Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.499 [GMT -5:00]
Running from: c:\documents and settings\Julie\Desktop\mytool.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-19 21:59 . 2011-05-19 21:59 -------- d-----w- C:\mytool
2011-05-17 14:49 . 2011-05-17 14:49 -------- d-----w- c:\documents and settings\Julie\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-17 14:23 . 2011-05-17 14:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-17 14:22 . 2011-05-17 14:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-17 14:10 . 2011-05-17 14:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-13 18:48 . 2011-05-13 19:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 19:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-13 18:43 . 2011-05-13 18:52 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\Temp
2011-05-13 18:43 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-13 18:43 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-13 18:43 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-13 18:43 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-13 18:43 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-13 18:43 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-13 18:43 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-13 18:43 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-05-13 18:43 . 2011-05-13 18:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-05-13 18:42 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-13 18:42 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\program files\AVAST Software
2011-05-13 18:42 . 2011-05-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-13 15:20 . 2011-05-13 15:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-11 19:36 . 2011-05-21 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-09 17:31 . 2011-05-09 17:31 1409 ----a-w- c:\windows\QTFont.for
2011-05-07 15:00 . 2011-05-07 15:00 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2011-05-07 14:59 . 2011-05-07 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-07 14:59 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 14:59 . 2011-05-07 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-07 14:59 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 19:29 . 2011-05-06 19:29 -------- d-----w- c:\program files\AVG
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-05-05 22:11 . 2011-05-05 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-05 20:48 . 2011-05-05 20:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-05-05 17:01 . 2011-05-05 17:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-17 14:27 . 2005-08-16 09:18 26112 ----a-w- c:\windows\system32\userinit.exe
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ------w- c:\windows\system32\html.iec
.
<pre> c:\program files\AVG\AVG10\avgtray .exe c:\program files\Dell Support Center\bin\sprtcmd .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\ScanSoft\PaperPort\IndexSearch .exe c:\program files\ScanSoft\PaperPort\pptd40nt .exe </pre>.
((((((((((((((((((((((((((((( SnapShot@2011-05-19_16.12.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-21 04:04 . 2011-05-21 04:04 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe" [2005-09-13 102400]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
logon.cmd [2007-7-12 78]
QuickBooks Remote Access.LNK - c:\windows\DOWNLO~1\MyWebEx\319\raagtx.exe [2009-3-9 38200]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell\\Dell Laser MFP 1815\\NetworkScan\\DNSCST.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SN0XNJR.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/13/2011 1:43 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2011 1:43 PM 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2011 1:43 PM 19544]
R2 atnthost;WebEx Remote Access Agent;c:\windows\DOWNLO~1\MyWebEx\319\atnthost.exe [3/9/2009 5:35 PM 16792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2011 1:43 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUC2C1~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 18:43]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.keloland.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-20 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,a9,c0,e3,89,8e,94,48,91,24,01,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{20182402-24ED-DBEE-0C047CC941A92C12}\{18337038-91FA-1511-718667CAE01F35A0}\{7E9CBDE1-C583-B4C7-27A5326796C918BF}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{286D4131-3821-6CBF-08770360589374C2}\{48BEB065-0DEC-1314-6E019AD5B66531AE}\{E2D4EA90-E228-BF00-D20DE2AD05099BA2}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,57,54,30,
51,70,f6,93,b4,f8,df,3c,dd,68,a3,d9,2a,dc,cf,1b,c4,1f,0f,5e,a4,db,28,03,33,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9807A10-4727-9AC7-5739BD03864C7141}\{F4D35AF9-854F-CCC6-B4221006081D3FF5}\{1DA5733C-531E-5F12-5A70B13F4DD5DE9D}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-20 23:34:32
ComboFix-quarantined-files.txt 2011-05-21 04:34
ComboFix2.txt 2011-05-19 22:18
ComboFix3.txt 2011-05-19 16:17
ComboFix4.txt 2011-01-12 22:33
.
Pre-Run: 78,297,206,784 bytes free
Post-Run: 78,274,887,680 bytes free
.
- - End Of File - - 5FE0EF98ABE38487690B72D1C290B83B