facebook malware

ComboFix 09-10-06.04 - Compaq_Administrator 10/07/2009 7:26.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.610 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-05 12:23 . 2009-10-06 11:52 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\F-Secure
2009-10-05 03:26 . 2009-10-05 03:26 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-10-05 03:26 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 03:26 . 2009-10-05 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-05 03:26 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 03:26 . 2009-10-06 01:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 22:46 . 2009-09-28 22:46 -------- d-----w- c:\program files\Search Guard Plus
2009-09-28 22:46 . 2009-09-28 22:46 -------- d-----w- c:\program files\Search Guard PlusU
2009-09-28 22:45 . 2009-09-28 22:45 -------- d-----w- C:\users
2009-09-14 05:36 . 2009-09-14 06:12 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 11:14 . 2009-08-31 14:23 -------- d-----w- c:\program files\Embarq Online Security 8
2009-10-07 11:12 . 2009-08-31 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-10-07 03:49 . 2009-10-06 16:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-06 18:57 . 2009-08-31 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-10-06 16:28 . 2009-10-06 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-10 19:37 . 2005-11-28 03:49 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Webshots
2009-09-01 02:25 . 2009-09-01 02:25 -------- d-----w- c:\program files\Alwil Software
2009-09-01 02:16 . 2005-11-27 21:56 72960 -c--a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 21:45 . 2009-08-31 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sammsoft
2009-08-31 21:45 . 2009-08-31 21:45 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-08-30 20:36 . 2009-08-30 20:36 102 ----a-w- c:\documents and settings\Compaq_Administrator\sdk.bat
2009-08-28 00:28 . 2009-08-28 00:28 -------- dc----w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-08-05 09:11 . 2004-08-10 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-10 19:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2007-03-24 00:08 . 2007-03-24 00:08 774144 -c--a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-06_22.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 11:33 . 2009-10-07 11:33 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2005-06-06 23:55 . 2009-10-07 11:11 58496 c:\windows\system32\perfc009.dat
+ 2005-06-06 23:55 . 2009-10-07 11:11 392486 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 378784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SGPUpdater"="c:\program files\Search Guard PlusU\sgpUpdaters.exe" [2009-05-15 67456]
"FBSearch"="c:\program files\Search Guard Plus\SearchGuardPlus.exe" [2009-05-04 194432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-01-24 544768]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-9-6 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Color Calibration.lnk - c:\program files\SEC\MagicTune3.5_Client\GammaTray.exe [2005-11-27 36864]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-8-16 36903]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
MagicTune3.5.lnk - c:\program files\SEC\MagicTune3.5_Client\MagicTuneTray.exe [2005-11-27 45056]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-11-27 155715]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Digital Asphyxia\\Y!TunnelPro 2.0\\YTPro.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

S3 SMALUSB;Digital Camera Driver;c:\windows\system32\drivers\smalidt.sys [9/16/2006 4:30 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Search
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 07:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?18"/> ? FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?18"/> ?
scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\RMSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Webshots\Webshots.scr
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-07 7:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 11:37
ComboFix2.txt 2009-10-06 22:11

Pre-Run: 203,016,044,544 bytes free
Post-Run: 203,047,514,112 bytes free

182 --- E O F --- 2009-08-30 20:35

facebook malware

Re: facebook malware7th October 2009, 11:56 am

Re: facebook malware7th October 2009, 9:11 pm

facebook malware

descriptionRe: facebook malware7th October 2009, 11:56 am

descriptionRe: facebook malware7th October 2009, 9:11 pm

Re: facebook malware7th October 2009, 11:56 am

Re: facebook malware7th October 2009, 9:11 pm