Hi, I will be posting my logs here. First I noticed when I ran GMER again it found a catchme.sys when I ran agian it disappeared but it is in my registry as "swearware" and "legacy_catchme" i read this is a keylogger should I delete out of registry? I could not find the system file..... none of the other software I ran found this....
ComboFix 09-07-14.08 - Suil 07/17/2009 22:40.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1431 [GMT -4:00]
Running from: c:\documents and settings\Suil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Suil\Desktop\CFscript.txt
AV: EMBARQ® Online Security 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EMBARQ® Online Security 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\f821.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.
2009-07-17 17:38 . 2009-07-17 19:22 117760 ----a-w- c:\documents and settings\Suil\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-17 17:37 . 2009-07-17 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-17 17:37 . 2009-07-17 17:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-17 17:37 . 2009-07-17 17:37 -------- d-----w- c:\documents and settings\Suil\Application Data\SUPERAntiSpyware.com
2009-07-17 17:00 . 2009-07-17 17:00 -------- d-----w- c:\program files\CCleaner
2009-07-17 00:02 . 2009-07-17 00:02 -------- d-----w- c:\program files\Alwil Software
2009-07-16 19:56 . 2009-07-16 19:56 -------- d-----w- c:\documents and settings\Suil\Application Data\ImgBurn
2009-07-16 19:50 . 2009-07-16 19:50 -------- d-----w- c:\program files\ImgBurn
2009-07-16 14:17 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-16 14:17 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-16 14:15 . 2009-02-06 09:49 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-16 14:15 . 2009-02-06 09:49 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-16 02:44 . 2009-07-16 02:44 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-16 00:09 . 2009-07-16 00:27 -------- d-----w- C:\UBCD4Win
2009-07-15 21:02 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-15 20:29 . 2009-07-15 20:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 20:28 . 2009-07-15 20:28 152576 ----a-w- c:\documents and settings\Suil\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-15 19:30 . 2009-07-15 19:30 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-15 17:29 . 2004-08-04 10:00 456704 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2009-07-15 17:28 . 2004-08-04 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-07-15 17:27 . 2004-08-04 10:00 829440 -c--a-w- c:\windows\system32\dllcache\inetmgr.dll
2009-07-15 17:24 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-15 17:08 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-15 17:08 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-15 17:08 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-15 17:08 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-15 17:08 . 2009-07-15 17:08 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-07-15 12:54 . 2009-07-15 12:54 -------- d-----w- c:\windows\dell
2009-07-14 19:35 . 2009-07-14 19:35 -------- d-----w- c:\program files\Windows Resource Kits
2009-07-14 18:09 . 2009-07-14 18:09 -------- d-sh--w- c:\documents and settings\Suil\PrivacIE
2009-07-14 18:05 . 2009-07-14 18:05 -------- d-sh--w- c:\documents and settings\Suil\IETldCache
2009-07-14 18:04 . 2009-07-14 18:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-14 18:03 . 2009-07-14 18:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-14 18:01 . 2009-07-14 18:01 -------- d-----w- c:\windows\ie8updates
2009-07-14 17:59 . 2009-07-14 18:00 -------- dc-h--w- c:\windows\ie8
2009-07-13 00:22 . 2009-07-13 00:22 -------- d-----w- c:\documents and settings\Suil\Application Data\Apple Computer
2009-07-12 23:52 . 2009-07-12 23:52 -------- d-----w- c:\program files\Trend Micro
2009-07-12 00:29 . 2009-07-12 00:29 -------- d-----w- c:\documents and settings\Suil\Application Data\Malwarebytes
2009-07-12 00:29 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 00:29 . 2009-07-15 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 00:29 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 00:29 . 2009-07-12 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 01:26 . 2009-07-11 01:26 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-09 00:00 . 2009-07-09 00:01 -------- d-----w- c:\program files\QuickTime
2009-07-09 00:00 . 2009-07-09 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-09 00:00 . 2009-07-09 00:00 -------- d-----w- c:\documents and settings\Suil\Local Settings\Application Data\Apple
2009-07-08 23:59 . 2009-07-09 00:00 -------- d-----w- c:\program files\Apple Software Update
2009-07-08 23:59 . 2009-07-08 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-08 23:59 . 2009-07-08 23:59 -------- d-----w- c:\documents and settings\Suil\Local Settings\Application Data\Apple Computer
2009-06-29 21:10 . 2009-06-29 21:10 -------- d-----w- c:\program files\IKEA HomePlanner
2009-06-29 21:10 . 2009-07-17 17:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-23 12:14 . 2009-06-23 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-06-23 12:14 . 2009-06-23 12:14 -------- d-----w- c:\documents and settings\Suil\Application Data\HPAppData
2009-06-23 12:11 . 2009-06-23 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-23 12:07 . 2009-07-09 13:46 145901 ----a-w- c:\windows\hpoins21.dat
2009-06-23 12:07 . 2007-09-05 18:26 8138 ----a-w- c:\windows\hpomdl21.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 02:05 . 2008-09-15 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-17 20:59 . 2009-06-05 16:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-07-17 19:35 . 2006-05-30 20:23 -------- d-----w- c:\program files\Java
2009-07-17 16:47 . 2008-11-14 22:09 -------- d-----w- c:\program files\Embarq Online Security 8
2009-07-17 02:28 . 2006-06-04 16:29 204744 ----a-w- c:\documents and settings\Suil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 02:44 . 2006-05-30 20:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 19:21 . 2006-06-07 22:14 302 ----a-w- c:\windows\system32\wacom.dat
2009-07-15 17:23 . 2004-08-11 22:12 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-11 00:58 . 2006-06-14 20:25 163712 ----a-w- c:\windows\system32\drivers\vidstub.*censored*
2009-07-08 13:44 . 2008-11-14 22:21 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-23 12:14 . 2006-10-15 23:19 -------- d-----w- c:\program files\HP
2009-06-23 00:57 . 2006-10-15 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-16 14:55 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 14:55 . 2009-06-11 14:56 25784 ----a-w- c:\windows\Fonts\ROTORCAP.TTF
2009-06-11 14:43 . 2009-06-11 14:44 37388 ----a-w- c:\windows\Fonts\visitor2.ttf
2009-06-11 14:43 . 2009-06-11 14:44 3520 ----a-w- c:\windows\Fonts\VISITOR.FON
2009-06-11 14:43 . 2009-06-11 14:44 3856 ----a-w- c:\windows\Fonts\mints-strong.fon
2009-06-11 14:39 . 2009-06-11 14:40 256880 ----a-w- c:\windows\Fonts\Calibribold.ttf
2009-06-11 14:39 . 2009-06-11 14:40 367620 ----a-w- c:\windows\Fonts\CalibriIz.TTF
2009-06-11 14:39 . 2009-06-11 14:40 36648 ----a-w- c:\windows\Fonts\MARKEN__.TTF
2009-06-11 14:39 . 2009-06-11 14:40 36552 ----a-w- c:\windows\Fonts\MARKEN__CAPS.ttf
2009-06-11 14:35 . 2009-06-11 14:36 52680 ----a-w- c:\windows\Fonts\STAN0757CAPS.TTF
2009-06-11 14:35 . 2009-06-11 14:36 316876 ----a-w- c:\windows\Fonts\arialcaps.ttf
2009-06-11 02:44 . 2009-06-11 02:45 46596 ----a-w- c:\windows\Fonts\Arial Special G1 Caps.ttf
2009-06-11 02:12 . 2009-06-11 02:13 71132 ----a-w- c:\windows\Fonts\ITC Avant Garde Gothic LT Bold.ttf
2009-06-11 02:12 . 2009-06-11 02:13 70040 ----a-w- c:\windows\Fonts\ITC Avant Garde Gothic LT Medium.ttf
2009-06-11 02:12 . 2009-06-11 02:13 6928 ----a-w- c:\windows\Fonts\HaxrCorp 4088.fon
2009-06-11 02:12 . 2009-06-11 02:13 64396 ----a-w- c:\windows\Fonts\ITC Avant Garde Gothic LT Medium Caps.ttf
2009-06-11 02:12 . 2009-06-11 02:13 4240 ----a-w- c:\windows\Fonts\HaxrCorp Caps.FON
2009-06-11 02:12 . 2009-06-11 02:13 254296 ----a-w- c:\windows\Fonts\calibri.ttf
2009-06-11 02:03 . 2009-06-11 02:03 -------- d-----w- c:\program files\Free RAR Extract Frog
2009-06-07 03:15 . 2009-06-07 03:15 47792 ----a-w- c:\windows\Fonts\HOOG0554.TTF
2009-06-07 02:52 . 2009-06-07 02:53 46368 ----a-w- c:\windows\Fonts\Kroe0555caps.ttf
2009-06-07 02:52 . 2009-06-07 02:53 3952 ----a-w- c:\windows\Fonts\Kroeger0.fon
2009-06-07 02:52 . 2009-06-07 02:53 22464 ----a-w- c:\windows\Fonts\pf_tempesta_seven_extended.ttf
2009-06-07 02:52 . 2009-06-07 02:53 22176 ----a-w- c:\windows\Fonts\pf_tempesta_seven.ttf
2009-06-07 02:52 . 2009-06-07 02:53 22160 ----a-w- c:\windows\Fonts\pf_tempesta_seven_extended_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53 21780 ----a-w- c:\windows\Fonts\pf_tempesta_seven_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53 21616 ----a-w- c:\windows\Fonts\pf_tempesta_seven_condensed.ttf
2009-06-07 02:52 . 2009-06-07 02:53 21160 ----a-w- c:\windows\Fonts\pf_tempesta_seven_condensed_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53 20796 ----a-w- c:\windows\Fonts\pf_tempesta_seven_compressed_bold.ttf
2009-06-07 02:52 . 2009-06-07 02:53 20396 ----a-w- c:\windows\Fonts\pf_tempesta_seven_compressed.ttf
2009-06-07 02:37 . 2009-06-07 02:38 48080 ----a-w- c:\windows\Fonts\KROE0555.TTF
2009-06-07 02:37 . 2009-06-07 02:38 365264 ----a-w- c:\windows\Fonts\Segoe UI .ttf
2009-06-07 02:37 . 2009-06-07 02:38 12056 ----a-w- c:\windows\Fonts\Blank.ttf
2009-06-05 16:13 . 2009-06-05 16:13 -------- d-----w- c:\documents and settings\Suil\Application Data\Thunderbird
2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:44 . 2004-08-04 10:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2006-03-04 03:33 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-15 14:37 . 2008-09-17 21:10 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-06-05 22:05 . 2006-06-05 22:05 56 --sha-r- c:\windows\system32\0E1A64F2CB.sys
2006-06-05 22:05 . 2006-06-05 22:05 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-17_02.09.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-18 02:46 . 2009-07-18 02:46 16384 c:\windows\temp\Perflib_Perfdata_5ec.dat
+ 2009-07-17 17:37 . 2009-07-17 17:37 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-07-17 17:37 . 2009-07-17 17:37 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2004-08-11 22:13 . 2009-07-17 14:59 4922 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-07-17 17:37 . 2009-07-17 17:37 1516544 c:\windows\Installer\a19965.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-16 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"F-Secure Manager"="c:\program files\Embarq Online Security 8\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\Embarq Online Security 8\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-4 98304]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-4 98304]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-30 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TabletService"=2 (0x2)
"stllssvr"=3 (0x3)
"gusvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/14/2008 6:21 PM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/14/2008 6:10 PM 79904]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Embarq Online Security 8\HIPS\drivers\fshs.sys [11/14/2008 6:10 PM 66720]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [7/22/2006 10:40 AM 8192]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Embarq Online Security 8\Anti-Virus\minifilter\fsgk.sys [11/14/2008 6:09 PM 99960]
S2 BootScreen;BootScreen;c:\windows\system32\drivers\vidstub.sys --> c:\windows\system32\drivers\vidstub.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Embarq Online Security 8\ORSP Client\fsorsp.exe [11/14/2008 6:10 PM 55904]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/13/2008 5:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/13/2008 5:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [11/13/2008 5:49 PM 23680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 VirtualDK;VirtualDK;\??\c:\ubcd4win\vdk.sys --> c:\ubcd4win\vdk.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Embarq Online Security 8\Anti-Virus\win2k\fsfilter.sys [11/14/2008 6:09 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Embarq Online Security 8\Anti-Virus\win2k\fsrec.sys [11/14/2008 6:09 PM 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-14 03:06]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{d51d388b-f5dc-471a-a1ce-5e2d671091c0} - (no file)
BHO-{d51d388b-f5dc-471a-a1ce-5e2d671091c0} - (no file)
Toolbar-{d51d388b-f5dc-471a-a1ce-5e2d671091c0} - (no file)
WebBrowser-{D51D388B-F5DC-471A-A1CE-5E2D671091C0} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT1978305
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 127.0.0.1:8100
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Embarq Online Security 8\FSPS\program\fslsp.dll
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Suil\Application Data\Mozilla\Firefox\Profiles\9lqkiec1.Default User\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?continue=http://www.google.com/ig&followup=http://www.google.com/ig&service=ig&passive=true&cd=US&hl=en&nui=1<mpl=default
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-17 22:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\Æ 3*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Embarq Online Security 8\FWES\Program\fsdc32.dll
- - - - - - - > 'lsass.exe'(576)
c:\program files\Embarq Online Security 8\FSPS\program\fslsp.dll
c:\program files\Embarq Online Security 8\FWES\Program\fsdc32.dll
- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(492)
c:\program files\Embarq Online Security 8\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Embarq Online Security 8\Anti-Virus\fsgk32st.exe
c:\program files\Embarq Online Security 8\Common\FSMA32.EXE
c:\program files\Embarq Online Security 8\Anti-Virus\fsgk32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\pvsw\bin\w3dbsmgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Embarq Online Security 8\Anti-Virus\fssm32.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Embarq Online Security 8\Common\FSLAUNCH.EXE
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-07-18 22:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 02:52
ComboFix2.txt 2009-07-17 02:11
Pre-Run: 10,743,201,792 bytes free
Post-Run: 10,722,295,808 bytes free
449 --- E O F --- 2009-07-16 14:41