ComboFix 09-10-13.01 - HP_Owner 10/13/2009 22:27.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.117 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\My Documents\a1b1.exe
AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Shared
.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.
2009-10-13 19:21 . 2009-10-13 19:21 -------- d-----w- c:\windows\LastGood
2009-10-06 17:16 . 2009-10-06 17:16 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-10-06 17:16 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 17:16 . 2009-10-06 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 17:16 . 2009-10-06 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 17:16 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 04:24 . 2009-10-06 04:24 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\NOS
2009-10-05 22:51 . 2009-10-05 22:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\BitDefender
2009-10-05 21:56 . 2009-10-05 21:56 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-05 16:30 . 2009-10-05 16:30 -------- d-----w- C:\92b8d7da8ac3017544136e
2009-10-05 16:29 . 2009-10-05 17:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-05 16:29 . 2009-10-05 16:29 -------- d-----w- c:\windows\system32\LogFiles
2009-10-04 05:58 . 2009-10-04 05:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-30 00:52 . 2009-09-30 22:15 471328 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-30 00:52 . 2009-09-30 22:15 30752 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-30 00:39 . 2009-09-30 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-09-30 00:38 . 2009-09-30 00:38 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 00:53 . 2008-06-23 22:49 -------- d-----w- c:\program files\interMute
2009-10-06 04:23 . 2009-08-12 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-05 23:09 . 2008-06-29 23:01 -------- d-----w- c:\program files\Spyware Terminator
2009-10-05 23:04 . 2009-06-11 23:06 -------- d-----w- c:\program files\Oberon Media
2009-10-05 00:58 . 2005-01-12 00:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-04 15:09 . 2008-06-29 23:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Spyware Terminator
2009-10-04 05:38 . 2009-08-12 17:10 -------- d-----w- c:\program files\NOS
2009-10-04 03:13 . 2004-08-12 02:36 -------- d-----w- c:\program files\Java
2009-10-04 02:55 . 2009-07-01 14:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 22:15 . 2009-09-30 00:52 3908 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-30 22:15 . 2009-09-30 00:52 7388 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-30 12:09 . 2004-08-12 04:27 -------- d-----w- c:\program files\Easy Internet signup
2009-09-11 00:16 . 2008-02-16 00:00 -------- d-----w- c:\program files\Lx_cats
2009-09-08 23:45 . 2008-06-30 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-08 23:43 . 2009-09-08 23:43 -------- d-----w- c:\program files\Crawler
2009-08-24 02:47 . 2009-08-24 02:47 -------- d-----w- c:\program files\Microsoft
2009-08-23 17:16 . 2009-08-23 17:15 -------- d-----w- c:\program files\CCleaner
2009-08-18 20:14 . 2007-10-31 03:12 45432 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 15:22 . 2004-08-12 04:04 -------- d-----w- c:\program files\Common Files\L&H
2009-08-16 15:19 . 2004-08-12 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 15:19 . 2004-08-12 04:25 -------- d---a-w- c:\program files\PC-Doctor for Windows
2009-08-16 15:16 . 2009-07-07 00:25 -------- d-----w- c:\program files\Windows Live
2009-08-06 23:24 . 2004-09-20 02:21 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-09-20 02:21 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-09-20 02:21 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-09-20 02:21 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-09-20 03:11 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-09-20 02:21 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-07-07 19:44 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2009-07-07 19:44 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2004-09-20 02:21 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-09-20 02:19 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 20:33 . 2009-08-23 17:17 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-17 19:01 . 2004-09-20 03:11 58880 ----a-w- c:\windows\system32\atl.dll
2007-05-17 00:52 . 2007-05-17 00:52 774144 ----a-w- c:\program files\RngInterstitial.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-10-06_03.30.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 00:59 . 2009-10-06 17:05 52764 c:\windows\system32\perfc009.dat
+ 2009-10-06 04:24 . 2009-10-06 04:24 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-12 00:59 . 2009-10-06 17:05 380350 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-12 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-22 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"USRpdA"="c:\windows\SYSTEM32\USRmlnkA.exe" [2004-08-04 77891]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-12 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-12 16423]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/19/2004 10:19 PM 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktopmSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktopuInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} -
hxxp://lads.myspace.com/upload/MySpaceUploader2.cabDPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -
hxxp://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-13 22:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4196632007-4185411347-1678400071-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-14 22:47
ComboFix-quarantined-files.txt 2009-10-14 02:47
ComboFix2.txt 2009-10-06 03:36
Pre-Run: 14,802,661,376 bytes free
Post-Run: 14,921,007,104 bytes free
178 --- E O F --- 2009-10-13 07:01