Jump to content

mbmatthews

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral

About mbmatthews

  • Birthday 12/05/1961

Profile Information

  • Location
    southern United States
  1. mbmatthews
    Good evening: I have done as you advised. Once the host stuff was added, the computer runs a little slower, but I think it is worth the wait. Other than that, the system is running fine. I thank you for all your help and will update as advised.
  2. mbmatthews
    Good evening, and thanks for the quick reply: Here are the logs you requested. ComboFix 09-11-07.02 - Compaq_Owner 11/07/2009 21:44.6.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.451 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner.MATTHEWS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner.MATTHEWS\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-07 01:22 . 2009-11-07 01:22 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-11-07 01:21 . 2009-11-07 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-11-07 00:50 . 2009-11-07 00:51 -------- d-----w- C:\mbmatthews 2009-11-05 01:28 . 2009-11-08 02:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-05 00:50 . 2009-11-05 00:50 152576 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-05 00:08 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-11-05 00:08 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-11-05 00:08 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-11-05 00:08 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-11-05 00:07 . 2009-11-05 00:08 -------- d-----w- c:\program files\Common Files\McAfee 2009-11-05 00:07 . 2009-11-05 00:08 -------- d-----w- c:\program files\McAfee.com 2009-11-05 00:07 . 2009-11-05 00:14 -------- d-----w- c:\program files\McAfee 2009-11-05 00:06 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-11-01 19:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 19:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-01 13:33 . 2009-11-01 13:33 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\IObit 2009-11-01 13:33 . 2009-10-19 18:30 624464 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\IObit\Common\TB_Helper.exe 2009-10-31 14:17 . 2009-11-06 23:54 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\AdobeUM 2009-10-31 01:31 . 2009-10-31 01:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-31 01:19 . 2009-10-31 01:19 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Printer Info Cache 2009-10-31 00:55 . 2009-10-31 00:55 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\PrivacIE 2009-10-31 00:40 . 2009-11-08 00:18 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Adobe 2009-10-27 12:03 . 2009-10-27 12:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-10-26 04:14 . 2009-10-26 04:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Identities 2009-10-26 01:08 . 2009-10-26 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-10-25 19:31 . 2009-10-25 19:31 -------- d-----w- c:\program files\SiteAdvisor 2009-10-25 19:18 . 2009-10-25 19:18 -------- d-----w- c:\windows\system32\LogFiles 2009-10-25 19:15 . 2009-09-30 16:11 288096 ----a-r- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-10-25 19:14 . 2009-10-25 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\McAfee 2009-10-25 17:33 . 2009-11-05 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-25 17:04 . 2009-10-25 17:04 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Citrix 2009-10-25 17:04 . 2009-10-25 17:04 61224 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\GoToAssistDownloadHelper.exe 2009-10-24 18:58 . 2009-10-24 18:58 69920 ----a-w- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 18:58 . 2009-10-24 18:58 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 18:58 . 2009-10-24 18:58 575 ----a-w- c:\windows\system32\LxrCleanup.bat 2009-10-24 18:58 . 2009-10-24 18:58 49152 ----a-w- c:\windows\system32\LxrSG20s.exe 2009-10-24 18:58 . 2009-10-24 18:58 274432 ----a-w- c:\windows\system32\LxrSG20.dll 2009-10-24 18:58 . 2009-10-24 18:58 163840 ----a-w- c:\windows\system32\LxrConfig.exe 2009-10-24 13:06 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\hpovst08.dll 2009-10-24 13:06 . 2002-11-27 11:30 561152 ----a-r- c:\windows\system32\hpotscl.dll 2009-10-24 13:06 . 2002-11-27 11:30 274432 ----a-r- c:\windows\system32\hpgwiamd.dll 2009-10-24 02:42 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\HPZipt12.dll 2009-10-24 02:42 . 2002-11-27 11:30 57344 ----a-r- c:\windows\system32\HPZisn12.dll 2009-10-24 02:42 . 2002-11-27 11:30 65536 ----a-r- c:\windows\system32\HPZipm12.exe 2009-10-24 02:42 . 2002-11-27 11:30 61440 ----a-r- c:\windows\system32\HPZinw12.exe 2009-10-24 02:42 . 2002-11-27 11:30 237624 ----a-r- c:\windows\system32\HPZidr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 172032 ----a-r- c:\windows\system32\HPZipr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-10-24 02:42 . 2002-11-27 11:30 50960 ----a-r- c:\windows\system32\drivers\hpzid412.sys 2009-10-24 02:41 . 2002-11-27 11:30 22384 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-10-24 02:41 . 2002-11-27 11:29 237568 ----a-r- c:\windows\system32\HPZc3212.dll 2009-10-24 02:40 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 18:09 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-10-23 18:09 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-10-23 18:09 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-10-23 18:09 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-10-23 18:09 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\scripting 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\en 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\bits 2009-10-22 23:31 . 2009-10-11 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-22 23:26 . 2009-10-22 23:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-10-22 23:25 . 2009-10-22 23:25 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\IETldCache 2009-10-22 23:11 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-22 23:11 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 23:11 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 23:11 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-10-22 23:11 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 23:11 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-10-22 23:09 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-22 22:42 . 2009-10-22 23:30 152576 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-22 03:33 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll 2009-10-22 03:31 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-22 03:30 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll 2009-10-22 03:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-10-22 03:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-10-22 03:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-10-22 03:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-22 03:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-10-22 03:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-10-22 03:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-10-22 03:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-10-22 03:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-22 03:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-10-22 03:02 . 2009-08-05 00:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-22 03:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-22 02:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-22 02:53 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-22 02:52 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-22 02:51 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-22 02:49 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-10-22 02:48 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-10-22 02:48 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-10-22 02:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-22 02:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-22 02:44 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys 2009-10-22 02:24 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-22 01:58 . 2009-10-22 01:58 3502080 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL14.DLL 2009-10-22 01:49 . 2009-10-22 01:49 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Intuit 2009-10-22 00:34 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-22 00:28 . 2009-10-22 00:28 -------- d-s---w- c:\documents and settings\Compaq_Owner.MATTHEWS\UserData 2009-10-22 00:21 . 2009-10-22 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-10-21 23:51 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-10-21 23:51 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-10-21 23:51 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 23:51 . 2008-04-13 18:46 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 23:51 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-10-21 23:51 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys 2009-10-21 23:22 . 2009-11-05 00:38 -------- dcsh--r- c:\windows\system32\dllcache 2009-10-21 23:19 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-21 23:16 . 2009-10-22 23:09 -------- dc-h--w- c:\windows\ie8 2009-10-21 23:02 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 21:47 . 2009-10-25 18:02 34008 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-21 21:44 . 2009-10-21 21:44 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Motive 2009-10-21 21:40 . 2009-10-21 21:40 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Mozilla 2009-10-21 21:36 . 2009-10-21 21:36 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Malwarebytes 2009-10-21 21:18 . 2005-06-06 15:29 110592 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3\temp\cleanup.exe 2009-10-21 21:15 . 2006-12-07 14:45 3096576 ---ha-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3\temp\Launchpad Removal.exe 2009-10-21 21:14 . 2009-10-31 05:34 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3 2009-10-21 21:03 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 01:30 . 2005-03-30 02:52 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-05 00:53 . 2004-10-20 13:39 -------- d-----w- c:\program files\Java 2009-11-03 00:30 . 2009-10-21 21:02 144 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\fusioncache.dat 2009-10-25 19:03 . 2009-02-07 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-10-24 19:01 . 2009-10-22 01:49 -------- d-----w- c:\program files\Quicken 2009-10-23 00:32 . 2004-10-20 13:12 82435 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-23 00:30 . 2009-10-23 00:30 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll 2009-10-22 01:58 . 2009-10-22 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-10-22 01:58 . 2009-10-22 01:58 205824 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll 2009-10-22 01:58 . 2009-10-22 01:58 172032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL81.DLL 2009-10-22 01:58 . 2009-10-22 01:58 143360 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE 2009-10-22 01:58 . 2009-10-22 01:58 1368064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL108.DLL 2009-10-22 01:58 . 2009-10-22 01:58 1146880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\Patchdll1310.dll 2009-10-22 01:58 . 2009-10-22 01:58 905216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL2745.DLL 2009-10-22 01:58 . 2009-10-22 01:58 401408 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL2627.DLL 2009-10-22 01:58 . 2009-10-22 01:58 1089 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd 2009-10-22 01:58 . 2009-10-22 01:58 1077248 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL4513.DLL 2009-10-22 01:51 . 2004-10-20 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Palo Alto Software 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Intuit 2009-10-22 00:21 . 2009-08-29 01:06 -------- d-----w- c:\program files\IObit 2009-10-21 23:56 . 2004-10-20 14:40 -------- d-----w- c:\program files\Microsoft Works 2009-10-21 21:19 . 2004-10-21 10:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-21 21:18 . 2004-10-21 10:13 -------- d-----w- c:\program files\Symantec 2009-10-21 21:10 . 2004-10-21 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-21 21:09 . 2004-10-21 06:10 -------- d-----w- c:\program files\Easy Internet signup 2009-10-21 21:03 . 2009-10-21 21:03 1850 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-15 20:54 . 2009-10-15 20:54 32768 ----a-w- c:\windows\~DF7394.tmp 2009-10-15 01:31 . 2009-07-31 19:20 -------- d-----w- c:\program files\7-Zip 2009-10-15 01:31 . 2009-01-25 01:32 -------- d-----w- c:\program files\DNA 2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 12:17 . 2009-08-28 12:55 -------- d-----w- c:\program files\DivX 2009-09-11 14:18 . 2004-12-03 08:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-12-03 08:55 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 15:24 . 2009-08-07 15:24 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-29 08:08 . 2004-12-03 08:57 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-12-03 08:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2005-04-30 23:55 . 2005-04-30 20:55 0 -csha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( SnapShot@2009-11-01_13.56.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-08 02:25 . 2009-11-08 02:25 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat + 2009-11-07 18:45 . 2009-11-07 18:48 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2004-10-20 13:15 . 2009-11-07 22:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-10-31 01:31 . 2009-10-31 01:31 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-10-31 01:31 . 2009-11-07 22:55 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-11-07 06:00 . 2009-11-07 22:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-10-25 18:02 . 2009-10-25 18:02 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll + 2009-11-05 00:13 . 2009-11-05 00:13 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll + 2009-11-05 00:13 . 2009-11-05 00:13 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll - 2009-10-25 18:02 . 2009-10-25 18:02 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll + 2006-12-02 03:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-02 03:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 03:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2009-11-05 00:53 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe - 2009-10-22 23:31 . 2009-10-22 23:30 149280 c:\windows\system32\javaws.exe + 2009-11-05 00:53 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe - 2009-10-22 23:31 . 2009-10-22 23:30 145184 c:\windows\system32\javaw.exe + 2009-11-05 00:53 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe - 2009-10-22 23:31 . 2009-10-22 23:30 145184 c:\windows\system32\java.exe + 2009-11-05 00:38 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-05 00:38 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe - 2009-10-25 18:02 . 2009-10-25 18:02 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll + 2009-11-05 00:13 . 2009-11-05 00:13 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll + 2004-12-03 08:55 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll + 2004-12-03 08:55 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-11-07 01:31 . 2009-11-07 01:31 3940352 c:\windows\Installer\becec.msi + 2009-11-05 00:38 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-05 286720] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-09-24 49152] "LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 7:13 PM 210216] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/1/2009 2:43 PM 19160] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-07 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21112206270.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2005-05-20 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21113907269.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2006-09-06 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21124964629.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2009-11-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Compaq_Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-01 19:53] 2009-11-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-01 19:53] 2009-11-05 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22] 2009-11-05 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 21:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2464) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2009-11-08 21:54 ComboFix-quarantined-files.txt 2009-11-08 02:54 ComboFix2.txt 2009-11-07 01:11 ComboFix3.txt 2009-11-04 23:25 Pre-Run: 17,917,788,160 bytes free Post-Run: 17,978,937,344 bytes free - - End Of File - - D3431B995AC7817A2A538F89B689451D DDS (Ver_09-09-29.01) - NTFSx86 Run by Compaq_Owner at 21:55:33.39 on Sat 11/07/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.406 [GMT -5:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\Documents and Settings\Compaq_Owner.MATTHEWS\Desktop\Help stuff\dds(2).com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [VTTimer] VTTimer.exe mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [LTMSG] LTMSG.exe 7 mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256172355828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-4 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-4 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-4 144704] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-4 35272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-1 19160] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-4 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-4 40552] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-4 606736] =============== Created Last 30 ================ 2009-11-06 19:50 <DIR> --d----- C:\mbmatthews 2009-11-04 20:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-11-04 19:33 6,545 a------- c:\windows\system32\Config.MPF 2009-11-04 19:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-11-04 19:08 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-11-04 19:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-11-04 19:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-11-04 19:07 <DIR> --d----- c:\program files\common files\McAfee 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee.com 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee 2009-11-04 19:06 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-11-01 14:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 14:43 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-01 08:33 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\IObit 2009-10-31 12:20 267,264 a------- c:\windows\PEV.exe 2009-10-31 12:20 161,792 a------- c:\windows\SWREG.exe 2009-10-31 12:20 98,816 a------- c:\windows\sed.exe 2009-10-31 12:20 77,312 a------- c:\windows\MBR.exe 2009-10-30 20:19 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Printer Info Cache 2009-10-30 19:55 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\PrivacIE 2009-10-25 14:31 <DIR> --d----- c:\program files\SiteAdvisor 2009-10-25 14:18 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-25 14:14 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\McAfee 2009-10-25 12:04 61,224 a------- c:\documents and settings\compaq_owner.matthews\GoToAssistDownloadHelper.exe 2009-10-24 13:58 274,432 a------- c:\windows\system32\LxrSG20.dll 2009-10-24 13:58 163,840 a------- c:\windows\system32\LxrConfig.exe 2009-10-24 13:58 69,920 a------- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 13:58 61,440 a------- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 13:58 49,152 a------- c:\windows\system32\LxrSG20s.exe 2009-10-24 13:58 575 a------- c:\windows\system32\LxrCleanup.bat 2009-10-24 08:06 561,152 a----r-- c:\windows\system32\hpotscl.dll 2009-10-24 08:06 94,208 a----r-- c:\windows\system32\hpovst08.dll 2009-10-24 08:06 274,432 a----r-- c:\windows\system32\hpgwiamd.dll 2009-10-23 21:42 94,208 a----r-- c:\windows\system32\HPZipt12.dll 2009-10-23 21:42 57,344 a----r-- c:\windows\system32\HPZisn12.dll 2009-10-23 21:42 237,624 a----r-- c:\windows\system32\HPZidr12.dll 2009-10-23 21:42 172,032 a----r-- c:\windows\system32\HPZipr12.dll 2009-10-23 21:42 65,536 a----r-- c:\windows\system32\HPZipm12.exe 2009-10-23 21:42 61,440 a----r-- c:\windows\system32\HPZinw12.exe 2009-10-23 21:42 16,080 a----r-- c:\windows\system32\drivers\HPZipr12.sys 2009-10-23 21:42 50,960 a----r-- c:\windows\system32\drivers\hpzid412.sys 2009-10-23 21:41 237,568 a----r-- c:\windows\system32\HPZc3212.dll 2009-10-23 21:41 22,384 a----r-- c:\windows\system32\drivers\HPZius12.sys 2009-10-23 21:40 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys 2009-10-23 21:40 25,856 a------- c:\windows\system32\drivers\usbprint.sys 2009-10-23 21:40 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-10-23 21:40 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-10-23 21:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys 2009-10-23 21:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 13:09 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll 2009-10-23 13:09 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll 2009-10-23 13:09 155,648 -c------ c:\windows\system32\dllcache\wscript.exe 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx 2009-10-23 13:09 90,112 -c------ c:\windows\system32\dllcache\wshext.dll 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\cscript.exe 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\scripting 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\en 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\bits 2009-10-22 18:31 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-22 18:31 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-22 18:25 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\IETldCache 2009-10-22 18:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-10-22 18:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 18:11 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-10-22 18:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 18:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 18:11 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-10-22 18:09 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-10-21 22:33 276,992 -------- c:\windows\system32\wmphoto.dll 2009-10-21 22:31 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-21 22:30 81,920 -------- c:\windows\system32\ieencode.dll 2009-10-21 21:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-10-21 21:53 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-10-21 21:52 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-21 21:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-10-21 21:49 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-10-21 21:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-10-21 21:48 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-21 21:46 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-21 21:46 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-21 21:44 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2009-10-21 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-10-21 20:51 233 a------- c:\windows\Quicken.ini 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Palo Alto Software 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Intuit 2009-10-21 20:49 <DIR> --d----- c:\program files\Quicken 2009-10-21 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit 2009-10-21 20:49 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Intuit 2009-10-21 19:58 <DIR> --d----- c:\windows\system32\PreInstall 2009-10-21 19:34 21,728 a------- c:\windows\system32\wucltui.dll.mui 2009-10-21 19:34 17,632 a------- c:\windows\system32\wuaueng.dll.mui 2009-10-21 19:34 15,072 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-10-21 19:34 15,064 a------- c:\windows\system32\wuapi.dll.mui 2009-10-21 19:34 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-10-21 19:28 <DIR> --ds---- c:\documents and settings\compaq_owner.matthews\UserData 2009-10-21 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-21 18:51 4,992 a------- c:\windows\system32\drivers\mspqm.sys 2009-10-21 18:51 5,376 a------- c:\windows\system32\drivers\mspclock.sys 2009-10-21 18:51 7,552 a------- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 18:51 61,696 a------- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 18:51 6,400 a------- c:\windows\system32\drivers\enum1394.sys 2009-10-21 18:51 53,376 a------- c:\windows\system32\drivers\1394bus.sys 2009-10-21 18:23 1,249,721 a------- c:\windows\setupapi.log.3.old 2009-10-21 18:22 <DIR> -cdshr-- c:\windows\system32\dllcache 2009-10-21 18:19 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-10-21 18:16 <DIR> -cd-h--- c:\windows\ie8 2009-10-21 18:02 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 16:36 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Malwarebytes 2009-10-21 16:14 <DIR> a-dshr-- C:\cmdcons 2009-10-21 16:03 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-21 16:03 1,850 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-21 16:02 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Symantec 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\compaq_owner.matthews\WINDOWS 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\Compaq_Owner.MATTHEWS 2009-10-15 19:20 <DIR> --d----- c:\program files\Trend Micro 2009-10-15 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 15:54 32,768 a------- c:\windows\~DF7394.tmp 2009-10-14 20:31 <DIR> --d----- c:\program files\Angle Interactive 2009-10-14 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-14 17:16 <DIR> --d----- C:\ProgramData 2009-10-14 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-10-14 17:06 <DIR> --d----- c:\program files\XoftSpySE6 ==================== Find3M ==================== 2009-10-22 19:32 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-10-22 19:30 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchealthplugin.dll 2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 03:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2005-04-30 18:55 0 ac-sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 21:55:55.45 =============== Attach.zip
  3. mbmatthews
    Good evening, and thanks for the quick reply: Here are the logs you requested. ComboFix 09-11-07.02 - Compaq_Owner 11/07/2009 21:44.6.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.451 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner.MATTHEWS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner.MATTHEWS\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-07 01:22 . 2009-11-07 01:22 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-11-07 01:21 . 2009-11-07 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-11-07 00:50 . 2009-11-07 00:51 -------- d-----w- C:\mbmatthews 2009-11-05 01:28 . 2009-11-08 02:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-05 00:50 . 2009-11-05 00:50 152576 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-05 00:08 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-11-05 00:08 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-11-05 00:08 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-11-05 00:08 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-11-05 00:07 . 2009-11-05 00:08 -------- d-----w- c:\program files\Common Files\McAfee 2009-11-05 00:07 . 2009-11-05 00:08 -------- d-----w- c:\program files\McAfee.com 2009-11-05 00:07 . 2009-11-05 00:14 -------- d-----w- c:\program files\McAfee 2009-11-05 00:06 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-11-01 19:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 19:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-01 13:33 . 2009-11-01 13:33 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\IObit 2009-11-01 13:33 . 2009-10-19 18:30 624464 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\IObit\Common\TB_Helper.exe 2009-10-31 14:17 . 2009-11-06 23:54 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\AdobeUM 2009-10-31 01:31 . 2009-10-31 01:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-31 01:19 . 2009-10-31 01:19 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Printer Info Cache 2009-10-31 00:55 . 2009-10-31 00:55 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\PrivacIE 2009-10-31 00:40 . 2009-11-08 00:18 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Adobe 2009-10-27 12:03 . 2009-10-27 12:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-10-26 04:14 . 2009-10-26 04:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Identities 2009-10-26 01:08 . 2009-10-26 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-10-25 19:31 . 2009-10-25 19:31 -------- d-----w- c:\program files\SiteAdvisor 2009-10-25 19:18 . 2009-10-25 19:18 -------- d-----w- c:\windows\system32\LogFiles 2009-10-25 19:15 . 2009-09-30 16:11 288096 ----a-r- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-10-25 19:14 . 2009-10-25 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\McAfee 2009-10-25 17:33 . 2009-11-05 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-25 17:04 . 2009-10-25 17:04 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Citrix 2009-10-25 17:04 . 2009-10-25 17:04 61224 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\GoToAssistDownloadHelper.exe 2009-10-24 18:58 . 2009-10-24 18:58 69920 ----a-w- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 18:58 . 2009-10-24 18:58 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 18:58 . 2009-10-24 18:58 575 ----a-w- c:\windows\system32\LxrCleanup.bat 2009-10-24 18:58 . 2009-10-24 18:58 49152 ----a-w- c:\windows\system32\LxrSG20s.exe 2009-10-24 18:58 . 2009-10-24 18:58 274432 ----a-w- c:\windows\system32\LxrSG20.dll 2009-10-24 18:58 . 2009-10-24 18:58 163840 ----a-w- c:\windows\system32\LxrConfig.exe 2009-10-24 13:06 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\hpovst08.dll 2009-10-24 13:06 . 2002-11-27 11:30 561152 ----a-r- c:\windows\system32\hpotscl.dll 2009-10-24 13:06 . 2002-11-27 11:30 274432 ----a-r- c:\windows\system32\hpgwiamd.dll 2009-10-24 02:42 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\HPZipt12.dll 2009-10-24 02:42 . 2002-11-27 11:30 57344 ----a-r- c:\windows\system32\HPZisn12.dll 2009-10-24 02:42 . 2002-11-27 11:30 65536 ----a-r- c:\windows\system32\HPZipm12.exe 2009-10-24 02:42 . 2002-11-27 11:30 61440 ----a-r- c:\windows\system32\HPZinw12.exe 2009-10-24 02:42 . 2002-11-27 11:30 237624 ----a-r- c:\windows\system32\HPZidr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 172032 ----a-r- c:\windows\system32\HPZipr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-10-24 02:42 . 2002-11-27 11:30 50960 ----a-r- c:\windows\system32\drivers\hpzid412.sys 2009-10-24 02:41 . 2002-11-27 11:30 22384 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-10-24 02:41 . 2002-11-27 11:29 237568 ----a-r- c:\windows\system32\HPZc3212.dll 2009-10-24 02:40 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 18:09 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-10-23 18:09 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-10-23 18:09 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-10-23 18:09 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-10-23 18:09 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\scripting 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\en 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\bits 2009-10-22 23:31 . 2009-10-11 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-22 23:26 . 2009-10-22 23:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-10-22 23:25 . 2009-10-22 23:25 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\IETldCache 2009-10-22 23:11 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-22 23:11 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 23:11 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 23:11 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-10-22 23:11 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 23:11 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-10-22 23:09 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-22 22:42 . 2009-10-22 23:30 152576 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-22 03:33 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll 2009-10-22 03:31 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-22 03:30 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll 2009-10-22 03:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-10-22 03:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-10-22 03:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-10-22 03:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-22 03:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-10-22 03:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-10-22 03:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-10-22 03:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-10-22 03:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-22 03:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-10-22 03:02 . 2009-08-05 00:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-22 03:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-22 02:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-22 02:53 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-22 02:52 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-22 02:51 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-22 02:49 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-10-22 02:48 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-10-22 02:48 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-10-22 02:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-22 02:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-22 02:44 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys 2009-10-22 02:24 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-22 01:58 . 2009-10-22 01:58 3502080 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL14.DLL 2009-10-22 01:49 . 2009-10-22 01:49 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Intuit 2009-10-22 00:34 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-22 00:28 . 2009-10-22 00:28 -------- d-s---w- c:\documents and settings\Compaq_Owner.MATTHEWS\UserData 2009-10-22 00:21 . 2009-10-22 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-10-21 23:51 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-10-21 23:51 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-10-21 23:51 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 23:51 . 2008-04-13 18:46 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 23:51 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-10-21 23:51 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys 2009-10-21 23:22 . 2009-11-05 00:38 -------- dcsh--r- c:\windows\system32\dllcache 2009-10-21 23:19 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-21 23:16 . 2009-10-22 23:09 -------- dc-h--w- c:\windows\ie8 2009-10-21 23:02 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 21:47 . 2009-10-25 18:02 34008 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-21 21:44 . 2009-10-21 21:44 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Motive 2009-10-21 21:40 . 2009-10-21 21:40 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Mozilla 2009-10-21 21:36 . 2009-10-21 21:36 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Malwarebytes 2009-10-21 21:18 . 2005-06-06 15:29 110592 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3\temp\cleanup.exe 2009-10-21 21:15 . 2006-12-07 14:45 3096576 ---ha-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3\temp\Launchpad Removal.exe 2009-10-21 21:14 . 2009-10-31 05:34 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3 2009-10-21 21:03 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 01:30 . 2005-03-30 02:52 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-05 00:53 . 2004-10-20 13:39 -------- d-----w- c:\program files\Java 2009-11-03 00:30 . 2009-10-21 21:02 144 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\fusioncache.dat 2009-10-25 19:03 . 2009-02-07 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-10-24 19:01 . 2009-10-22 01:49 -------- d-----w- c:\program files\Quicken 2009-10-23 00:32 . 2004-10-20 13:12 82435 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-23 00:30 . 2009-10-23 00:30 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll 2009-10-22 01:58 . 2009-10-22 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-10-22 01:58 . 2009-10-22 01:58 205824 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll 2009-10-22 01:58 . 2009-10-22 01:58 172032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL81.DLL 2009-10-22 01:58 . 2009-10-22 01:58 143360 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE 2009-10-22 01:58 . 2009-10-22 01:58 1368064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL108.DLL 2009-10-22 01:58 . 2009-10-22 01:58 1146880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\Patchdll1310.dll 2009-10-22 01:58 . 2009-10-22 01:58 905216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL2745.DLL 2009-10-22 01:58 . 2009-10-22 01:58 401408 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL2627.DLL 2009-10-22 01:58 . 2009-10-22 01:58 1089 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd 2009-10-22 01:58 . 2009-10-22 01:58 1077248 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL4513.DLL 2009-10-22 01:51 . 2004-10-20 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Palo Alto Software 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Intuit 2009-10-22 00:21 . 2009-08-29 01:06 -------- d-----w- c:\program files\IObit 2009-10-21 23:56 . 2004-10-20 14:40 -------- d-----w- c:\program files\Microsoft Works 2009-10-21 21:19 . 2004-10-21 10:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-21 21:18 . 2004-10-21 10:13 -------- d-----w- c:\program files\Symantec 2009-10-21 21:10 . 2004-10-21 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-21 21:09 . 2004-10-21 06:10 -------- d-----w- c:\program files\Easy Internet signup 2009-10-21 21:03 . 2009-10-21 21:03 1850 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-15 20:54 . 2009-10-15 20:54 32768 ----a-w- c:\windows\~DF7394.tmp 2009-10-15 01:31 . 2009-07-31 19:20 -------- d-----w- c:\program files\7-Zip 2009-10-15 01:31 . 2009-01-25 01:32 -------- d-----w- c:\program files\DNA 2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 12:17 . 2009-08-28 12:55 -------- d-----w- c:\program files\DivX 2009-09-11 14:18 . 2004-12-03 08:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-12-03 08:55 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 15:24 . 2009-08-07 15:24 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-29 08:08 . 2004-12-03 08:57 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-12-03 08:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2005-04-30 23:55 . 2005-04-30 20:55 0 -csha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( SnapShot@2009-11-01_13.56.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-08 02:25 . 2009-11-08 02:25 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat + 2009-11-07 18:45 . 2009-11-07 18:48 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2004-10-20 13:15 . 2009-11-07 22:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-10-31 01:31 . 2009-10-31 01:31 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-10-31 01:31 . 2009-11-07 22:55 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-11-07 06:00 . 2009-11-07 22:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-10-25 18:02 . 2009-10-25 18:02 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll + 2009-11-05 00:13 . 2009-11-05 00:13 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll + 2009-11-05 00:13 . 2009-11-05 00:13 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll - 2009-10-25 18:02 . 2009-10-25 18:02 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll + 2006-12-02 03:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-02 03:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 03:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2009-11-05 00:53 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe - 2009-10-22 23:31 . 2009-10-22 23:30 149280 c:\windows\system32\javaws.exe + 2009-11-05 00:53 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe - 2009-10-22 23:31 . 2009-10-22 23:30 145184 c:\windows\system32\javaw.exe + 2009-11-05 00:53 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe - 2009-10-22 23:31 . 2009-10-22 23:30 145184 c:\windows\system32\java.exe + 2009-11-05 00:38 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-05 00:38 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe - 2009-10-25 18:02 . 2009-10-25 18:02 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll + 2009-11-05 00:13 . 2009-11-05 00:13 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll + 2004-12-03 08:55 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll + 2004-12-03 08:55 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-11-07 01:31 . 2009-11-07 01:31 3940352 c:\windows\Installer\becec.msi + 2009-11-05 00:38 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-05 286720] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-09-24 49152] "LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 7:13 PM 210216] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/1/2009 2:43 PM 19160] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-07 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21112206270.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2005-05-20 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21113907269.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2006-09-06 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21124964629.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2009-11-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Compaq_Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-01 19:53] 2009-11-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-01 19:53] 2009-11-05 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22] 2009-11-05 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 21:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2464) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2009-11-08 21:54 ComboFix-quarantined-files.txt 2009-11-08 02:54 ComboFix2.txt 2009-11-07 01:11 ComboFix3.txt 2009-11-04 23:25 Pre-Run: 17,917,788,160 bytes free Post-Run: 17,978,937,344 bytes free - - End Of File - - D3431B995AC7817A2A538F89B689451D DDS (Ver_09-09-29.01) - NTFSx86 Run by Compaq_Owner at 21:55:33.39 on Sat 11/07/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.406 [GMT -5:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\Documents and Settings\Compaq_Owner.MATTHEWS\Desktop\Help stuff\dds(2).com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [VTTimer] VTTimer.exe mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [LTMSG] LTMSG.exe 7 mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256172355828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-4 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-4 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-4 144704] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-4 35272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-1 19160] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-4 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-4 40552] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-4 606736] =============== Created Last 30 ================ 2009-11-06 19:50 <DIR> --d----- C:\mbmatthews 2009-11-04 20:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-11-04 19:33 6,545 a------- c:\windows\system32\Config.MPF 2009-11-04 19:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-11-04 19:08 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-11-04 19:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-11-04 19:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-11-04 19:07 <DIR> --d----- c:\program files\common files\McAfee 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee.com 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee 2009-11-04 19:06 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-11-01 14:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 14:43 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-01 08:33 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\IObit 2009-10-31 12:20 267,264 a------- c:\windows\PEV.exe 2009-10-31 12:20 161,792 a------- c:\windows\SWREG.exe 2009-10-31 12:20 98,816 a------- c:\windows\sed.exe 2009-10-31 12:20 77,312 a------- c:\windows\MBR.exe 2009-10-30 20:19 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Printer Info Cache 2009-10-30 19:55 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\PrivacIE 2009-10-25 14:31 <DIR> --d----- c:\program files\SiteAdvisor 2009-10-25 14:18 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-25 14:14 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\McAfee 2009-10-25 12:04 61,224 a------- c:\documents and settings\compaq_owner.matthews\GoToAssistDownloadHelper.exe 2009-10-24 13:58 274,432 a------- c:\windows\system32\LxrSG20.dll 2009-10-24 13:58 163,840 a------- c:\windows\system32\LxrConfig.exe 2009-10-24 13:58 69,920 a------- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 13:58 61,440 a------- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 13:58 49,152 a------- c:\windows\system32\LxrSG20s.exe 2009-10-24 13:58 575 a------- c:\windows\system32\LxrCleanup.bat 2009-10-24 08:06 561,152 a----r-- c:\windows\system32\hpotscl.dll 2009-10-24 08:06 94,208 a----r-- c:\windows\system32\hpovst08.dll 2009-10-24 08:06 274,432 a----r-- c:\windows\system32\hpgwiamd.dll 2009-10-23 21:42 94,208 a----r-- c:\windows\system32\HPZipt12.dll 2009-10-23 21:42 57,344 a----r-- c:\windows\system32\HPZisn12.dll 2009-10-23 21:42 237,624 a----r-- c:\windows\system32\HPZidr12.dll 2009-10-23 21:42 172,032 a----r-- c:\windows\system32\HPZipr12.dll 2009-10-23 21:42 65,536 a----r-- c:\windows\system32\HPZipm12.exe 2009-10-23 21:42 61,440 a----r-- c:\windows\system32\HPZinw12.exe 2009-10-23 21:42 16,080 a----r-- c:\windows\system32\drivers\HPZipr12.sys 2009-10-23 21:42 50,960 a----r-- c:\windows\system32\drivers\hpzid412.sys 2009-10-23 21:41 237,568 a----r-- c:\windows\system32\HPZc3212.dll 2009-10-23 21:41 22,384 a----r-- c:\windows\system32\drivers\HPZius12.sys 2009-10-23 21:40 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys 2009-10-23 21:40 25,856 a------- c:\windows\system32\drivers\usbprint.sys 2009-10-23 21:40 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-10-23 21:40 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-10-23 21:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys 2009-10-23 21:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 13:09 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll 2009-10-23 13:09 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll 2009-10-23 13:09 155,648 -c------ c:\windows\system32\dllcache\wscript.exe 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx 2009-10-23 13:09 90,112 -c------ c:\windows\system32\dllcache\wshext.dll 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\cscript.exe 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\scripting 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\en 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\bits 2009-10-22 18:31 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-22 18:31 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-22 18:25 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\IETldCache 2009-10-22 18:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-10-22 18:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 18:11 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-10-22 18:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 18:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 18:11 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-10-22 18:09 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-10-21 22:33 276,992 -------- c:\windows\system32\wmphoto.dll 2009-10-21 22:31 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-21 22:30 81,920 -------- c:\windows\system32\ieencode.dll 2009-10-21 21:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-10-21 21:53 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-10-21 21:52 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-21 21:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-10-21 21:49 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-10-21 21:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-10-21 21:48 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-21 21:46 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-21 21:46 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-21 21:44 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2009-10-21 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-10-21 20:51 233 a------- c:\windows\Quicken.ini 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Palo Alto Software 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Intuit 2009-10-21 20:49 <DIR> --d----- c:\program files\Quicken 2009-10-21 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit 2009-10-21 20:49 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Intuit 2009-10-21 19:58 <DIR> --d----- c:\windows\system32\PreInstall 2009-10-21 19:34 21,728 a------- c:\windows\system32\wucltui.dll.mui 2009-10-21 19:34 17,632 a------- c:\windows\system32\wuaueng.dll.mui 2009-10-21 19:34 15,072 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-10-21 19:34 15,064 a------- c:\windows\system32\wuapi.dll.mui 2009-10-21 19:34 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-10-21 19:28 <DIR> --ds---- c:\documents and settings\compaq_owner.matthews\UserData 2009-10-21 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-21 18:51 4,992 a------- c:\windows\system32\drivers\mspqm.sys 2009-10-21 18:51 5,376 a------- c:\windows\system32\drivers\mspclock.sys 2009-10-21 18:51 7,552 a------- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 18:51 61,696 a------- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 18:51 6,400 a------- c:\windows\system32\drivers\enum1394.sys 2009-10-21 18:51 53,376 a------- c:\windows\system32\drivers\1394bus.sys 2009-10-21 18:23 1,249,721 a------- c:\windows\setupapi.log.3.old 2009-10-21 18:22 <DIR> -cdshr-- c:\windows\system32\dllcache 2009-10-21 18:19 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-10-21 18:16 <DIR> -cd-h--- c:\windows\ie8 2009-10-21 18:02 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 16:36 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Malwarebytes 2009-10-21 16:14 <DIR> a-dshr-- C:\cmdcons 2009-10-21 16:03 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-21 16:03 1,850 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-21 16:02 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Symantec 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\compaq_owner.matthews\WINDOWS 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\Compaq_Owner.MATTHEWS 2009-10-15 19:20 <DIR> --d----- c:\program files\Trend Micro 2009-10-15 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 15:54 32,768 a------- c:\windows\~DF7394.tmp 2009-10-14 20:31 <DIR> --d----- c:\program files\Angle Interactive 2009-10-14 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-14 17:16 <DIR> --d----- C:\ProgramData 2009-10-14 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-10-14 17:06 <DIR> --d----- c:\program files\XoftSpySE6 ==================== Find3M ==================== 2009-10-22 19:32 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-10-22 19:30 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchealthplugin.dll 2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 03:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2005-04-30 18:55 0 ac-sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 21:55:55.45 ===============
  4. mbmatthews
    Good afternoon: Here are all the logs you requested. Please let me know what to do next. Kapersky did not find anything (I hope that's good?). I did update Adobbe and run the programs your requested. The system is running fine, no popups or anything. ComboFix 09-11-05.05 - Compaq_Owner 11/06/2009 19:56.5.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.429 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner.MATTHEWS\Desktop\mbmatthews.exe Command switches used :: c:\documents and settings\Compaq_Owner.MATTHEWS\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 ))))))))))))))))))))))))))))))) . 2009-11-07 00:50 . 2009-11-07 00:51 -------- d-----w- C:\mbmatthews 2009-11-05 01:28 . 2009-11-05 01:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-05 00:50 . 2009-11-05 00:50 152576 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-05 00:08 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-11-05 00:08 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-11-05 00:08 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-11-05 00:08 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-11-05 00:07 . 2009-11-05 00:08 -------- d-----w- c:\program files\Common Files\McAfee 2009-11-05 00:07 . 2009-11-05 00:08 -------- d-----w- c:\program files\McAfee.com 2009-11-05 00:07 . 2009-11-05 00:14 -------- d-----w- c:\program files\McAfee 2009-11-05 00:06 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-11-01 19:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 19:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-01 13:33 . 2009-11-01 13:33 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\IObit 2009-11-01 13:33 . 2009-10-19 18:30 624464 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\IObit\Common\TB_Helper.exe 2009-10-31 14:17 . 2009-11-06 23:54 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\AdobeUM 2009-10-31 01:31 . 2009-10-31 01:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-31 01:19 . 2009-10-31 01:19 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Printer Info Cache 2009-10-31 00:55 . 2009-10-31 00:55 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\PrivacIE 2009-10-31 00:40 . 2009-10-31 00:40 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Adobe 2009-10-27 12:03 . 2009-10-27 12:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-10-26 04:14 . 2009-10-26 04:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Identities 2009-10-26 01:08 . 2009-10-26 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-10-25 19:31 . 2009-10-25 19:31 -------- d-----w- c:\program files\SiteAdvisor 2009-10-25 19:18 . 2009-10-25 19:18 -------- d-----w- c:\windows\system32\LogFiles 2009-10-25 19:15 . 2009-09-30 16:11 288096 ----a-r- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-10-25 19:14 . 2009-10-25 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\McAfee 2009-10-25 17:33 . 2009-11-05 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-25 17:04 . 2009-10-25 17:04 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Citrix 2009-10-25 17:04 . 2009-10-25 17:04 61224 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\GoToAssistDownloadHelper.exe 2009-10-24 18:58 . 2009-10-24 18:58 69920 ----a-w- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 18:58 . 2009-10-24 18:58 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 18:58 . 2009-10-24 18:58 575 ----a-w- c:\windows\system32\LxrCleanup.bat 2009-10-24 18:58 . 2009-10-24 18:58 49152 ----a-w- c:\windows\system32\LxrSG20s.exe 2009-10-24 18:58 . 2009-10-24 18:58 274432 ----a-w- c:\windows\system32\LxrSG20.dll 2009-10-24 18:58 . 2009-10-24 18:58 163840 ----a-w- c:\windows\system32\LxrConfig.exe 2009-10-24 13:06 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\hpovst08.dll 2009-10-24 13:06 . 2002-11-27 11:30 561152 ----a-r- c:\windows\system32\hpotscl.dll 2009-10-24 13:06 . 2002-11-27 11:30 274432 ----a-r- c:\windows\system32\hpgwiamd.dll 2009-10-24 02:42 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\HPZipt12.dll 2009-10-24 02:42 . 2002-11-27 11:30 57344 ----a-r- c:\windows\system32\HPZisn12.dll 2009-10-24 02:42 . 2002-11-27 11:30 65536 ----a-r- c:\windows\system32\HPZipm12.exe 2009-10-24 02:42 . 2002-11-27 11:30 61440 ----a-r- c:\windows\system32\HPZinw12.exe 2009-10-24 02:42 . 2002-11-27 11:30 237624 ----a-r- c:\windows\system32\HPZidr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 172032 ----a-r- c:\windows\system32\HPZipr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-10-24 02:42 . 2002-11-27 11:30 50960 ----a-r- c:\windows\system32\drivers\hpzid412.sys 2009-10-24 02:41 . 2002-11-27 11:30 22384 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-10-24 02:41 . 2002-11-27 11:29 237568 ----a-r- c:\windows\system32\HPZc3212.dll 2009-10-24 02:40 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 18:09 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-10-23 18:09 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-10-23 18:09 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-10-23 18:09 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-10-23 18:09 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\scripting 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\en 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\bits 2009-10-22 23:31 . 2009-10-11 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-22 23:26 . 2009-10-22 23:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-10-22 23:25 . 2009-10-22 23:25 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\IETldCache 2009-10-22 23:11 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-22 23:11 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 23:11 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 23:11 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-10-22 23:11 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 23:11 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-10-22 23:09 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-22 22:42 . 2009-10-22 23:30 152576 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-22 03:33 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll 2009-10-22 03:31 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-22 03:30 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll 2009-10-22 03:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-10-22 03:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-10-22 03:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-10-22 03:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-22 03:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-10-22 03:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-10-22 03:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-10-22 03:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-10-22 03:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-22 03:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-10-22 03:02 . 2009-08-05 00:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-22 03:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-22 02:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-22 02:53 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-22 02:52 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-22 02:51 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-22 02:49 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-10-22 02:48 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-10-22 02:48 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-10-22 02:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-22 02:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-22 02:44 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys 2009-10-22 02:24 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-22 01:58 . 2009-10-22 01:58 3502080 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL14.DLL 2009-10-22 01:49 . 2009-10-22 01:49 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Intuit 2009-10-22 00:34 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-22 00:28 . 2009-10-22 00:28 -------- d-s---w- c:\documents and settings\Compaq_Owner.MATTHEWS\UserData 2009-10-22 00:21 . 2009-10-22 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-10-21 23:51 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-10-21 23:51 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-10-21 23:51 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 23:51 . 2008-04-13 18:46 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 23:51 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-10-21 23:51 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys 2009-10-21 23:22 . 2009-11-05 00:38 -------- dcsh--r- c:\windows\system32\dllcache 2009-10-21 23:19 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-21 23:16 . 2009-10-22 23:09 -------- dc-h--w- c:\windows\ie8 2009-10-21 23:02 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 21:47 . 2009-10-25 18:02 34008 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-21 21:44 . 2009-10-21 21:44 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Motive 2009-10-21 21:40 . 2009-10-21 21:40 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Mozilla 2009-10-21 21:36 . 2009-10-21 21:36 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Malwarebytes 2009-10-21 21:18 . 2005-06-06 15:29 110592 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3\temp\cleanup.exe 2009-10-21 21:15 . 2006-12-07 14:45 3096576 ---ha-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3\temp\Launchpad Removal.exe 2009-10-21 21:14 . 2009-10-31 05:34 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3 2009-10-21 21:03 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-10-21 21:00 . 2004-10-21 10:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-10-21 21:00 . 2004-10-21 06:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Sonic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-05 00:53 . 2004-10-20 13:39 -------- d-----w- c:\program files\Java 2009-11-03 00:30 . 2009-10-21 21:02 144 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\fusioncache.dat 2009-10-25 19:03 . 2009-02-07 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-10-24 19:01 . 2009-10-22 01:49 -------- d-----w- c:\program files\Quicken 2009-10-23 00:32 . 2004-10-20 13:12 82435 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-23 00:30 . 2009-10-23 00:30 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchealthplugin.dll 2009-10-22 01:58 . 2009-10-22 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-10-22 01:58 . 2009-10-22 01:58 205824 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll 2009-10-22 01:58 . 2009-10-22 01:58 172032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL81.DLL 2009-10-22 01:58 . 2009-10-22 01:58 143360 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE 2009-10-22 01:58 . 2009-10-22 01:58 1368064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL108.DLL 2009-10-22 01:58 . 2009-10-22 01:58 1146880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\Patchdll1310.dll 2009-10-22 01:58 . 2009-10-22 01:58 905216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL2745.DLL 2009-10-22 01:58 . 2009-10-22 01:58 401408 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL2627.DLL 2009-10-22 01:58 . 2009-10-22 01:58 1089 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd 2009-10-22 01:58 . 2009-10-22 01:58 1077248 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\PATCHDLL4513.DLL 2009-10-22 01:51 . 2004-10-20 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Palo Alto Software 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Intuit 2009-10-22 00:21 . 2009-08-29 01:06 -------- d-----w- c:\program files\IObit 2009-10-21 23:56 . 2004-10-20 14:40 -------- d-----w- c:\program files\Microsoft Works 2009-10-21 21:19 . 2004-10-21 10:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-21 21:18 . 2004-10-21 10:13 -------- d-----w- c:\program files\Symantec 2009-10-21 21:10 . 2004-10-21 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-21 21:09 . 2004-10-21 06:10 -------- d-----w- c:\program files\Easy Internet signup 2009-10-21 21:03 . 2009-10-21 21:03 1850 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-15 20:54 . 2009-10-15 20:54 32768 ----a-w- c:\windows\~DF7394.tmp 2009-10-15 01:31 . 2009-07-31 19:20 -------- d-----w- c:\program files\7-Zip 2009-10-15 01:31 . 2009-01-25 01:32 -------- d-----w- c:\program files\DNA 2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 12:17 . 2009-08-28 12:55 -------- d-----w- c:\program files\DivX 2009-09-11 14:18 . 2004-12-03 08:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-12-03 08:55 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 15:24 . 2009-08-07 15:24 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-29 08:08 . 2004-12-03 08:57 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-12-03 08:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2005-04-30 23:55 . 2005-04-30 20:55 0 -csha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( SnapShot@2009-11-01_13.56.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-07 00:45 . 2009-11-07 00:45 16384 c:\windows\temp\Perflib_Perfdata_1f4.dat - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2004-10-20 13:15 . 2009-11-07 01:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-10-31 01:31 . 2009-10-31 01:31 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat + 2009-10-31 01:31 . 2009-11-07 01:04 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-11-05 05:10 . 2009-11-07 01:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-11-05 00:13 . 2009-11-05 00:13 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll - 2009-10-25 18:02 . 2009-10-25 18:02 20480 c:\windows\assembly\GAC\ArbusApplicationController\1.0.3093.38280__da57d5d39b1d6dd8\ArbusApplicationController.dll - 2009-10-25 18:02 . 2009-10-25 18:02 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll + 2009-11-05 00:13 . 2009-11-05 00:13 20480 c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.4.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll + 2009-11-05 00:53 . 2009-10-11 09:17 149280 c:\windows\system32\javaws.exe - 2009-10-22 23:31 . 2009-10-22 23:30 149280 c:\windows\system32\javaws.exe + 2009-11-05 00:53 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe - 2009-10-22 23:31 . 2009-10-22 23:30 145184 c:\windows\system32\javaw.exe + 2009-11-05 00:53 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe - 2009-10-22 23:31 . 2009-10-22 23:30 145184 c:\windows\system32\java.exe + 2009-11-05 00:38 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-05 00:38 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe - 2009-10-25 18:02 . 2009-10-25 18:02 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll + 2009-11-05 00:13 . 2009-11-05 00:13 126976 c:\windows\assembly\GAC\Arbus.Common\2.2.4.3__14cac4d33a885ed2\Arbus.Common.dll + 2004-12-03 08:55 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll + 2004-12-03 08:55 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-11-05 00:38 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-05 286720] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-09-24 49152] "LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 7:13 PM 210216] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/1/2009 2:43 PM 19160] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-06 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21112206270.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2005-05-20 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21113907269.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2006-09-06 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21124964629.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2009-11-05 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Compaq_Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-01 19:53] 2009-11-05 c:\windows\Tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-11-01 19:53] 2009-11-05 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22] 2009-11-05 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 20:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(844) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2009-11-07 20:11 ComboFix-quarantined-files.txt 2009-11-07 01:11 ComboFix2.txt 2009-11-04 23:25 Pre-Run: 17,936,052,224 bytes free Post-Run: 17,908,424,704 bytes free - - End Of File - - 78F3965F779F3B0473C5598496E13629 DDS (Ver_09-09-29.01) - NTFSx86 Run by Compaq_Owner at 17:47:47.75 on Thu 11/05/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.192 [GMT -5:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Compaq_Owner.MATTHEWS\Desktop\Help stuff\dds(2).com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [VTTimer] VTTimer.exe mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [LTMSG] LTMSG.exe 7 mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256172355828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll STS: kupuhivus: {a47e7012-2a5c-4ba9-ba58-1f2a05e3f023} - c:\windows\system32\vufeguja.dll STS: gahurihor: {5f1e9907-e480-49f3-b20f-8a8f806c7bd9} - c:\windows\system32\lasofesu.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-4 203280] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-4 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-4 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-4 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-4 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-4 40552] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-1 19160] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-4 34248] =============== Created Last 30 ================ 2009-11-04 20:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-11-04 19:33 4,681 a------- c:\windows\system32\Config.MPF 2009-11-04 19:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-11-04 19:08 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-11-04 19:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-11-04 19:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-11-04 19:07 <DIR> --d----- c:\program files\common files\McAfee 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee.com 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee 2009-11-04 19:06 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-11-01 14:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 14:43 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-01 08:33 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\IObit 2009-10-31 12:20 236,544 a------- c:\windows\PEV.exe 2009-10-31 12:20 161,792 a------- c:\windows\SWREG.exe 2009-10-31 12:20 98,816 a------- c:\windows\sed.exe 2009-10-31 12:20 77,312 a------- c:\windows\MBR.exe 2009-10-30 20:19 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Printer Info Cache 2009-10-30 19:55 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\PrivacIE 2009-10-25 14:31 <DIR> --d----- c:\program files\SiteAdvisor 2009-10-25 14:18 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-25 14:14 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\McAfee 2009-10-25 12:04 61,224 a------- c:\documents and settings\compaq_owner.matthews\GoToAssistDownloadHelper.exe 2009-10-24 13:58 274,432 a------- c:\windows\system32\LxrSG20.dll 2009-10-24 13:58 163,840 a------- c:\windows\system32\LxrConfig.exe 2009-10-24 13:58 69,920 a------- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 13:58 61,440 a------- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 13:58 49,152 a------- c:\windows\system32\LxrSG20s.exe 2009-10-24 13:58 575 a------- c:\windows\system32\LxrCleanup.bat 2009-10-24 08:06 561,152 a----r-- c:\windows\system32\hpotscl.dll 2009-10-24 08:06 94,208 a----r-- c:\windows\system32\hpovst08.dll 2009-10-24 08:06 274,432 a----r-- c:\windows\system32\hpgwiamd.dll 2009-10-23 21:42 94,208 a----r-- c:\windows\system32\HPZipt12.dll 2009-10-23 21:42 57,344 a----r-- c:\windows\system32\HPZisn12.dll 2009-10-23 21:42 237,624 a----r-- c:\windows\system32\HPZidr12.dll 2009-10-23 21:42 172,032 a----r-- c:\windows\system32\HPZipr12.dll 2009-10-23 21:42 65,536 a----r-- c:\windows\system32\HPZipm12.exe 2009-10-23 21:42 61,440 a----r-- c:\windows\system32\HPZinw12.exe 2009-10-23 21:42 16,080 a----r-- c:\windows\system32\drivers\HPZipr12.sys 2009-10-23 21:42 50,960 a----r-- c:\windows\system32\drivers\hpzid412.sys 2009-10-23 21:41 237,568 a----r-- c:\windows\system32\HPZc3212.dll 2009-10-23 21:41 22,384 a----r-- c:\windows\system32\drivers\HPZius12.sys 2009-10-23 21:40 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys 2009-10-23 21:40 25,856 a------- c:\windows\system32\drivers\usbprint.sys 2009-10-23 21:40 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-10-23 21:40 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-10-23 21:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys 2009-10-23 21:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 13:09 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll 2009-10-23 13:09 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll 2009-10-23 13:09 155,648 -c------ c:\windows\system32\dllcache\wscript.exe 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx 2009-10-23 13:09 90,112 -c------ c:\windows\system32\dllcache\wshext.dll 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\cscript.exe 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\scripting 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\en 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\bits 2009-10-22 18:31 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-22 18:31 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-22 18:25 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\IETldCache 2009-10-22 18:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-10-22 18:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 18:11 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-10-22 18:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 18:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 18:11 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-10-22 18:09 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-10-21 22:33 276,992 -------- c:\windows\system32\wmphoto.dll 2009-10-21 22:31 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-21 22:30 81,920 -------- c:\windows\system32\ieencode.dll 2009-10-21 21:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-10-21 21:53 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-10-21 21:52 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-21 21:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-10-21 21:49 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-10-21 21:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-10-21 21:48 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-21 21:46 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-21 21:46 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-21 21:44 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2009-10-21 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-10-21 20:51 233 a------- c:\windows\Quicken.ini 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Palo Alto Software 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Intuit 2009-10-21 20:49 <DIR> --d----- c:\program files\Quicken 2009-10-21 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit 2009-10-21 20:49 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Intuit 2009-10-21 19:58 <DIR> --d----- c:\windows\system32\PreInstall 2009-10-21 19:34 21,728 a------- c:\windows\system32\wucltui.dll.mui 2009-10-21 19:34 17,632 a------- c:\windows\system32\wuaueng.dll.mui 2009-10-21 19:34 15,072 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-10-21 19:34 15,064 a------- c:\windows\system32\wuapi.dll.mui 2009-10-21 19:34 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-10-21 19:28 <DIR> --ds---- c:\documents and settings\compaq_owner.matthews\UserData 2009-10-21 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-21 18:51 4,992 a------- c:\windows\system32\drivers\mspqm.sys 2009-10-21 18:51 5,376 a------- c:\windows\system32\drivers\mspclock.sys 2009-10-21 18:51 7,552 a------- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 18:51 61,696 a------- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 18:51 6,400 a------- c:\windows\system32\drivers\enum1394.sys 2009-10-21 18:51 53,376 a------- c:\windows\system32\drivers\1394bus.sys 2009-10-21 18:23 1,249,721 a------- c:\windows\setupapi.log.3.old 2009-10-21 18:22 <DIR> -cdshr-- c:\windows\system32\dllcache 2009-10-21 18:19 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-10-21 18:16 <DIR> -cd-h--- c:\windows\ie8 2009-10-21 18:02 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 16:36 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Malwarebytes 2009-10-21 16:14 <DIR> a-dshr-- C:\cmdcons 2009-10-21 16:03 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-21 16:03 1,850 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-21 16:02 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Symantec 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\compaq_owner.matthews\WINDOWS 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\Compaq_Owner.MATTHEWS 2009-10-15 19:20 <DIR> --d----- c:\program files\Trend Micro 2009-10-15 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 15:54 32,768 a------- c:\windows\~DF7394.tmp 2009-10-15 14:13 <DIR> --d----- c:\program files\ocdjbm 2009-10-14 20:31 <DIR> --d----- c:\program files\Angle Interactive 2009-10-14 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-14 17:16 <DIR> --d----- C:\ProgramData 2009-10-14 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-10-14 17:06 <DIR> --d----- c:\program files\XoftSpySE6 ==================== Find3M ==================== 2009-10-22 19:32 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-10-22 19:30 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchealthplugin.dll 2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 03:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2005-04-30 18:55 0 ac-sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 17:49:53.04 =============== -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, November 7, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, November 07, 2009 13:30:30 Records in database: 3170369 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Objects scanned: 77270 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 03:17:06 No threats found. Scanned area is clean. Selected area has been scanned. Attach.zip
  5. mbmatthews
    Good Afternoon (got off work a little early): Here are the files requested. Let me know what to do next, and thanks. DDS (Ver_09-09-29.01) - NTFSx86 Run by Compaq_Owner at 17:47:47.75 on Thu 11/05/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.192 [GMT -5:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Compaq_Owner.MATTHEWS\Desktop\Help stuff\dds(2).com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [VTTimer] VTTimer.exe mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [LTMSG] LTMSG.exe 7 mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256172355828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll STS: kupuhivus: {a47e7012-2a5c-4ba9-ba58-1f2a05e3f023} - c:\windows\system32\vufeguja.dll STS: gahurihor: {5f1e9907-e480-49f3-b20f-8a8f806c7bd9} - c:\windows\system32\lasofesu.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-4 203280] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-4 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-4 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-4 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-4 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-4 40552] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-1 19160] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-4 34248] =============== Created Last 30 ================ 2009-11-04 20:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-11-04 19:33 4,681 a------- c:\windows\system32\Config.MPF 2009-11-04 19:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-11-04 19:08 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-11-04 19:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-11-04 19:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-11-04 19:07 <DIR> --d----- c:\program files\common files\McAfee 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee.com 2009-11-04 19:07 <DIR> --d----- c:\program files\McAfee 2009-11-04 19:06 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-11-01 14:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 14:43 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-01 08:33 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\IObit 2009-10-31 12:20 236,544 a------- c:\windows\PEV.exe 2009-10-31 12:20 161,792 a------- c:\windows\SWREG.exe 2009-10-31 12:20 98,816 a------- c:\windows\sed.exe 2009-10-31 12:20 77,312 a------- c:\windows\MBR.exe 2009-10-30 20:19 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Printer Info Cache 2009-10-30 19:55 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\PrivacIE 2009-10-25 14:31 <DIR> --d----- c:\program files\SiteAdvisor 2009-10-25 14:18 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-25 14:14 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\McAfee 2009-10-25 12:04 61,224 a------- c:\documents and settings\compaq_owner.matthews\GoToAssistDownloadHelper.exe 2009-10-24 13:58 274,432 a------- c:\windows\system32\LxrSG20.dll 2009-10-24 13:58 163,840 a------- c:\windows\system32\LxrConfig.exe 2009-10-24 13:58 69,920 a------- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 13:58 61,440 a------- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 13:58 49,152 a------- c:\windows\system32\LxrSG20s.exe 2009-10-24 13:58 575 a------- c:\windows\system32\LxrCleanup.bat 2009-10-24 08:06 561,152 a----r-- c:\windows\system32\hpotscl.dll 2009-10-24 08:06 94,208 a----r-- c:\windows\system32\hpovst08.dll 2009-10-24 08:06 274,432 a----r-- c:\windows\system32\hpgwiamd.dll 2009-10-23 21:42 94,208 a----r-- c:\windows\system32\HPZipt12.dll 2009-10-23 21:42 57,344 a----r-- c:\windows\system32\HPZisn12.dll 2009-10-23 21:42 237,624 a----r-- c:\windows\system32\HPZidr12.dll 2009-10-23 21:42 172,032 a----r-- c:\windows\system32\HPZipr12.dll 2009-10-23 21:42 65,536 a----r-- c:\windows\system32\HPZipm12.exe 2009-10-23 21:42 61,440 a----r-- c:\windows\system32\HPZinw12.exe 2009-10-23 21:42 16,080 a----r-- c:\windows\system32\drivers\HPZipr12.sys 2009-10-23 21:42 50,960 a----r-- c:\windows\system32\drivers\hpzid412.sys 2009-10-23 21:41 237,568 a----r-- c:\windows\system32\HPZc3212.dll 2009-10-23 21:41 22,384 a----r-- c:\windows\system32\drivers\HPZius12.sys 2009-10-23 21:40 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys 2009-10-23 21:40 25,856 a------- c:\windows\system32\drivers\usbprint.sys 2009-10-23 21:40 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-10-23 21:40 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-10-23 21:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys 2009-10-23 21:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 13:09 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll 2009-10-23 13:09 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll 2009-10-23 13:09 155,648 -c------ c:\windows\system32\dllcache\wscript.exe 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx 2009-10-23 13:09 90,112 -c------ c:\windows\system32\dllcache\wshext.dll 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\cscript.exe 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\scripting 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\en 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\bits 2009-10-22 18:31 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-22 18:31 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-22 18:25 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\IETldCache 2009-10-22 18:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-10-22 18:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 18:11 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-10-22 18:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 18:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 18:11 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-10-22 18:09 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-10-21 22:33 276,992 -------- c:\windows\system32\wmphoto.dll 2009-10-21 22:31 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-21 22:30 81,920 -------- c:\windows\system32\ieencode.dll 2009-10-21 21:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-10-21 21:53 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-10-21 21:52 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-21 21:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-10-21 21:49 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-10-21 21:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-10-21 21:48 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-21 21:46 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-21 21:46 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-21 21:44 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2009-10-21 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-10-21 20:51 233 a------- c:\windows\Quicken.ini 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Palo Alto Software 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Intuit 2009-10-21 20:49 <DIR> --d----- c:\program files\Quicken 2009-10-21 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit 2009-10-21 20:49 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Intuit 2009-10-21 19:58 <DIR> --d----- c:\windows\system32\PreInstall 2009-10-21 19:34 21,728 a------- c:\windows\system32\wucltui.dll.mui 2009-10-21 19:34 17,632 a------- c:\windows\system32\wuaueng.dll.mui 2009-10-21 19:34 15,072 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-10-21 19:34 15,064 a------- c:\windows\system32\wuapi.dll.mui 2009-10-21 19:34 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-10-21 19:28 <DIR> --ds---- c:\documents and settings\compaq_owner.matthews\UserData 2009-10-21 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-21 18:51 4,992 a------- c:\windows\system32\drivers\mspqm.sys 2009-10-21 18:51 5,376 a------- c:\windows\system32\drivers\mspclock.sys 2009-10-21 18:51 7,552 a------- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 18:51 61,696 a------- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 18:51 6,400 a------- c:\windows\system32\drivers\enum1394.sys 2009-10-21 18:51 53,376 a------- c:\windows\system32\drivers\1394bus.sys 2009-10-21 18:23 1,249,721 a------- c:\windows\setupapi.log.3.old 2009-10-21 18:22 <DIR> -cdshr-- c:\windows\system32\dllcache 2009-10-21 18:19 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-10-21 18:16 <DIR> -cd-h--- c:\windows\ie8 2009-10-21 18:02 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 16:36 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Malwarebytes 2009-10-21 16:14 <DIR> a-dshr-- C:\cmdcons 2009-10-21 16:03 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-21 16:03 1,850 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-21 16:02 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Symantec 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\compaq_owner.matthews\WINDOWS 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\Compaq_Owner.MATTHEWS 2009-10-15 19:20 <DIR> --d----- c:\program files\Trend Micro 2009-10-15 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 15:54 32,768 a------- c:\windows\~DF7394.tmp 2009-10-15 14:13 <DIR> --d----- c:\program files\ocdjbm 2009-10-14 20:31 <DIR> --d----- c:\program files\Angle Interactive 2009-10-14 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-14 17:16 <DIR> --d----- C:\ProgramData 2009-10-14 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-10-14 17:06 <DIR> --d----- c:\program files\XoftSpySE6 ==================== Find3M ==================== 2009-10-22 19:32 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-10-22 19:30 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchealthplugin.dll 2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 03:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2005-04-30 18:55 0 ac-sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 17:49:53.04 =============== Attach.zip
  6. mbmatthews
    Good evening: I read the article, removed IOBIt, and will follow up. When I looked at the file you mentioned, there was nothing in it, but I had already removed the IOBit and run Combofix I had to remove Mcafee before Combofix would run and spit out the log. I think I need a new security program. Here is the log Please let me know how to proceed, and again, thank you for your time and advice. ComboFix 09-11-01.04 - Compaq_Owner 11/04/2009 18:16.4.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.501 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner.MATTHEWS\Desktop\Help stuff\mbmatthews.exe . ((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))))) . 2009-11-01 19:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 19:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-01 13:33 . 2009-11-01 13:33 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\IObit 2009-10-31 14:17 . 2009-10-31 14:17 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\AdobeUM 2009-10-31 01:31 . 2009-10-31 01:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-31 01:19 . 2009-10-31 01:19 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Printer Info Cache 2009-10-31 00:55 . 2009-10-31 00:55 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\PrivacIE 2009-10-31 00:40 . 2009-10-31 00:40 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Adobe 2009-10-27 12:03 . 2009-10-27 12:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-10-26 04:14 . 2009-10-26 04:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Identities 2009-10-26 01:08 . 2009-10-26 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-10-25 19:31 . 2009-10-25 19:31 -------- d-----w- c:\program files\SiteAdvisor 2009-10-25 19:18 . 2009-10-25 19:18 -------- d-----w- c:\windows\system32\LogFiles 2009-10-25 19:14 . 2009-10-25 19:14 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\McAfee 2009-10-25 17:33 . 2009-11-04 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-25 17:04 . 2009-10-25 17:04 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Citrix 2009-10-25 17:04 . 2009-10-25 17:04 61224 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\GoToAssistDownloadHelper.exe 2009-10-24 18:58 . 2009-10-24 18:58 69920 ----a-w- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 18:58 . 2009-10-24 18:58 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 18:58 . 2009-10-24 18:58 575 ----a-w- c:\windows\system32\LxrCleanup.bat 2009-10-24 18:58 . 2009-10-24 18:58 49152 ----a-w- c:\windows\system32\LxrSG20s.exe 2009-10-24 18:58 . 2009-10-24 18:58 274432 ----a-w- c:\windows\system32\LxrSG20.dll 2009-10-24 18:58 . 2009-10-24 18:58 163840 ----a-w- c:\windows\system32\LxrConfig.exe 2009-10-24 13:06 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\hpovst08.dll 2009-10-24 13:06 . 2002-11-27 11:30 561152 ----a-r- c:\windows\system32\hpotscl.dll 2009-10-24 13:06 . 2002-11-27 11:30 274432 ----a-r- c:\windows\system32\hpgwiamd.dll 2009-10-24 02:42 . 2002-11-27 11:30 94208 ----a-r- c:\windows\system32\HPZipt12.dll 2009-10-24 02:42 . 2002-11-27 11:30 57344 ----a-r- c:\windows\system32\HPZisn12.dll 2009-10-24 02:42 . 2002-11-27 11:30 65536 ----a-r- c:\windows\system32\HPZipm12.exe 2009-10-24 02:42 . 2002-11-27 11:30 61440 ----a-r- c:\windows\system32\HPZinw12.exe 2009-10-24 02:42 . 2002-11-27 11:30 237624 ----a-r- c:\windows\system32\HPZidr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 172032 ----a-r- c:\windows\system32\HPZipr12.dll 2009-10-24 02:42 . 2002-11-27 11:30 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-10-24 02:42 . 2002-11-27 11:30 50960 ----a-r- c:\windows\system32\drivers\hpzid412.sys 2009-10-24 02:41 . 2002-11-27 11:30 22384 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-10-24 02:41 . 2002-11-27 11:29 237568 ----a-r- c:\windows\system32\HPZc3212.dll 2009-10-24 02:40 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-24 02:40 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-24 02:39 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 18:09 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-10-23 18:09 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-10-23 18:09 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-10-23 18:09 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-10-23 18:09 . 2008-05-07 09:07 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\scripting 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\en 2009-10-23 00:27 . 2009-10-23 00:27 -------- d-----w- c:\windows\system32\bits 2009-10-22 23:31 . 2009-10-22 23:30 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-22 23:26 . 2009-10-22 23:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-10-22 23:25 . 2009-10-22 23:25 -------- d-sh--w- c:\documents and settings\Compaq_Owner.MATTHEWS\IETldCache 2009-10-22 23:11 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-22 23:11 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 23:11 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 23:11 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-10-22 23:11 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 23:11 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-10-22 23:09 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-22 03:33 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll 2009-10-22 03:31 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-22 03:30 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll 2009-10-22 03:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-10-22 03:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-10-22 03:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-10-22 03:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-22 03:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-10-22 03:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-10-22 03:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-10-22 03:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-10-22 03:02 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-22 03:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-10-22 03:02 . 2009-08-05 00:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-22 03:02 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-22 02:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-22 02:53 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-22 02:52 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-22 02:51 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-22 02:49 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-10-22 02:48 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-10-22 02:48 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-10-22 02:46 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-22 02:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-22 02:44 . 2008-08-14 10:04 138496 -c----w- c:\windows\system32\dllcache\afd.sys 2009-10-22 02:24 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Palo Alto Software 2009-10-22 01:50 . 2009-10-22 01:50 -------- d-----w- c:\program files\Common Files\Intuit 2009-10-22 01:49 . 2009-10-24 19:01 -------- d-----w- c:\program files\Quicken 2009-10-22 01:49 . 2009-10-22 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-10-22 01:49 . 2009-10-22 01:49 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Intuit 2009-10-22 00:34 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-22 00:28 . 2009-10-22 00:28 -------- d-s---w- c:\documents and settings\Compaq_Owner.MATTHEWS\UserData 2009-10-22 00:21 . 2009-10-22 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-10-21 23:51 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-10-21 23:51 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-10-21 23:51 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 23:51 . 2008-04-13 18:46 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 23:51 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-10-21 23:51 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys 2009-10-21 23:22 . 2009-10-24 18:58 -------- dcsh--r- c:\windows\system32\dllcache 2009-10-21 23:19 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-21 23:16 . 2009-10-22 23:09 -------- dc-h--w- c:\windows\ie8 2009-10-21 23:02 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 21:47 . 2009-10-25 18:02 34008 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-21 21:44 . 2009-10-21 21:44 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Motive 2009-10-21 21:40 . 2009-10-21 21:40 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\Mozilla 2009-10-21 21:36 . 2009-10-21 21:36 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\Malwarebytes 2009-10-21 21:14 . 2009-10-31 05:34 -------- d-----w- c:\documents and settings\Compaq_Owner.MATTHEWS\Application Data\U3 2009-10-21 21:03 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-10-21 21:00 . 2004-10-21 10:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-10-21 21:00 . 2004-10-21 06:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Sonic 2009-10-21 21:00 . 2004-10-21 06:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView 2009-10-21 21:00 . 2004-10-20 14:47 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2009-10-21 21:00 . 2004-10-20 14:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-10-21 21:00 . 2004-10-20 14:31 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intervideo 2009-10-16 00:20 . 2009-10-16 00:20 -------- d-----w- c:\program files\Trend Micro 2009-10-15 21:14 . 2009-10-15 21:14 -------- d-----w- c:\program files\Alwil Software 2009-10-15 21:02 . 2009-11-01 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 19:13 . 2009-10-20 23:20 -------- d-----w- c:\program files\ocdjbm 2009-10-15 01:31 . 2009-10-15 01:31 -------- d-----w- c:\program files\Angle Interactive 2009-10-15 00:54 . 2009-10-15 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-14 22:16 . 2009-10-14 22:16 -------- d-----w- C:\ProgramData 2009-10-14 22:06 . 2009-10-14 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2009-10-14 22:06 . 2009-10-15 01:31 -------- d-----w- c:\program files\XoftSpySE6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-03 00:30 . 2009-10-21 21:02 144 ----a-w- c:\documents and settings\Compaq_Owner.MATTHEWS\Local Settings\Application Data\fusioncache.dat 2009-10-25 19:03 . 2009-02-07 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-10-22 23:30 . 2004-10-20 13:39 -------- d-----w- c:\program files\Java 2009-10-22 01:51 . 2004-10-20 14:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-22 00:21 . 2009-08-29 01:06 -------- d-----w- c:\program files\IObit 2009-10-21 23:56 . 2004-10-20 14:40 -------- d-----w- c:\program files\Microsoft Works 2009-10-21 21:19 . 2004-10-21 10:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-21 21:18 . 2004-10-21 10:13 -------- d-----w- c:\program files\Symantec 2009-10-21 21:10 . 2004-10-21 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-21 21:09 . 2004-10-21 06:10 -------- d-----w- c:\program files\Easy Internet signup 2009-10-21 21:03 . 2009-10-21 21:03 1850 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-15 20:54 . 2009-10-15 20:54 32768 ----a-w- c:\windows\~DF7394.tmp 2009-10-15 01:31 . 2009-07-31 19:20 -------- d-----w- c:\program files\7-Zip 2009-10-15 01:31 . 2009-01-25 01:32 -------- d-----w- c:\program files\DNA 2009-09-16 12:17 . 2009-08-28 12:55 -------- d-----w- c:\program files\DivX 2009-09-11 14:18 . 2004-12-03 08:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-12-03 08:55 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2004-12-03 08:57 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-12-03 08:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-06 23:24 . 2004-12-03 08:57 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-12-03 08:57 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-12-03 08:57 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-12-03 08:54 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-12-03 08:57 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2004-12-03 08:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-06 23:23 . 2004-12-03 08:57 209624 ----a-w- c:\windows\system32\wuweb.dll 2005-04-30 23:55 . 2005-04-30 20:55 0 -csha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( SnapShot@2009-11-01_13.56.41 ))))))))))))))))))))))))))))))))))))))))) . + 2004-10-20 13:15 . 2009-11-04 22:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2004-10-20 13:15 . 2009-11-04 22:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2004-10-20 13:15 . 2009-11-01 13:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-05 286720] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-22 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-09-24 49152] "LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{a47e7012-2a5c-4ba9-ba58-1f2a05e3f023}"= "c:\windows\system32\vufeguja.dll" [bU] "{5f1e9907-e480-49f3-b20f-8a8f806c7bd9}"= "c:\windows\system32\lasofesu.dll" [bU] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-04 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21112206270.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2005-05-20 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21113907269.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] 2006-09-06 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21124964629.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . - - - - ORPHANS REMOVED - - - - BHO-{24104eed-ccf3-499f-aef1-2f679dd7e8c4} - tizomahu.dll SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 18:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,34,f4,02,d0,66,1c,42,be,de,ba,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3840) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2009-11-04 18:24 ComboFix-quarantined-files.txt 2009-11-04 23:24 Pre-Run: 14,729,773,056 bytes free Post-Run: 14,697,222,144 bytes free - - End Of File - - D0256160DFE68A09BE2BEFE44BAC1028
  7. mbmatthews
    Good evening: Yes, the computer has rebooted since Combofix ran. Here are the logs as requested. Thanks again for your assistance. DDS (Ver_09-09-29.01) - NTFSx86 Run by Compaq_Owner at 16:37:58.43 on Tue 11/03/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.139 [GMT -5:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\IObit\IObit Security 360\IS360tray.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\IObit\IObit Security 360\is360.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Compaq_Owner.MATTHEWS\Desktop\Help stuff\dds(2).com C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: {24104eed-ccf3-499f-aef1-2f679dd7e8c4} - tizomahu.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [VTTimer] VTTimer.exe mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [LTMSG] LTMSG.exe 7 mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256172355828 Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll STS: kupuhivus: {a47e7012-2a5c-4ba9-ba58-1f2a05e3f023} - c:\windows\system32\vufeguja.dll STS: gahurihor: {5f1e9907-e480-49f3-b20f-8a8f806c7bd9} - c:\windows\system32\lasofesu.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664] R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-1 312592] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-25 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-25 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-25 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-25 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-25 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-25 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-25 40552] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-25 34248] =============== Created Last 30 ================ 2009-11-02 18:12 <DIR> --d----- C:\mbmatthews 2009-11-01 14:43 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 14:43 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-01 08:33 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\IObit 2009-10-31 12:20 236,544 a------- c:\windows\PEV.exe 2009-10-31 12:20 161,792 a------- c:\windows\SWREG.exe 2009-10-31 12:20 98,816 a------- c:\windows\sed.exe 2009-10-31 12:20 77,312 a------- c:\windows\MBR.exe 2009-10-30 20:19 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Printer Info Cache 2009-10-30 19:55 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\PrivacIE 2009-10-25 14:31 <DIR> --d----- c:\program files\SiteAdvisor 2009-10-25 14:18 7,635 a------- c:\windows\system32\Config.MPF 2009-10-25 14:18 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-25 14:14 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\McAfee 2009-10-25 12:57 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-10-25 12:57 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-10-25 12:57 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-10-25 12:57 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-10-25 12:55 <DIR> --d----- c:\program files\common files\McAfee 2009-10-25 12:55 <DIR> --d----- c:\program files\McAfee.com 2009-10-25 12:55 <DIR> --d----- c:\program files\McAfee 2009-10-25 12:54 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-10-25 12:04 61,224 a------- c:\documents and settings\compaq_owner.matthews\GoToAssistDownloadHelper.exe 2009-10-24 13:58 274,432 a------- c:\windows\system32\LxrSG20.dll 2009-10-24 13:58 163,840 a------- c:\windows\system32\LxrConfig.exe 2009-10-24 13:58 69,920 a------- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 13:58 61,440 a------- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 13:58 49,152 a------- c:\windows\system32\LxrSG20s.exe 2009-10-24 13:58 575 a------- c:\windows\system32\LxrCleanup.bat 2009-10-24 08:06 561,152 a----r-- c:\windows\system32\hpotscl.dll 2009-10-24 08:06 94,208 a----r-- c:\windows\system32\hpovst08.dll 2009-10-24 08:06 274,432 a----r-- c:\windows\system32\hpgwiamd.dll 2009-10-23 21:42 94,208 a----r-- c:\windows\system32\HPZipt12.dll 2009-10-23 21:42 57,344 a----r-- c:\windows\system32\HPZisn12.dll 2009-10-23 21:42 237,624 a----r-- c:\windows\system32\HPZidr12.dll 2009-10-23 21:42 172,032 a----r-- c:\windows\system32\HPZipr12.dll 2009-10-23 21:42 65,536 a----r-- c:\windows\system32\HPZipm12.exe 2009-10-23 21:42 61,440 a----r-- c:\windows\system32\HPZinw12.exe 2009-10-23 21:42 16,080 a----r-- c:\windows\system32\drivers\HPZipr12.sys 2009-10-23 21:42 50,960 a----r-- c:\windows\system32\drivers\hpzid412.sys 2009-10-23 21:41 237,568 a----r-- c:\windows\system32\HPZc3212.dll 2009-10-23 21:41 22,384 a----r-- c:\windows\system32\drivers\HPZius12.sys 2009-10-23 21:40 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys 2009-10-23 21:40 25,856 a------- c:\windows\system32\drivers\usbprint.sys 2009-10-23 21:40 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-10-23 21:40 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-10-23 21:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys 2009-10-23 21:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 13:09 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll 2009-10-23 13:09 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll 2009-10-23 13:09 155,648 -c------ c:\windows\system32\dllcache\wscript.exe 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx 2009-10-23 13:09 90,112 -c------ c:\windows\system32\dllcache\wshext.dll 2009-10-23 13:09 135,168 -c------ c:\windows\system32\dllcache\cscript.exe 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\scripting 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\en 2009-10-22 19:27 <DIR> --d----- c:\windows\system32\bits 2009-10-22 18:31 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-22 18:31 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-22 18:25 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\IETldCache 2009-10-22 18:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-10-22 18:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 18:11 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-10-22 18:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 18:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 18:11 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-10-22 18:09 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-10-21 22:33 276,992 -------- c:\windows\system32\wmphoto.dll 2009-10-21 22:31 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-21 22:30 81,920 -------- c:\windows\system32\ieencode.dll 2009-10-21 21:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-10-21 21:53 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-10-21 21:52 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-21 21:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-10-21 21:49 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-10-21 21:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-10-21 21:48 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-21 21:46 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-21 21:46 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-21 21:44 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2009-10-21 21:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-10-21 20:51 233 a------- c:\windows\Quicken.ini 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Palo Alto Software 2009-10-21 20:50 <DIR> --d----- c:\program files\common files\Intuit 2009-10-21 20:49 <DIR> --d----- c:\program files\Quicken 2009-10-21 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit 2009-10-21 20:49 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Intuit 2009-10-21 19:58 <DIR> --d----- c:\windows\system32\PreInstall 2009-10-21 19:34 21,728 a------- c:\windows\system32\wucltui.dll.mui 2009-10-21 19:34 17,632 a------- c:\windows\system32\wuaueng.dll.mui 2009-10-21 19:34 15,072 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-10-21 19:34 15,064 a------- c:\windows\system32\wuapi.dll.mui 2009-10-21 19:34 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-10-21 19:28 <DIR> --ds---- c:\documents and settings\compaq_owner.matthews\UserData 2009-10-21 19:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-21 18:51 4,992 a------- c:\windows\system32\drivers\mspqm.sys 2009-10-21 18:51 5,376 a------- c:\windows\system32\drivers\mspclock.sys 2009-10-21 18:51 7,552 a------- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 18:51 61,696 a------- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 18:51 6,400 a------- c:\windows\system32\drivers\enum1394.sys 2009-10-21 18:51 53,376 a------- c:\windows\system32\drivers\1394bus.sys 2009-10-21 18:22 <DIR> -cdshr-- c:\windows\system32\dllcache 2009-10-21 18:19 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-10-21 18:16 <DIR> -cd-h--- c:\windows\ie8 2009-10-21 18:02 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 16:36 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Malwarebytes 2009-10-21 16:14 <DIR> a-d--r-- C:\cmdcons 2009-10-21 16:03 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-21 16:03 1,850 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-21 16:02 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Symantec 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\compaq_owner.matthews\WINDOWS 2009-10-21 16:02 <DIR> --d----- c:\documents and settings\Compaq_Owner.MATTHEWS 2009-10-15 19:20 <DIR> --d----- c:\program files\Trend Micro 2009-10-15 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 15:54 32,768 a------- c:\windows\~DF7394.tmp 2009-10-15 14:13 <DIR> --d----- c:\program files\ocdjbm 2009-10-14 20:31 <DIR> --d----- c:\program files\Angle Interactive 2009-10-14 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-14 17:16 <DIR> --d----- C:\ProgramData 2009-10-14 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-10-14 17:06 <DIR> --d----- c:\program files\XoftSpySE6 ==================== Find3M ==================== 2009-10-22 19:32 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-10-22 19:30 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchealthplugin.dll 2009-09-16 09:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 03:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2005-04-30 18:55 0 ac-sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 16:39:54.23 =============== Attach.zip
  8. mbmatthews
    Good evening (where I am anyway) I deleted the MBAM files as directed. I ran Combofix again. No change. Ran fine, never coughed up a log although I left it for an hour. However, going through this post, I noticed that you requested me to run a program I never ran, the exe helper. I have run this and the log is posted below. Please let me know the next step. Your time and assistance is appreciated. exeHelper by Raktor Build 20091021 Run at 19:36:41 on 11/02/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--
  9. mbmatthews
    Having run Combofix, I downloaded Malwarebytes (considering that I have not been able to run it before all the way) and ran it. It ran beautifully, and found a bunch of problems (log is included) and put them all in quarantine. 1) can I delete these or would that not be wise? 2) should I see if Combofix will work now? Or is that really needed? As the log will tell you, a lot of these were Vundo files, plus a worm I think was on my flash drive. I hope this helps, as the Combofix was not able to do a log. I thank you again for your time and assistance. Malwarebytes' Anti-Malware 1.41 Database version: 3080 Windows 5.1.2600 Service Pack 3 11/1/2009 4:48:25 PM mbam-log-2009-11-01 (16-48-25).txt Scan type: Full Scan (C:\|D:\|K:\|) Objects scanned: 200021 Time elapsed: 2 hour(s), 2 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 1 Registry Values Infected: 4 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\tizomahu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\visugahu.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{76b1964c-2489-4072-b35d-00abecfe160a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dugotetos (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{76b1964c-2489-4072-b35d-00abecfe160a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\defifitoh (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hegehununu (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\visugahu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tizomahu.dll (Trojan.Vundo) -> Delete on reboot. C:\Qoobox\Quarantine\C\WINDOWS\system32\guzapamu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\lasofesu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\muhodogu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\nesahiju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\nunoloje.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\sosafimi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP10\A0002006.exe (Worm.Emold) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP11\A0002610.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP11\A0002611.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{55AD45FB-8993-4F27-867B-0B74F04FFF84}\RP11\A0002612.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wobiyena.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  10. mbmatthews
    Hi, again: Did as you requested and renamed the file, then ran it. I did make sure I followed the directions, diabling Mcaffe, etc. It ran fine, but again did not provide a log. I know that it took some action, because I saw some .dll files deleted. I know for sure this time that the computer was not touched, and waited an hour. No luck. Please let me know what I should do next. Many thanks for the time and advice you are providing.
  11. mbmatthews
    Okay, I gave up on the combofix log- it simply never came up, and I seriously waited hours. Sorry, I did follow the instructions, I don't know why it screwed up. However, the computer is behaving so here is the new dds log and the attached log. Your help is appreciated. DDS (Ver_09-09-29.01) - NTFSx86 Run by Compaq_Owner at 20:21:12.65 on Sat 10/31/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.212 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\IObit\IObit Security 360\IS360tray.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Compaq_Owner.MATTHEWS\Desktop\dds(2).com C:\Documents and Settings\Compaq_Owner.MATTHEWS\Desktop\dds(2).com C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: {24104eed-ccf3-499f-aef1-2f679dd7e8c4} - tizomahu.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [VTTimer] VTTimer.exe mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [iS CfgWiz] c:\program files\common files\symantec shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" mRun: [LTMSG] LTMSG.exe 7 mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [iObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [dugotetos] Rundll32.exe "c:\windows\system32\vufeguja.dll",a mRun: [hegehununu] Rundll32.exe "muhodogu.dll",s StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256172355828 Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll SSODL: kutusofog - {a47e7012-2a5c-4ba9-ba58-1f2a05e3f023} - c:\windows\system32\vufeguja.dll STS: kupuhivus: {a47e7012-2a5c-4ba9-ba58-1f2a05e3f023} - c:\windows\system32\vufeguja.dll LSA: Notification Packages = scecli sosafimi.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 214664] R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-21 309008] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-25 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-10-25 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-25 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-25 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-25 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-25 35272] R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-25 34248] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-25 40552] =============== Created Last 30 ================ 2009-10-31 13:20 236,544 a------- c:\windows\PEV.exe 2009-10-31 13:20 161,792 a------- c:\windows\SWREG.exe 2009-10-31 13:20 98,816 a------- c:\windows\sed.exe 2009-10-31 13:20 77,312 a------- c:\windows\MBR.exe 2009-10-31 13:20 <DIR> --d----- C:\ComboFix 2009-10-30 21:19 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Printer Info Cache 2009-10-30 20:55 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\PrivacIE 2009-10-25 15:31 <DIR> --d----- c:\program files\SiteAdvisor 2009-10-25 15:18 6,867 a------- c:\windows\system32\Config.MPF 2009-10-25 15:18 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-25 15:14 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\McAfee 2009-10-25 13:57 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-10-25 13:57 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-10-25 13:57 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-10-25 13:57 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-10-25 13:55 <DIR> --d----- c:\program files\common files\McAfee 2009-10-25 13:55 <DIR> --d----- c:\program files\McAfee.com 2009-10-25 13:55 <DIR> --d----- c:\program files\McAfee 2009-10-25 13:54 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-10-25 13:04 61,224 a------- c:\documents and settings\compaq_owner.matthews\GoToAssistDownloadHelper.exe 2009-10-24 14:58 274,432 a------- c:\windows\system32\LxrSG20.dll 2009-10-24 14:58 163,840 a------- c:\windows\system32\LxrConfig.exe 2009-10-24 14:58 69,920 a------- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 14:58 61,440 a------- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 14:58 49,152 a------- c:\windows\system32\LxrSG20s.exe 2009-10-24 14:58 575 a------- c:\windows\system32\LxrCleanup.bat 2009-10-24 09:06 561,152 a----r-- c:\windows\system32\hpotscl.dll 2009-10-24 09:06 94,208 a----r-- c:\windows\system32\hpovst08.dll 2009-10-24 09:06 274,432 a----r-- c:\windows\system32\hpgwiamd.dll 2009-10-23 22:42 94,208 a----r-- c:\windows\system32\HPZipt12.dll 2009-10-23 22:42 57,344 a----r-- c:\windows\system32\HPZisn12.dll 2009-10-23 22:42 237,624 a----r-- c:\windows\system32\HPZidr12.dll 2009-10-23 22:42 172,032 a----r-- c:\windows\system32\HPZipr12.dll 2009-10-23 22:42 65,536 a----r-- c:\windows\system32\HPZipm12.exe 2009-10-23 22:42 61,440 a----r-- c:\windows\system32\HPZinw12.exe 2009-10-23 22:42 16,080 a----r-- c:\windows\system32\drivers\HPZipr12.sys 2009-10-23 22:42 50,960 a----r-- c:\windows\system32\drivers\hpzid412.sys 2009-10-23 22:41 237,568 a----r-- c:\windows\system32\HPZc3212.dll 2009-10-23 22:41 22,384 a----r-- c:\windows\system32\drivers\HPZius12.sys 2009-10-23 22:40 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys 2009-10-23 22:40 25,856 a------- c:\windows\system32\drivers\usbprint.sys 2009-10-23 22:40 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-10-23 22:40 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-10-23 22:39 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys 2009-10-23 22:39 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 14:09 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll 2009-10-23 14:09 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll 2009-10-23 14:09 155,648 -c------ c:\windows\system32\dllcache\wscript.exe 2009-10-23 14:09 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx 2009-10-23 14:09 90,112 -c------ c:\windows\system32\dllcache\wshext.dll 2009-10-23 14:09 135,168 -c------ c:\windows\system32\dllcache\cscript.exe 2009-10-22 20:27 <DIR> --d----- c:\windows\system32\scripting 2009-10-22 20:27 <DIR> --d----- c:\windows\system32\en 2009-10-22 20:27 <DIR> --d----- c:\windows\system32\bits 2009-10-22 19:31 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-22 19:31 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-22 19:25 <DIR> --dsh--- c:\documents and settings\compaq_owner.matthews\IETldCache 2009-10-22 19:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-10-22 19:11 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 19:11 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-10-22 19:11 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 19:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 19:11 11,069,440 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-10-22 19:09 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-10-21 23:33 276,992 -------- c:\windows\system32\wmphoto.dll 2009-10-21 23:31 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-21 23:30 81,920 -------- c:\windows\system32\ieencode.dll 2009-10-21 22:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-10-21 22:53 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-10-21 22:52 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-21 22:51 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-10-21 22:49 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-10-21 22:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-10-21 22:48 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-10-21 22:46 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-21 22:46 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-21 22:44 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2009-10-21 22:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-10-21 21:51 233 a------- c:\windows\Quicken.ini 2009-10-21 21:50 <DIR> --d----- c:\program files\common files\Palo Alto Software 2009-10-21 21:50 <DIR> --d----- c:\program files\common files\Intuit 2009-10-21 21:49 <DIR> --d----- c:\program files\Quicken 2009-10-21 21:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit 2009-10-21 21:49 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Intuit 2009-10-21 20:58 <DIR> --d----- c:\windows\system32\PreInstall 2009-10-21 20:34 21,728 a------- c:\windows\system32\wucltui.dll.mui 2009-10-21 20:34 17,632 a------- c:\windows\system32\wuaueng.dll.mui 2009-10-21 20:34 15,072 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-10-21 20:34 15,064 a------- c:\windows\system32\wuapi.dll.mui 2009-10-21 20:34 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-10-21 20:28 <DIR> --ds---- c:\documents and settings\compaq_owner.matthews\UserData 2009-10-21 20:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit 2009-10-21 19:51 4,992 a------- c:\windows\system32\drivers\mspqm.sys 2009-10-21 19:51 5,376 a------- c:\windows\system32\drivers\mspclock.sys 2009-10-21 19:51 7,552 a------- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 19:51 61,696 a------- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 19:51 6,400 a------- c:\windows\system32\drivers\enum1394.sys 2009-10-21 19:51 53,376 a------- c:\windows\system32\drivers\1394bus.sys 2009-10-21 19:22 <DIR> -cdshr-- c:\windows\system32\dllcache 2009-10-21 19:19 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-10-21 19:16 <DIR> -cd-h--- c:\windows\ie8 2009-10-21 19:02 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 17:36 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Malwarebytes 2009-10-21 17:14 <DIR> --d--r-- C:\cmdcons 2009-10-21 17:03 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-21 17:03 1,850 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-21 17:02 <DIR> --d----- c:\docume~1\compaq~1.mat\applic~1\Symantec 2009-10-21 17:02 <DIR> --d----- c:\documents and settings\compaq_owner.matthews\WINDOWS 2009-10-21 17:02 <DIR> --d----- c:\documents and settings\Compaq_Owner.MATTHEWS 2009-10-15 20:20 <DIR> --d----- c:\program files\Trend Micro 2009-10-15 17:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 16:54 32,768 a------- c:\windows\~DF7394.tmp 2009-10-15 15:13 <DIR> --d----- c:\program files\ocdjbm 2009-10-14 21:31 <DIR> --d----- c:\program files\Angle Interactive 2009-10-14 20:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-14 18:16 <DIR> --d----- C:\ProgramData 2009-10-14 18:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-10-14 18:06 <DIR> --d----- c:\program files\XoftSpySE6 ==================== Find3M ==================== 2009-10-22 20:32 82,435 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-10-22 20:30 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\hpq\xpxwwpp5\plugin\bin\pchealthplugin.dll 2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll 2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe 2009-08-04 10:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe 2005-04-30 19:55 0 ac-sh--- c:\windows\sminst\HPCD.sys 2009-07-31 08:47 61,440 a--sh--- c:\windows\system32\dijuboru.dll 2009-07-31 08:47 51,200 a--sh--- c:\windows\system32\tizomahu.dll ============= FINISH: 20:23:03.98 =============== Attach.zip
  12. mbmatthews
    I have run Combofix as the instructions stated, but it has been an hour and the log is not appearing. I am not sure what to do; the computer has gone into standby twice. I am using a different computer to send this message. However, Combofix did run, and it did delete something very old I forgot was on the computer, and a file. Then I get a message that a dll file was deleted, and Mcafee popped something up about the computer was not protected. I think it might have caused a problem, and I am not sure what to do.
  13. mbmatthews
    Thank you for your help. I am sorry it took me so long to respond; I did not see this post. Here is the posted log and the other is attached as requested in a zip file. mbmatthews DS (Ver_09-10-26.01) - NTFSx86 Run by Compaq_Owner at 21:51:27.17 on Fri 10/30/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.263 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\IObit\IObit Security 360\IS360tray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MSC\mcregist.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Compaq_Owner.MATTHEWS\My Documents\Downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [VTTimer] VTTimer.exe mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [iS CfgWiz] c:\program files\common files\symantec shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" mRun: [LTMSG] LTMSG.exe 7 mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [iObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [dugotetos] Rundll32.exe "c:\windows\system32\bilafivi.dll",a mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256172355828 Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: gowakimo.dll c:\windows\system32\bilafivi.dll SSODL: fofahemud - {72b483b1-08cc-4c15-966d-b9aeffaa9204} - c:\windows\system32\bilafivi.dll STS: jugezatag: {72b483b1-08cc-4c15-966d-b9aeffaa9204} - c:\windows\system32\bilafivi.dll LSA: Notification Packages = scecli notugogi.dll ============= SERVICES / DRIVERS =============== R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-21 309008] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-25 210216] S2 0281761256952782mcinstcleanup;McAfee Application Installer Cleanup (0281761256952782);c:\windows\temp\028176~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\028176~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] =============== Created Last 30 ================ 2009-10-31 01:30:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-31 01:29:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-31 01:19:19 0 d-----w- c:\docume~1\compaq~1.mat\applic~1\Printer Info Cache 2009-10-31 00:55:53 0 d-sh--w- c:\documents and settings\compaq_owner.matthews\PrivacIE 2009-10-31 00:41:39 26116 ----a-w- c:\windows\system32\logon.exe 2009-10-25 19:31:37 0 d-----w- c:\program files\SiteAdvisor 2009-10-25 19:18:55 6579 ----a-w- c:\windows\system32\Config.MPF 2009-10-25 19:18:53 0 d-----w- c:\windows\system32\LogFiles 2009-10-25 19:14:33 0 d-----w- c:\docume~1\compaq~1.mat\applic~1\McAfee 2009-10-25 17:57:11 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-10-25 17:57:10 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-10-25 17:57:10 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-10-25 17:57:02 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-10-25 17:55:58 0 d-----w- c:\program files\common files\McAfee 2009-10-25 17:55:54 0 d-----w- c:\program files\McAfee.com 2009-10-25 17:55:19 0 d-----w- c:\program files\McAfee 2009-10-25 17:54:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-10-25 17:04:48 61224 ----a-w- c:\documents and settings\compaq_owner.matthews\GoToAssistDownloadHelper.exe 2009-10-24 18:58:24 69920 ----a-w- c:\windows\system32\drivers\LxrSG20d.sys 2009-10-24 18:58:24 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll 2009-10-24 18:58:24 575 ----a-w- c:\windows\system32\LxrCleanup.bat 2009-10-24 18:58:24 49152 ----a-w- c:\windows\system32\LxrSG20s.exe 2009-10-24 18:58:24 274432 ----a-w- c:\windows\system32\LxrSG20.dll 2009-10-24 18:58:24 163840 ----a-w- c:\windows\system32\LxrConfig.exe 2009-10-24 13:06:36 94208 ----a-r- c:\windows\system32\hpovst08.dll 2009-10-24 13:06:36 561152 ----a-r- c:\windows\system32\hpotscl.dll 2009-10-24 13:06:35 274432 ----a-r- c:\windows\system32\hpgwiamd.dll 2009-10-24 02:42:46 94208 ----a-r- c:\windows\system32\HPZipt12.dll 2009-10-24 02:42:46 57344 ----a-r- c:\windows\system32\HPZisn12.dll 2009-10-24 02:42:45 65536 ----a-r- c:\windows\system32\HPZipm12.exe 2009-10-24 02:42:45 61440 ----a-r- c:\windows\system32\HPZinw12.exe 2009-10-24 02:42:45 237624 ----a-r- c:\windows\system32\HPZidr12.dll 2009-10-24 02:42:45 172032 ----a-r- c:\windows\system32\HPZipr12.dll 2009-10-24 02:42:45 16080 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-10-24 02:42:43 50960 ----a-r- c:\windows\system32\drivers\hpzid412.sys 2009-10-24 02:41:42 237568 ----a-r- c:\windows\system32\HPZc3212.dll 2009-10-24 02:41:42 22384 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-10-24 02:40:09 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-10-24 02:40:09 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-24 02:40:00 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-24 02:40:00 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-24 02:39:19 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-24 02:39:19 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-23 18:09:34 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-10-23 18:09:34 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-10-23 18:09:34 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-10-23 18:09:34 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-10-23 18:09:34 135168 -c----w- c:\windows\system32\dllcache\wshom.ocx 2009-10-23 18:09:33 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-10-23 00:27:41 0 d-----w- c:\windows\system32\scripting 2009-10-23 00:27:39 0 d-----w- c:\windows\system32\en 2009-10-23 00:27:39 0 d-----w- c:\windows\system32\bits 2009-10-22 23:31:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-10-22 23:31:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-22 23:25:28 0 d-sh--w- c:\documents and settings\compaq_owner.matthews\IETldCache 2009-10-22 23:11:33 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-22 23:11:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-22 23:11:29 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-22 23:11:29 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-22 23:11:29 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-10-22 23:11:28 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-10-22 23:09:23 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-22 03:33:02 276992 ------w- c:\windows\system32\wmphoto.dll 2009-10-22 03:31:48 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys 2009-10-22 03:30:58 81920 ------w- c:\windows\system32\ieencode.dll 2009-10-22 02:53:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-22 02:53:03 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-22 02:52:35 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-22 02:51:47 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-22 02:49:05 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-10-22 02:48:13 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-10-22 02:48:13 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-10-22 02:46:04 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-22 02:46:04 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-22 02:44:39 138496 -c----w- c:\windows\system32\dllcache\afd.sys 2009-10-22 02:24:38 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-22 01:51:21 233 ----a-w- c:\windows\Quicken.ini 2009-10-22 01:50:55 0 d-----w- c:\program files\common files\Palo Alto Software 2009-10-22 01:50:52 0 d-----w- c:\program files\common files\Intuit 2009-10-22 01:49:51 0 d-----w- c:\program files\Quicken 2009-10-22 01:49:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit 2009-10-22 01:49:41 0 d-----w- c:\docume~1\compaq~1.mat\applic~1\Intuit 2009-10-22 00:58:22 0 d-----w- c:\windows\system32\PreInstall 2009-10-22 00:34:46 21728 ----a-w- c:\windows\system32\wucltui.dll.mui 2009-10-22 00:34:45 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui 2009-10-22 00:34:42 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2009-10-22 00:34:41 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2009-10-22 00:34:40 0 d-----w- c:\windows\system32\SoftwareDistribution 2009-10-22 00:28:33 0 d-s---w- c:\documents and settings\compaq_owner.matthews\UserData 2009-10-22 00:21:55 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit 2009-10-21 23:51:42 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-10-21 23:51:40 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-10-21 23:51:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-10-21 23:51:15 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-10-21 23:51:15 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-10-21 23:51:14 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys 2009-10-21 23:22:39 0 dcsh--r- c:\windows\system32\dllcache 2009-10-21 23:19:58 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-21 23:16:33 0 dc-h--w- c:\windows\ie8 2009-10-21 23:02:02 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-21 21:36:36 0 d-----w- c:\docume~1\compaq~1.mat\applic~1\Malwarebytes 2009-10-21 21:14:22 0 d-sh--r- C:\cmdcons 2009-10-21 21:03:45 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-10-21 21:03:35 1850 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PP150AA-ABA SR1303WM NA510_YC_0Pres_QCNH451_E51NAheRED3_47_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M704_J40_7AMD_8Sempron_92_#050329_N11063065_Z 11C1044C_G11067205.MRK 2009-10-21 21:02:27 0 d-----w- c:\docume~1\compaq~1.mat\applic~1\Symantec 2009-10-16 00:20:43 0 d-----w- c:\program files\Trend Micro 2009-10-15 21:02:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 20:54:57 32768 ----a-w- c:\windows\~DF7394.tmp 2009-10-15 19:13:43 0 d-----w- c:\program files\ocdjbm 2009-10-15 01:31:32 0 d-----w- c:\program files\Angle Interactive 2009-10-15 00:54:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-14 22:16:49 0 d-----w- C:\ProgramData 2009-10-14 22:06:07 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE 2009-10-14 22:06:01 0 d-----w- c:\program files\XoftSpySE6 ==================== Find3M ==================== 2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2005-04-30 23:55:14 0 -csha-w- c:\windows\sminst\HPCD.sys 2009-07-31 00:46:54 183296 --sha-w- c:\windows\system32\bilafivi.dll 2009-07-31 00:41:11 115200 --sha-w- c:\windows\system32\gowakimo.dll 2009-07-31 00:41:11 115200 --sha-w- c:\windows\system32\mivivohe.dll 2009-07-31 00:46:54 87040 --sha-w- c:\windows\system32\mizotufu.dll 2009-07-31 00:41:11 115200 --sha-w- c:\windows\system32\notugogi.dll ============= FINISH: 21:53:17.39 =============== Attach.zip
  14. mbmatthews
    Hi: I have not gotten a response, but I did a system recovery and afterward managed to run Malwarebytes. This has stopped most of the problems, and I was also able to run Hijack This. I would like to be sure there is nothing else wrong on this syste, and am posting the logs here. Any review would be appreciated. I have not been able to reload Mcafee, and while I downloaded the Avira program I saw recommended here, that problem makes me wonder if something is not left behind. Hijack This:Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:54:19 PM, on 10/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\LTMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\IObit\IObit Security 360\IS360tray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\IObit\IObit Security 360\IS360srv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [iS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1256172355828 O23 - Service: McAfee Application Installer Cleanup (0116791256165050) (0116791256165050mcinstcleanup) - Unknown owner - C:\DOCUME~1\COMPAQ~1.MAT\LOCALS~1\Temp\011679~1.EXE (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe -- End of file - 6599 bytes Malwarebytes log: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 2 10/21/2009 8:24:13 PM mbam-log-2009-10-21 (20-24-13).txt Scan type: Full Scan (C:\|D:\|J:\|L:\|) Objects scanned: 186818 Time elapsed: 1 hour(s), 37 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. mbmatthews
    I got this virus and cannot get rid of it using any of the methods so kindly posted here. Malwarebytes will not run- the exe file is blocked and I have tried renaming it and the other sugestions, nothing works. Hijack this will not run, and renaming it did not help. The sysinternal process explorer did show what file was producing the problem, but as soon as we stopped it, it remade itself, so I guess we didn't find the core program. Root Repeal did not find the problem. I honestly am at my wits end. Any help is appreciated. mbmatthews
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.