ComboFix 10-09-29.01 - Denise 09/29/2010 15:43:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.595 [GMT -7:00]
Running from: c:\documents and settings\Denise\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.
2010-09-28 21:22 . 2010-09-28 21:22 63488 ----a-w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-28 21:22 . 2010-09-28 21:22 52224 ----a-w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-28 21:22 . 2010-09-28 21:22 117760 ----a-w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-28 21:22 . 2010-09-28 21:22 -------- d-----w- c:\documents and settings\Denise\Application Data\SUPERAntiSpyware.com
2010-09-28 21:22 . 2010-09-28 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-27 20:03 . 2010-09-29 22:15 -------- d-----w- c:\program files\Sophos
2010-09-27 02:17 . 2010-09-27 02:17 -------- d-----w- C:\_OTL
2010-09-23 21:21 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 21:21 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-23 01:49 . 2010-09-23 01:49 -------- d-----w- c:\program files\ERUNT
2010-09-22 22:53 . 2010-09-22 22:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 22:31 . 2008-05-07 23:28 -------- d-----w- c:\program files\Trimble
2010-09-29 22:31 . 2006-04-28 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-29 22:30 . 2006-05-03 18:50 37144 ----a-w- c:\documents and settings\Denise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 22:29 . 2007-12-08 03:14 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-29 22:26 . 2006-04-28 22:00 -------- d-----w- c:\program files\Java
2010-09-29 22:21 . 2006-04-28 22:14 -------- d-----w- c:\program files\Common Files\Real
2010-09-29 22:17 . 2008-08-08 01:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-29 22:17 . 2008-08-08 01:29 -------- d-----w- c:\program files\PC Tools Internet Security
2010-09-29 22:14 . 2007-12-08 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 22:09 . 2008-08-08 18:03 -------- d-----w- c:\program files\Browser Defender
2010-09-29 22:04 . 2006-07-29 22:14 -------- d-----w- c:\documents and settings\Denise\Application Data\Lavasoft
2010-09-29 17:38 . 2006-05-03 15:42 38720 ----a-w- c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 04:23 . 2008-05-26 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-27 02:39 . 2008-07-31 17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 16:54 . 2010-08-10 16:54 7406 ----a-r- c:\documents and settings\Denise\Application Data\Microsoft\Installer\{34545DDC-850D-4636-ACAC-A7BAD2280A13}\ARPPRODUCTICON.exe
2010-08-10 16:40 . 2010-08-10 16:40 -------- d-----w- c:\program files\DreamCatcher
2010-08-01 17:57 . 2006-05-03 23:22 -------- d-----w- c:\program files\Google
2006-05-13 00:48 . 2006-05-02 21:02 88 --sh--r- c:\windows\system32\E08F8332E2.sys
2007-07-04 00:49 . 2006-05-03 17:23 56 --sh--r- c:\windows\system32\E232838FE0.sys
2007-07-04 00:49 . 2006-05-02 21:02 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-09-27_22.35.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-16 09:27 . 2010-09-29 22:35 169096 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Denise\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-11 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-28 98304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-28 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 Leica HDS Server;Leica HDS Server;c:\program files\Leica Geosystems\Cyclone\ptserv32.exe [5/16/2008 9:25 AM 577655]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [3/21/2008 1:20 AM 327800]
S2 CycloneLicenseServer;Cyclone License Server;c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe [5/16/2008 9:25 AM 1339392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2010 10:58 AM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\37.tmp --> c:\windows\system32\37.tmp [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-26 14:20]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 17:57]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 17:57]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3197684258-2729217608-2040274190-1006Core.job
- c:\documents and settings\Denise\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 03:42]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3197684258-2729217608-2040274190-1006UA.job
- c:\documents and settings\Denise\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 03:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-issetup - c:\documents and settings\Denise\Desktop\issetup.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-29 15:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\37.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1620)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-29 15:50:39
ComboFix-quarantined-files.txt 2010-09-29 22:50
ComboFix2.txt 2010-09-27 22:39
Pre-Run: 34,807,111,680 bytes free
Post-Run: 34,783,948,800 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - A0EE2DD42428973249B8EC2A8722F72D