Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.142 [GMT -5:00]
Running from: c:\documents and settings\Bill Gray\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-17 22:29 . 2009-05-17 22:29 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-17 18:13 . 2009-05-18 22:13 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-17 01:21 . 2009-05-17 01:21 -------- d-----w C:\581c0567798670f750
2009-05-17 01:19 . 2009-05-18 22:44 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-16 16:14 . 2008-10-16 19:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-16 11:39 . 2009-05-16 11:39 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-16 11:13 . 2009-05-17 01:21 -------- d-----w c:\windows\system32\XPSViewer
2009-05-16 11:13 . 2009-05-16 11:13 -------- d-----w c:\program files\MSBuild
2009-05-16 11:12 . 2009-05-16 11:12 -------- d-----w c:\program files\Reference Assemblies
2009-05-16 11:11 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-16 11:11 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-16 11:11 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-16 11:11 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-16 11:11 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-16 11:11 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-16 11:11 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-16 10:58 . 2009-05-17 01:20 -------- dc-h--w c:\windows\ie8
2009-05-16 10:53 . 2009-05-17 01:20 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-15 22:31 . 2009-05-17 01:19 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-14 19:52 . 2009-05-14 19:52 190 ----a-w c:\documents and settings\Bill Gray\Application Data\asd.bat
2009-05-14 01:07 . 2009-05-14 01:07 1097728 ----a-w c:\documents and settings\Bill Gray\Application Data\winav.exe
2009-04-28 12:27 . 2009-04-28 12:27 -------- d-----w c:\documents and settings\JUSTIN\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 01:19 . 2008-12-18 13:39 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-16 11:35 . 2005-07-20 03:48 49432 -c--a-w c:\documents and settings\Bill Gray\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 20:30 . 2008-12-20 01:26 -------- d-----w c:\program files\Viewpoint
2009-04-29 11:45 . 2006-04-19 16:19 49432 -c--a-w c:\documents and settings\JUSTIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 00:42 . 2004-08-19 21:16 -------- d-----w c:\program files\GemMaster
2009-03-08 09:34 . 2004-08-19 20:49 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-19 20:49 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-19 20:49 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-19 20:49 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-19 20:49 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-19 20:49 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-19 20:49 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-19 20:49 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-19 20:49 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-19 20:49 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-19 20:49 284160 ----a-w c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-12-08 3096576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-15 1830128]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVScan"="c:\documents and settings\Bill Gray\Application Data\winav.exe" [2009-05-14 1097728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-06-02 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-02-03 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-26 155648]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1169669105\ee\AOLSoftware.exe" [2006-09-26 50736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-6-1 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-1 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak EasyShare software\bin\EasyShare.exe [2005-6-2 151552]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-15 01:16 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1169669105\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 55024]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 3:48 PM 602392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {0A50726E-51A2-42BB-8392-98F050C40A10} - hxxp://aol.skilljam.com/ssp/SkillJamLoader.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 20:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-05-19 20:23
ComboFix-quarantined-files.txt 2009-05-19 01:22
ComboFix2.txt 2009-05-19 00:39
ComboFix3.txt 2009-05-19 00:20
ComboFix4.txt 2008-12-18 18:42
Pre-Run: 12,006,719,488 bytes free
Post-Run: 11,975,327,744 bytes free
171 --- E O F --- 2009-05-15 00:53
Sign In
Create Account
