Inactive Suspected hijacking

[gja]

I followed the 8 steps and posted the 3 log files.

In addition since running the cleanup files there are consistent process problems all with the following generic process info as follows:
*****************************************************
generic host process for win32 Serives has encounter a problem and needs to close.
szappnam: svchost.exe szappver: 5.1.2600.5512
szmodname: flash10e.ocx szmodver: 10.0.45.2 offset:000dd2d8
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER12c9.dir00\svchost.exe.mdmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER12c9.dir00\appcompat.txt
********************************************
the two temp text files created are posted in fDbJINcv-1.txt and fD5JINcV-2.txt

I could not upload to tech spot from the pc with the issue so I used a flash to copy files and upload from another device.

your help is greatly appreciated.

 

[Bobbye]

Welcome to TechSpot, gja. I'll help with the malware. You have a rogue security program on the system. And it might also be responsible for the Trojans.

Let's see if we can get more of it removed:
Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.
When finished, I'd like you to run this online AV scan. It will give additional information about system activity:
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

When you have finished, please paste the Combofix report and the Eset log into the next reply. IF you have any problem with pasting, then just attach instead.

The additional information should help pin down the cause for the error messages.

Please do not run any additional cleaning programs while I am helping you- unless I instruct you to. Don't run a Registry cleaner or make any registry changes.

 

[gja]

Question about the recovery console

The pc with the issue is an used one. I don't have the xp/oem distribution disk. When the recovery console is run will i need the xp distribution disk to restore system files?

thx

 

[Bobbye]

Yes. The files to be restored have to come from somewhere.