we were done but have no issues at all
  13. sorry for the delay maniac and thanks again for your help here are the results from the combofix log. It did ask say that there was an update for combofix but did not do did not know if it would change previous steps done. thanks again ComboFix 11-01-18.04 - HP_Administrator 01/20/2011 23:17:08.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.598 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt FILE :: "c:\windows\system32\ddessa64.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ddessa64.dll . ((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 ))))))))))))))))))))))))))))))) . 2011-01-19 22:44 . 2011-01-19 22:44 -------- d-----w- c:\windows\system32\LogFiles 2011-01-19 21:25 . 2011-01-21 04:11 -------- d-----w- c:\windows\LastGood 2011-01-19 02:18 . 2011-01-19 02:18 -------- d-----w- c:\windows\Sun 2011-01-16 21:27 . 2004-08-04 07:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2011-01-16 21:27 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-01-16 21:27 . 2004-08-04 07:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-16 21:27 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-01-16 21:27 . 2004-08-04 07:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-01-16 21:10 . 2011-01-16 21:20 -------- d-----r- c:\documents and settings\All Users\Documents 2011-01-16 21:05 . 2011-01-19 21:25 -------- d-sh--r- c:\windows\system32\dllcache 2011-01-16 18:26 . 2011-01-16 18:26 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2011-01-16 18:25 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-01-16 18:25 . 2006-03-04 05:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll 2011-01-16 18:25 . 2006-03-04 05:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe 2011-01-16 18:25 . 2006-03-04 05:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2011-01-16 18:25 . 2006-03-04 05:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2011-01-16 18:25 . 2006-03-04 05:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2011-01-16 18:25 . 2006-03-04 05:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2011-01-16 18:23 . 2006-04-13 01:04 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2011-01-16 18:23 . 2006-04-13 01:04 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2011-01-16 18:23 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll 2011-01-16 18:23 . 2006-04-10 22:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll 2011-01-16 18:23 . 2006-04-10 22:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll 2011-01-16 18:23 . 2006-04-13 01:04 282624 ----a-r- c:\windows\system32\HPZc3212.dll 2011-01-16 18:23 . 2006-04-13 01:04 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2011-01-16 17:34 . 2011-01-19 01:46 -------- d-----w- c:\documents and settings\HP_Administrator 2011-01-16 17:34 . 2006-08-01 02:30 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2011-01-16 17:33 . 2006-08-01 02:30 -------- d-----w- c:\documents and settings\Default User\WINDOWS 2011-01-16 09:49 . 2011-01-16 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2011-01-16 07:47 . 2011-01-16 07:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-01-16 07:36 . 2011-01-19 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-16 07:17 . 2011-01-16 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-01-16 07:13 . 2011-01-16 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-16 07:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-16 07:13 . 2011-01-16 07:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-16 07:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-16 07:04 . 2011-01-16 07:04 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack 2011-01-16 06:28 . 2011-01-16 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2011-01-16 06:27 . 2011-01-16 06:27 -------- d-----w- C:\bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((( SnapShot@2011-01-19_20.57.33 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-07 00:24 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll + 2004-08-10 04:00 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe + 2011-01-19 21:25 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-10 04:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-10 04:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-10 04:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll + 2011-01-19 21:25 . 2004-08-10 04:00 36864 c:\windows\LastGood\system32\wups.dll + 2011-01-19 21:25 . 2004-08-10 04:00 66560 c:\windows\LastGood\system32\cdm.dll + 2004-08-10 04:00 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll + 2004-08-10 04:00 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll + 2004-08-10 04:00 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll + 2004-08-10 04:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2004-08-10 04:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2004-08-10 04:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2011-01-19 21:25 . 2004-08-10 04:00 120320 c:\windows\LastGood\system32\wuweb.dll + 2011-01-19 21:25 . 2004-08-10 04:00 112640 c:\windows\LastGood\system32\wucltui.dll + 2011-01-19 21:25 . 2004-08-10 04:00 111104 c:\windows\LastGood\system32\wuauclt.exe + 2011-01-19 21:25 . 2004-08-10 04:00 430592 c:\windows\LastGood\system32\wuapi.dll + 2004-08-10 04:00 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll + 2004-08-10 04:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2011-01-19 21:25 . 2004-08-10 04:00 1134592 c:\windows\LastGood\system32\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] "nwiz"="nwiz.exe" [2006-05-09 1519616] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-7-31 36903] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= S0 giuq;giuq;c:\windows\system32\drivers\kbnxtkej.sys --> c:\windows\system32\drivers\kbnxtkej.sys [?] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop Trusted Zone: trymedia.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-20 23:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-01-20 23:21:11 ComboFix-quarantined-files.txt 2011-01-21 04:21 ComboFix2.txt 2011-01-19 21:20 ComboFix3.txt 2011-01-19 20:59 Pre-Run: 214,585,716,736 bytes free Post-Run: 214,576,992,256 bytes free - - End Of File - - 899E00F7E8740847AA2C0BD718D361B9
  14. ran malwarebytes quick scan 0 infections here is the log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5556 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 1/19/2011 4:55:03 PM mbam-log-2011-01-19 (16-55-03).txt Scan type: Quick scan Objects scanned: 146907 Time elapsed: 2 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. ok maniac it said the file was successfully submitted