last 10%
.
2009-10-23 14:42 . 2006-02-19 01:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-23 14:42 . 2009-04-20 00:00 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Symantec
2009-10-23 14:42 . 2006-02-19 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-22 19:49 . 2006-02-19 01:05 -------- d-----w- c:\program files\Symantec
2009-09-15 20:30 . 2006-05-12 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-15 19:23 . 2009-09-15 19:23 -------- d-----w- c:\program files\IObit
2009-09-15 16:51 . 2009-09-15 16:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\MSNInstaller
2009-09-15 16:05 . 2006-06-11 16:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Netscape
2009-09-15 16:04 . 2009-09-15 16:03 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\MSNInstaller(2)
2009-09-15 15:38 . 2006-05-12 01:22 39528 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 03:01 . 2009-09-12 04:00 46640 ----a-w- c:\windows\system32\msln.exe
2009-09-10 03:55 . 2009-09-10 03:55 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 09:11 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2006-02-19 01:06 . 2005-12-06 17:20 26 ------w- c:\program files\AXEL.DAV
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 36975]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-18 26]
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-18 26]
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2006-2-18 36864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AXEL.DAV [2006-2-18 26]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-18 36903]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ReSchedHPSU.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-18 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
AddRemove-Advanced SystemCare 3_is1 - c:\program files\IObit\Advanced SystemCare 3\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-23 07:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2704)
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\commy\CF10225.exe
c:\commy\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 7:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 14:46
Pre-Run: 78,823,608,320 bytes free
Post-Run: 78,808,379,392 bytes free
- - End Of File - - 35EA4D16C35886914A31D3625079B5EC