ComboFix 09-07-09.08 - Compaq_Owner 07/10/2009 12:44.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.333 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix12.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CfScripts.txt
FILE ::
"c:\windows\system32\9z0715pyf.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\9z0715pyf.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-10 15:29 . 2009-07-10 15:54 -------- d-s---w- C:\Combo-Fix
2009-07-09 22:10 . 2009-07-09 22:11 -------- d-----w- c:\documents and settings\Compaq_Owner\.SunDownloadManager
2009-07-09 02:42 . 2009-07-10 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-09 02:42 . 2009-07-09 02:42 -------- d-----w- c:\program files\Common Files\iS3
2009-07-08 18:58 . 2009-07-09 21:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2009-07-08 18:09 . 2009-07-09 21:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-25 17:38 . 2009-06-25 17:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Petroglyph
2009-06-19 20:51 . 2004-08-04 11:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-12 16:59 . 2009-06-30 21:28 -------- d-----w- c:\program files\LucasArts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 03:59 . 2005-01-29 11:04 -------- d-----w- c:\program files\Java
2009-07-08 14:41 . 2008-12-22 05:08 34 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences.dat
2009-07-07 17:13 . 2005-01-29 11:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-05 23:00 . 2009-03-03 02:58 -------- d-----w- c:\program files\Norton Security Scan
2009-06-30 21:28 . 2005-01-29 11:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 04:13 . 2009-06-02 23:00 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-13 03:00 . 2009-03-03 17:56 -------- d-----w- c:\program files\Bonjour
2009-06-12 17:06 . 2006-02-21 01:56 -------- d-----w- c:\program files\Davidson
2009-06-03 03:20 . 2009-06-03 03:20 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\PC Updater
2009-06-02 22:56 . 2009-06-02 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-02 22:54 . 2009-06-02 22:54 10134 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-02 22:54 . 2009-06-02 22:54 -------- d-----w- c:\program files\Microsoft WSE
2009-05-28 19:16 . 2009-05-28 19:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 19:15 . 2009-05-28 19:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 19:14 . 2009-05-28 19:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-18 21:25 . 2009-05-08 01:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-08 01:18 . 2009-05-08 01:18 34062 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\ie_bin\Uninst.exe
2009-04-30 17:02 . 2005-12-28 05:55 46832 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 00:33 . 2009-04-30 00:33 3584 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
.
(((((((((((((((((((((((((((((
SnapShot@2009-07-10_15.41.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 16:53 . 2009-07-10 16:53 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2009-07-10 16:53 . 2009-07-10 16:53 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-03-23 126976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-29 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe" [2005-03-23 126976]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MskDetct.exe" [2005-03-23 1111040]
"SIE2004"="c:\program files\Winferno\SIEPIE\SIEPulse.exe" [2004-07-06 44032]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder
2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2009-07-06 c:\windows\Tasks\Norton Security Scan for Compaq_Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 22:20]
2009-07-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-01-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.rr.com/uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktopmSearch Bar =
hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.htmluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! Dictionary -
file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! Search -
file:///c:\program files\Yahoo!\Common/ycsrch.htm
Trusted Zone: jcpsurvey.com\www
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-10 12:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-10 12:51
ComboFix-quarantined-files.txt 2009-07-10 17:50
ComboFix2.txt 2009-07-10 16:57
Pre-Run: 60,154,654,720 bytes free
Post-Run: 60,154,974,208 bytes free
150 --- E O F --- 2008-09-12 08:01