Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.191.76 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\Installer\1192a911.msi
c:\windows\Installer\12059144.msi
c:\windows\Installer\1205914a.msi
c:\windows\Installer\12059150.msi
c:\windows\Installer\12059156.msi
c:\windows\Installer\1205915c.msi
c:\windows\Installer\12059162.msi
c:\windows\Installer\12059168.msi
c:\windows\Installer\1205916f.msi
c:\windows\Installer\12059175.msi
c:\windows\Installer\12059183.msi
c:\windows\Installer\1205918a.msi
c:\windows\Installer\12059190.msi
c:\windows\Installer\12059196.msi
c:\windows\Installer\1205919d.msi
c:\windows\Installer\120a7333.msi
c:\windows\Installer\120a733d.msi
c:\windows\Installer\120a735d.msi
c:\windows\Installer\120a7363.msi
c:\windows\Installer\120a7369.msi
c:\windows\Installer\120a7370.msi
c:\windows\Installer\120a7377.msi
c:\windows\Installer\120a737d.msi
c:\windows\Installer\120a738a.msi
c:\windows\Installer\120a7391.msi
c:\windows\Installer\120a7466.msi
c:\windows\Installer\120a746d.msi
c:\windows\Installer\120a7474.msi
c:\windows\Installer\120ea9ff.msi
c:\windows\Installer\120eaa0b.msi
c:\windows\Installer\14d8530.msi
c:\windows\Installer\19148f9b.msi
c:\windows\Installer\193d83f7.msi
c:\windows\Installer\273ee0.msp
c:\windows\Installer\2b3b29.msi
c:\windows\Installer\2b3b30.msi
c:\windows\Installer\2b3b36.msi
c:\windows\Installer\2b3b3c.msi
c:\windows\Installer\2b3b4a.msi
c:\windows\Installer\2b3b51.msi
c:\windows\Installer\2b3b7b.msi
c:\windows\Installer\2b3b83.msi
c:\windows\Installer\2b3b89.msi
c:\windows\Installer\2b3b94.msi
c:\windows\Installer\2b3ba4.msi
c:\windows\Installer\2b3bac.msi
c:\windows\Installer\2b3bbc.msi
c:\windows\Installer\2b3bc4.msi
c:\windows\Installer\2ebe82.msi
c:\windows\Installer\2ebe8c.msi
c:\windows\Installer\2ec07c.msi
c:\windows\Installer\2ec08a.msi
c:\windows\Installer\2ec094.msi
c:\windows\Installer\2ec0ca.msi
c:\windows\Installer\2ec0d3.msi
c:\windows\Installer\2ec122.msi
c:\windows\Installer\2ec131.msi
c:\windows\Installer\2ec14a.msi
c:\windows\Installer\2ec229.msi
c:\windows\Installer\2ec232.msi
c:\windows\Installer\2ec23b.msi
c:\windows\Installer\320783.msi
c:\windows\Installer\32078f.msi
c:\windows\Installer\3ea37ca.msi
c:\windows\Installer\40d76d8.msi
c:\windows\Installer\53df1f9.msi
c:\windows\Installer\611e5ce.msi
c:\windows\Installer\699a164.msp
c:\windows\Installer\6ad7d7b.msp
c:\windows\Installer\782653.msi
c:\windows\Installer\782838.msi
c:\windows\Installer\7828be.msi
c:\windows\Installer\7f82721.msi
c:\windows\Installer\801812.msi
c:\windows\Installer\801818.msi
c:\windows\Installer\801843.msi
c:\windows\Installer\801851.msi
c:\windows\Installer\801866.msi
c:\windows\Installer\801871.msi
c:\windows\Installer\801889.msi
c:\windows\Installer\80188f.msi
c:\windows\Installer\80189b.msi
c:\windows\Installer\8018a2.msi
c:\windows\Installer\8018bc.msi
c:\windows\Installer\856fe6b.msi
c:\windows\Installer\856fe72.msi
c:\windows\Installer\856fe79.msi
c:\windows\Installer\999c4c.msi
c:\windows\Installer\9f57bd3.msi
c:\windows\Installer\9fe86.msi
c:\windows\Installer\c3e3237.msi
c:\windows\Installer\d37070.msi
c:\windows\Installer\d3707b.msi
c:\windows\Installer\d37081.msi
c:\windows\Installer\d37087.msi
c:\windows\Installer\d3708d.msi
c:\windows\Installer\d37093.msi
c:\windows\Installer\d37099.msi
c:\windows\Installer\d3709f.msi
c:\windows\Installer\d370a5.msi
c:\windows\Installer\d370ab.msi
c:\windows\Installer\d370b6.msi
c:\windows\Installer\d370bc.msi
c:\windows\Installer\d370c2.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.
2009-07-27 23:33 . 2009-07-27 23:33 -------- d-----w- C:\ERDNT
2009-07-27 23:33 . 2009-07-27 23:33 -------- d-----w- c:\windows\ERUNT
2009-07-27 23:32 . 2009-07-27 23:33 -------- d-----w- C:\!FixIEDef
2009-07-15 21:07 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 21:07 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 21:07 . 2009-07-15 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 17:36 . 2004-10-21 06:06 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-07-14 17:36 . 2004-10-20 14:47 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\system32\scripting
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\l2schemas
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\system32\en
2009-07-14 13:40 . 2009-07-14 13:40 -------- d-----w- c:\windows\system32\bits
2009-07-14 13:37 . 2009-07-14 13:41 -------- d-----w- c:\windows\ServicePackFiles
2009-07-14 13:27 . 2009-07-14 13:27 -------- d-----w- c:\windows\EHome
2009-07-12 05:29 . 2009-07-24 19:06 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Skype
2009-07-12 05:26 . 2009-07-12 05:26 -------- d-----w- c:\program files\Common Files\Skype
2009-07-12 05:26 . 2009-07-12 05:26 -------- d-----r- c:\program files\Skype
2009-07-10 02:15 . 2009-03-09 16:34 971776 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9uv3jpt3.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 00:32 . 2009-01-26 03:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\skypePM
2009-07-24 18:34 . 2009-05-07 01:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-16 21:22 . 2007-05-01 14:03 40040 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 20:59 . 2009-05-22 02:46 -------- d-----w- c:\program files\Charter Security Suite
2009-07-14 13:45 . 2004-10-20 13:12 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-12 05:26 . 2009-01-26 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-10 02:19 . 2007-05-02 02:46 -------- d--h--w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2009-07-08 20:55 . 2009-05-22 02:50 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-16 14:36 . 2004-12-25 21:15 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-12-25 21:13 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2004-12-25 21:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 18:14 . 2007-05-01 03:46 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sonic
2009-05-31 18:12 . 2009-05-31 18:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Leadertech
2009-05-30 02:14 . 2007-07-19 02:41 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2009-05-25 22:17 . 2009-05-25 22:17 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-25 22:17 . 2009-05-25 22:17 17408 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-25 22:17 . 2009-05-25 22:17 18944 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-25 22:17 . 2009-05-25 22:17 20480 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-25 22:17 . 2009-05-25 22:16 8192 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-20 05:11 . 2009-05-20 05:11 152576 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2004-12-25 21:14 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-12-25 21:16 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2009-05-07 00:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-23 09:59 . 2009-01-12 17:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-02-25 19:55 . 2007-02-25 19:55 110592 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-02-19 182936]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-02-19 957024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-10-21 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-09-16 03:44 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [5/21/2009 9:50 PM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [5/21/2009 9:49 PM 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [5/21/2009 9:48 PM 67808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 32256]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [5/21/2009 9:47 PM 99960]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [5/13/2007 12:50 PM 29522]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [5/21/2009 9:47 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [5/21/2009 9:47 PM 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-07-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2009-05-22 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
mSearchURL = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 19:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2831273944-2216379091-841592017-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(720)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(1120)
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Common\FSMB32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Charter Security Suite\Common\FCH32.EXE
c:\program files\Charter Security Suite\Common\FAMEH32.EXE
c:\program files\Charter Security Suite\Anti-Virus\fsqh.exe
c:\program files\Charter Security Suite\FSPC\fspc.exe
c:\program files\Charter Security Suite\FWES\program\fsdfwd.exe
c:\program files\Charter Security Suite\FSAUA\program\fsaua.exe
c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe
c:\program files\Charter Security Suite\FSAUA\program\fsus.exe
c:\program files\Charter Security Suite\FSGUI\fsguidll.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-07-28 19:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 00:43
ComboFix2.txt 2008-11-14 06:08
ComboFix3.txt 2008-11-07 06:45
ComboFix4.txt 2008-11-06 05:46
Pre-Run: 38,502,273,024 bytes free
Post-Run: 39,012,413,440 bytes free
312 --- E O F --- 2009-07-22 08:03