Hi all! anyone that can help me please do so. PLEASE. i keep getting pop ups that say my computer is infected with the win 32 /nugel.e and bankerfox viruses. I am having one heck of a time getting rid of this thing. Every time i try to download hijackthis it wont allow me to do it. it will actually interrupt my visiting the site and redirect me to try and install their bogus removal ware. can anyone help me from start to finish. please. thanks a bunch
vcoopob 0 Newbie Poster
vcoopob 0 Newbie Poster
I have been able to run a hijackthis report on the infected computer since my last post. however, everytime i try to post it the friggin virus boots me out. help me please someone out there!
vcoopob 0 Newbie Poster
ok got a hijackthis log! had to save it to flash drive and use my laptop.
any help is appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 4:47:44 PM, on 7/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\ld12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
caperjack 875 I hate 20 Questions Team Colleague
hi your hijackthis is outdated ,get newer version .re-scan .
also==
Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Make sure that you restart the computer.
Post new HJT log.
After the scan you will get a notepad window with the scan results, Save it.
* Post both the MBAM and HJT logs back here...
CCleaner
Download Ccleaner, Install it, Open it...
Under the 'Cleaner' Section select all in the 'Windows' And 'Applications' Tab, Then click on 'Analyze' And then 'Run Cleaner'...
Do The Same In The 'Registry' Tab, i.e. 'Scan For Issues' and 'Fix Selected Issues', It will ask you to make a backup, DO IT...Then Click on 'Fix All'run the registry one until it finds no more!...Now Reboot The Pc..
caperjack 875 I hate 20 Questions Team Colleague
Hi all! anyone that can help me please do so. PLEASE. i keep getting pop ups that say my computer is infected with the win 32 /nugel.e and bankerfox viruses. I am having one heck of a time getting rid of this thing. Every time i try to download hijackthis it wont allow me to do it. it will actually interrupt my visiting the site and redirect me to try and install their bogus removal ware. can anyone help me from start to finish. please. thanks a bunch
try going into safe mode [hitting f8 on bootup] and see if you can find and delete this file .
C:\windows\ld12.exe
vcoopob 0 Newbie Poster
ok.here is the newlog fromhijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:33 AM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - Startup: FrostWire On Startup.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 9643 bytes
I think I also deleted the file c:\widows/ld12.exe
here is thelog from malwarebyte:
Malwarebytes' Anti-Malware 1.38
Database version: 2379
Windows 5.1.2600 Service Pack 2
7/6/2009 9:08:55 AM
mbam-log-2009-07-06 (09-08-55).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 157758
Time elapsed: 18 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\sysguard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71cd564c-dfcf-4e26-881d-d113f8018f35}\RP0\A0000007.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71cd564c-dfcf-4e26-881d-d113f8018f35}\RP0\A0000056.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71cd564c-dfcf-4e26-881d-d113f8018f35}\RP0\A0000105.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71cd564c-dfcf-4e26-881d-d113f8018f35}\RP0\A0004370.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71cd564c-dfcf-4e26-881d-d113f8018f35}\RP1\A0004588.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71cd564c-dfcf-4e26-881d-d113f8018f35}\RP1\A0004600.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\ld12.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\proquota.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
will download ccleaner after rebooting. thanks! let me know what else to do please.
caperjack 875 I hate 20 Questions Team Colleague
I would like you to do the following:
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.
*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.
Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.
Now just sit back and allow the program to run
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When all is complete then please post back here with that log.
vcoopob 0 Newbie Poster
here is the log for combo fix. sorry it took so long.
ComboFix 09-07-06.02 - Compaq_Owner 07/07/2009 3:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191.34 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\windows\system32\_000110_.tmp.dll
D:\Autorun.inf
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\system32\dllcache\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.
2009-07-07 08:54 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-07 08:54 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-06 14:27 . 2009-07-06 14:27 -------- d-----w- c:\program files\CCleaner
2009-07-06 13:44 . 2009-07-06 13:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-07-06 13:44 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 13:44 . 2009-07-06 13:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 13:44 . 2009-07-06 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 13:44 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 13:33 . 2009-07-06 13:33 -------- d-----w- c:\program files\Trend Micro
2009-07-05 22:16 . 2009-07-05 22:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\V-Safe 100
2009-07-05 20:38 . 2004-08-04 05:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-05 20:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-05 20:37 . 2001-08-18 03:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-05 20:36 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-05 20:36 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-05 20:36 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-05 20:36 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-05 20:36 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-05 20:36 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-05 20:36 . 2004-08-04 05:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-05 20:35 . 2004-08-04 04:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2009-07-05 20:35 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-07-05 20:35 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-07-05 20:35 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-07-05 20:35 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-07-05 20:33 . 2001-08-17 17:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2009-07-05 20:33 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2009-07-05 20:32 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2009-07-05 20:32 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2009-07-05 20:32 . 2004-08-04 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2009-07-05 20:32 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-07-05 20:32 . 2004-08-04 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2009-07-05 20:32 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2009-07-05 20:31 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2009-07-05 20:31 . 2001-08-17 18:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-07-05 20:31 . 2004-08-04 04:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2009-07-05 20:31 . 2004-08-04 05:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2009-07-05 20:31 . 2001-08-17 18:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-07-05 20:31 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2009-07-05 20:31 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2009-07-05 20:30 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-07-05 20:29 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2009-07-05 20:29 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-07-05 20:29 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-07-05 20:28 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2009-07-05 20:28 . 2004-08-04 04:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-07-05 20:28 . 2004-08-04 04:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-07-05 20:28 . 2004-08-04 04:04 12672 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2009-07-05 20:28 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2009-07-05 20:28 . 2004-08-04 12:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2009-07-05 20:28 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-07-05 20:28 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2009-07-05 20:27 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2009-07-05 20:27 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2009-07-05 20:27 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-07-05 20:27 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-07-05 20:27 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-07-05 20:27 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-07-05 20:27 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-07-05 20:26 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-07-05 20:26 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-07-05 20:26 . 2004-08-04 04:07 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2009-07-05 20:26 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-07-05 20:25 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-07-05 20:25 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-07-05 20:24 . 2001-08-17 17:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-07-05 20:24 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-07-05 20:24 . 2001-08-17 17:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-07-05 20:24 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-07-05 20:24 . 2001-08-17 17:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-07-05 20:24 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-07-05 20:24 . 2004-08-04 05:56 82432 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-07-05 20:24 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2009-07-05 20:24 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2009-07-05 20:23 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-07-05 20:23 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-07-05 20:23 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-07-05 20:23 . 2004-08-04 12:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2009-07-05 20:23 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-07-05 20:23 . 2004-08-04 12:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2009-07-05 20:23 . 2004-08-04 12:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2009-07-05 20:23 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-07-05 20:22 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-07-05 20:22 . 2004-08-04 04:00 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-07-05 20:22 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-07-05 20:22 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-07-05 20:22 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-07-05 20:21 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-07-05 20:20 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-07-05 20:20 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-07-05 20:20 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-07-05 20:20 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-07-05 20:20 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-07-05 20:20 . 2001-08-17 19:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-07-05 20:20 . 2001-08-18 03:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-07-05 20:20 . 2001-08-17 18:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2009-07-05 20:20 . 2001-08-17 19:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-07-05 20:19 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-07-05 20:19 . 2001-08-18 03:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-07-05 20:19 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-07-05 20:19 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-07-05 20:19 . 2001-08-18 03:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-07-05 20:19 . 2001-08-18 03:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-07-05 20:18 . 2001-08-17 17:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2009-07-05 20:18 . 2001-08-17 18:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-07-05 20:18 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-07-05 20:18 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-07-05 20:17 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-07-05 20:17 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-07-05 20:17 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-07-05 20:17 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-07-05 20:17 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-07-05 20:16 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-07-05 20:16 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-07-05 20:16 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-07-05 20:16 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-07-05 20:16 . 2004-08-04 04:00 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-07-05 20:16 . 2004-08-04 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll
2009-07-05 20:16 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-07-05 20:16 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-07-05 20:16 . 2001-08-17 19:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2009-07-05 20:14 . 2004-08-04 03:41 404990 -c--a-w- c:\windows\system32\dllcache\slntamr.sys
2009-07-05 20:14 . 2004-08-04 03:41 129535 -c--a-w- c:\windows\system32\dllcache\slnt7554.sys
2009-07-05 20:14 . 2004-08-04 05:56 286792 -c--a-w- c:\windows\system32\dllcache\slextspk.dll
2009-07-05 20:14 . 2004-08-04 05:56 188508 -c--a-w- c:\windows\system32\dllcache\slgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 09:05 . 2004-10-21 15:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-04 04:44 . 2009-03-03 00:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2009-07-04 00:22 . 2009-03-03 02:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-04 00:22 . 2009-05-28 03:16 -------- d-----w- c:\program files\Java
2009-06-21 03:49 . 2009-03-07 23:26 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\FrostWire
2009-06-21 03:42 . 2009-03-03 02:47 -------- d-----w- c:\program files\LimeWire
2009-06-21 03:31 . 2009-03-07 23:25 -------- d-----w- c:\program files\FrostWire
2009-06-21 03:28 . 2009-03-03 02:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-06-20 14:58 . 2009-03-19 14:43 1214 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-06-20 14:58 . 2009-03-19 14:43 54928 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 05:16 . 2009-03-07 23:25 -------- d-----w- c:\program files\AskBarDis
2009-06-19 09:58 . 2004-10-21 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-06-19 08:19 . 2004-10-21 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 06:22 . 2004-06-09 19:27 53248 ----a-w- c:\windows\system32\palmdevc.dll
2009-06-02 14:13 . 2004-10-21 11:58 -------- d-----w- c:\program files\Easy Internet signup
2009-05-28 03:16 . 2009-05-28 03:16 -------- d-----w- c:\program files\Common Files\Java
2009-05-26 14:18 . 2009-03-31 13:11 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Walgreens
2009-05-07 15:44 . 2009-03-02 15:27 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2009-03-02 15:29 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2009-03-02 15:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2009-03-02 15:29 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2009-03-02 15:28 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[7] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[7] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
[7] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\system32\user32.dll
[7] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[7] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[7] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll
[7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\system32\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\system32\dllcache\wininet.dll
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[7] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[7] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[7] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[7] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
[7] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 21:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 22:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\system32\dllcache\explorer.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[7] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[7] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[7] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[7] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
[7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\spoolsv.exe
[7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[7] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[7] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\termsrv.dll
[7] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[7] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[7] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[7] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[7] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[7] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[7] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[7] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kbdclass.sys
[7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\kbdclass.sys
[7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\kbdclass.sys
[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 04:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-05 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-03-03 100056]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2005-07-23 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-07-23 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-10-21 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-04 148888]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-29 2551808]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-10-21 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [3/31/2009 7:31 PM 99248]
.
Contents of the 'Scheduled Tasks' folder
2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-07-04 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\tfgjok2p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 04:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-07 8:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 13:10
Pre-Run: 20,963,053,568 bytes free
Post-Run: 21,002,899,456 bytes free
401 --- E O F --- 2009-07-05 08:06
caperjack 875 I hate 20 Questions Team Colleague
so,hows the computer working now
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.